Getting Started with Account Setup
Last updated
Last updated
This section helps you learn about configuring your account as an administrator, securing user access, and planning usage - as well as tracking account activities.
Every ThousandEyes user belongs to an organization, which represents the customer's billing entity. Any licenses you purchase apply to your entire organization and are shared by account groups. An account group is an entity internal to your organization that divides it into functional groups. For detailed information about account groups, see .
Account groups divide users, tests, agents, dashboards, alert rules, and many other elements of the ThousandEyes platform. Account groups are a way to create an independent instance within an organization, for security or functional purposes.
For example, Organization A can be divided into account groups for IT, NetOps, and DevOps. Each department uses the ThousandEyes platform within their own account group. While billing is shared, the users in one account group cannot access other account groups' data (unless it is specifically shared across account groups).
A user can belong to multiple account groups and can switch between them without re-authentication. In the example below, "Super User" has access to three account groups in the "ThousandEyes Internal" organization, and is currently logged into the “Engineering” account group:
It's best to plan in advance how you will use account groups based on your corporate structure. There is no limit on the number of account groups you can add.
To create account groups in the ThousandEyes platform, go to Manage > Account Settings > Users and Roles > Account Groups.
The built-in roles are Organization Admin, Account Admin, and Regular User:
The Organization Admin role has full permissions including managing usage, users, and account groups. We suggest reserving this role for a limited number of administrators who are fully trained in ThousandEyes account setup.
The Regular User role is for read-only-access users, and carries no administrative permissions.
Users who need an access level between Organization Admin and Regular User can hold the Account Admin role.
When you create a new role, you can use it in any account group within the organization. While users with the Organization Admin role automatically have access to all account groups, non-Organization Admin users must be assigned a role for each account group they belong to.
To create a custom role, go to Manage > Account Settings > Users and Roles > Roles. Keep in mind the following guidelines:
Reducing login to one set of credentials improves enterprise security. ThousandEyes supports SAML 2.0-based single sign-on (SSO) so you can follow your organization's security policies. Before you invest time in manually provisioning new users, we suggest that you check whether your directory service supports SAML 2.0 and SCIM provisioning.
In addition, with any identity provider (IdP) that supports System for Cross-domain Identity Management (SCIM) provisioning, user accounts can be auto-provisioned via your IdP. Manually provisioning and deprovisioning user accounts for every SaaS application costs your IT team enormous time and effort. A common security issue is terminated users who can continue to use a SaaS application using the same password. You can avoid these issues by using SCIM auto-deprovisioning users' accounts when their access is removed from the IdP. In addition, ThousandEyes will automatically benefit from enhanced security, like multifactor authentication (MFA) that the IdP provides.
Duo
Microsoft Azure Active Directory
Microsoft Active Directory Federation Services
PingOne
Okta
Google Workspace
OneLogin
miniOrange
To start setting up SSO, go to Manage > Account Settings > Organization Settings > Security and Authentication.
Before you save your SSO configuration, use the Run Single Sign-On Test button to test it. Make sure the test passes before you save the configuration; otherwise, it will impact existing users' ability to log in.
ThousandEyes customers commit to an annual contract that can include the following forms of subscription:
Units for Cloud and Enterprise Agent tests
Endpoint Agent licenses
Internet Insights packages
You can view your subscriptions at Manage > Account Settings > Usage and Billing.
The Plan Usage section shows your monthly subscription status, including:
Billing period (the date when monthly usage is reset)
Usage included in your plan
Units and licenses used to date
For units, the projected usage by the end of the billing cycle
In the above customer’s example, their billing cycle begins on the 14th of every month, and their usage is not exceeding the limit at this point, especially for units. As unused units do not roll over from month to month, we would suggest that this customer should add tests to consume more units.
Units are calculated based on the test's type, interval, and timeout, and on the number and type of ThousandEyes agents running the test. As a SaaS solution, ThousandEyes provides a usage-based consumption model, which means that every running test uses units.
You can break usage down by account group, test type, or individual test. The Used versus Projected labels can provide easy guidance about which account group, test type, or individual test consumes the most units, and whether your current usage will exceed the set limit by the end of the billing cycle.
As ThousandEyes admins, you aim to keep your organization's usage below the monthly allowance. ThousandEyes offers three ways to help you prevent overages:
To avoid unexpected unit consumption, we highly recommend you run the calculator when you change existing test settings or create new tests.
Set a usage quota on account groups. For every account group, you can set a usage quota to guard against unwanted overages. Quotas can be set by percent of your total plan or by number of units.
To create a usage quota, go to Manage > Account Settings > Usage and Billing > Quotas.
When the projected units in the current billing cycle exceed the quota, users see a warning message and are prevented from saving test configurations that consume more units. For times when you need to run more tests, we recommend you expand your unit capacity.
Set up usage alerts.
To remain within your contracted usage, we recommend the following:
Make sure your test's intervals, agents, and timeouts match your business needs.
Don’t add use cases without also adding adding capacity.
Use the calculator before making changes.
ThousandEyes offers a live platform shared by multiple concurrent users. There is no version-control method that allows administrators to revert a user's configuration changes to a previous point in time. Every save action is final, so should be made with due consideration.
When you add new users to the platform, you must assign each one to an account group and a role. The ThousandEyes platform provides a , in which users' roles determine what they can do within the platform. The administrator can opt for the default, built-in roles, or can create custom roles.
For detailed information on these built-in roles, see .
Alternatively, you can build a custom role by selecting the desired .
Follow the and limit the user's access to only the specific functions they need to perform their job.
Reserve for administrators only.
Make sure every user can view for collaboration.
If you plan to use , the Login via Single Sign-On permission is required.
Consider who should view or edit the .
If you plan to create or use , including , the accounts for those services must have API access.
We highly recommend you consider enabling (or forcing, for added security) SSO before onboarding any users. To make setup easier, we provide for the major IdPs, listed below, as well as an overview and links to their IdP-side configuration instructions:
If your system supports loading XML metadata, we recommend using ThousandEyes metadata, which can be downloaded from for your service provider configuration. For IdP configuration, we support static configuration, metadata import, as well as dynamic configuration that parses the IdP’s public URL.
For details on usage-based consumption, see .
Overages: This section does not apply to customers who have overages enabled. For more information about overages, see .
Use the calculator to estimate unit consumption. The automatically pulls your organization's current test settings and calculates the monthly total. It allows you to overwrite tests' interval, timeout, number of agents, and the number of tests as you calculate usage.
For more information about using the calculator, see .
For more information about setting quotas, see .
You can configure alert rules so that you receive a notification when your organization's projected or actual usage exceeds certain levels. For detailed information about usage alerting, see .
Instead, we offer the that exposes UI actions made by all users. For each action, the log provides details of the account group, user, component, and a description. You can download the logs for up to two years' activity, for audit purposes.
In addition to its uses for transaction details, you can use the activity log to measure the adoption of the ThousandEyes platform in your organization. For example, the activity log shows which users you have added to the platform have then activated their accounts. To view the activity log, go to Manage > Account Settings > Activity Log. For detailed information, see .
