Managing teams - Amazon CodeCatalyst

Managing teams

After you create a space, you can add teams. Teams allow you to group users so that they can share permissions and manage projects, issue tracking, roles, and resources in CodeCatalyst.

You must have the Space administrator role to manage teams.

Creating a team

A team can have role permissions, such as Power user, in a space. A team can also have project permissions, such as Project administrator, in a project. Teams can be associated with many projects with different roles for each project. You can manage teams where the team members are either individual users for an AWS Builder ID space or SSO groups for a space that supports identity federation.

On the members page for space and project users, users can have multiple roles. Users with multiple roles will show an indicator when they have multiple roles, and they will be displayed with the role with the most permissions first.

Note

If your space supports identity federation, you must already have your SSO users or your SSO groups set up in IAM Identity Center.

How you manage team members depends on how you will add and remove users. There are two options for managing team members:

  • Adding users directly — You add or remove users individually. For example, you add users to a team by choosing either AWS Builder ID users or SSO users that are already set up in IAM Identity Center. When you choose to manage team members by adding AWS Builder ID users or SSO users directly, the option to use SSO groups will no longer be available.

  • Use SSO groups — You manage team members through SSO groups already set up in IAM Identity Center. When you choose to manage team members by using SSO groups, the option to add users directly will no longer be available.

You must have the Space administrator role to manage teams.

To create a team
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. Choose Create team.

  4. In Team name, enter a descriptive name for your team.

    Note

    The team name must be unique in your space.

    (Optional) In Team description, enter a description for your team.

  5. Under Space role, choose a role from the list of space roles available in CodeCatalyst that you want to assign to the team. The role will be inherited by all members of the team.

  6. In Team membership, choose one of the following to choose the method for adding members to the team.

    • Choose Add members directly to manage users individually. This includes adding AWS Builder ID users for a space or adding SSO users for a space that supports identity federation.

    • Choose Use SSO Groups to choose SSO groups that you have already set up in IAM Identity Center.

      In SSO Groups , choose the box next to the groups that you want to add. You can add up to five SSO groups.

    Note

    You cannot change this later. When you choose to manage team members by adding AWS Builder ID users or SSO users directly, the option to use SSO groups will no longer be available. When you choose to manage team members by using SSO groups, the option to add users directly will no longer be available.

  7. Choose Create.

    Note

    When you choose to use SSO groups, note that the users in the SSO group are not pulled upon creation of the team. The users will need to have signed in to CodeCatalyst before they are visible in the list.

Viewing a team

In CodeCatalyst, you can view the projects and roles for your team. On the members page, you can view project roles and a list of users. For SSO group type teams, you will also be able to see a list of SSO groups associated with the team.

To view a team
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. In Space role, view the role assigned to the team for this space.

  4. On the Project roles tab, view the project and project role assigned to the team for each CodeCatalyst project in the space where the team has been added as a member (for an AWS Builder ID space only).

  5. On the Members tab, view the list of members assigned to the team.

  6. On the SSO Groups tab, view the list of SSO groups assigned to the team (for a space that supports identity federation only).

Managing the space role for a team

A team can have role permissions, such as Power user, in a space. You can change the space role for a team, but note that all members of the team will inherit those permissions.

You must have the Space administrator role to manage teams.

Changing the space role for a team
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. In Actions, choose Change space role. You can change the space role to one of the following. This changes the role for all members of the team.

  4. Choose Save.

Managing a project role for a team

A team in CodeCatalyst is similar to a user in that the team members can have role permissions, such as Project administrator, in a project. A role change will be applied to the team, and all members of the team will inherit those permissions. You can choose one role for each project that will be automatically granted to the team.

You must have the Space administrator role to manage teams.

To add or change a project role
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. Choose the Project roles tab.

  4. To change a role, choose the selector next to the project in this list, and then choose Change role. To add a role, choose Add project role. In Project, choose the project you want to add and in Role, choose the role. Choose one of the available project roles:

  5. Choose Save.

To remove a project role
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. Choose the Project roles tab.

  4. Choose the role you want to remove.

    Important

    Removing a role from a team removes the associated permissions for all users in the team.

  5. Choose Save.

Adding a user to a team directly

You can add team members to your team. When you add a user, the new user will inherit permissions from all existing roles on the team.

Whether your space is set up for AWS Builder ID user support or identity federation, you can set up your space to add users directly.

Note

When your space is set up to manage team members by using SSO groups, the option to use Add users directly is not available. To use SSO groups, see Adding an SSO group to a team.

You must have the Space administrator role to manage teams.

To add a user directly
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. Choose the Members tab.

  4. Choose Add member.

    Note

    Users being added to a team must already be members of a space. You cannot add or invite a team member who is not a member of the space.

  5. Choose a user in the drop-down field, and then choose Save. Choose either AWS Builder ID users or SSO users that are already set up in IAM Identity Center.

Removing a user from a team directly

You can remove team members from your team. All permissions will no longer be inherited by the user. You can add the user back to the team later.

Note

When you remove a team member, the associated permissions will be removed for the user from all projects and resources in the space.

You must have the Space administrator role to manage teams.

To remove a team member
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. Choose the Members tab.

  4. Choose the selector next to the user you want to remove, and then choose Remove.

  5. Enter remove in the input field, and then choose Remove.

Adding an SSO group to a team

If your space is configured as a space with SSO users and groups managed in IAM Identity Center, you can add an SSO group that will join the space as a separate team.

Note

When you choose to manage team members by adding AWS Builder ID users or SSO users directly, the option to use SSO groups is not available. To add users directly, see Adding a user to a team directly.

You must have the Space administrator role to manage teams.

To add an SSO group as a team
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. On the page for your space, choose Teams. Choose the SSO groups tab.

  3. Choose the SSO groups you want to add. You can add up to five SSO groups.

Deleting a team

You can delete a team that you no longer need.

Note

When you delete a team, the associated permissions will be removed for all team members from all projects and resources in the space.

You must have the Space administrator role to manage teams.

Delete a team
  1. Open the CodeCatalyst console at https://codecatalyst.aws/.

  2. Navigate to your space. Choose Settings, and then choose Teams.

  3. In Actions, choose Delete team. This changes the role for the entire team.

  4. Choose Delete.