Skip to main content
The Netgraph Connectivity Platform object model is small. Five concepts cover everything.

The picture

Netgraph Connectivity Platform

├── Users
│   Platform-level identities. One User can hold roles in one
│   or more Organizations.

└── Organizations
    ├── Administrators — Users with role bindings in this Organization.
    ├── Organization-level config
    │   Common Settings, SAML authentication, Audit Log, Webhooks.
    └── Service Contexts
        ├── Sign-In Context       — runs Sign In
        ├── EntryPoint Context    — runs EntryPoint
        ├── Meraki WPN Context    — runs EasyPSK for Cisco Networks
        └── Cisco ISE Context     — runs Endpoint Manager for Cisco ISE

Platform

Netgraph Connectivity Platform is the top of the model. Everything else — every User, every Organization, every Service Context — exists inside it.

User

A User is a platform-level identity. One email per platform. The same User can be bound to one Organization or to several, with potentially different roles in each. Role bindings are per-Organization. A User with Organization-scope access in one Organization does not inherit any visibility or rights in another. See Users and roles.

Organization

An Organization is the customer-level container. It holds every administrator, every Organization-level setting, every Service Context. All day-to-day administration lives inside an Organization. See Organization overview for the Organization-level surfaces and how to operate them.

Service

Netgraph Connectivity Platform has four Services: A Service is the capability; it only becomes operational in an Organization once a Context of that Service is created.

Service Context

A Service Context is one running instance of a Service inside an Organization. An Organization can run zero, one, or many Contexts of a given type — one Sign-In Context per venue, separate EntryPoint Contexts for staging and production, one Meraki WPN Context per Meraki organization, and so on. Each Service Context has its own configuration, its own administrator list, its own audit stream, its own Self-Service portal, and its own integration with whatever network equipment it fronts.

Activity scopes

Administrative activity happens at one of two scopes:
  • Organization-scope — Administrators, SAML authentication, Audit Log, Webhooks, Common Settings, Compliance, and anything shared across every Context in the Organization. See Organization overview.
  • Context-scope — modules, access policies, look-and-feel, vendor integration, Self-Service Users, everything specific to one Service Context. See each Service’s own documentation.
Both scopes use the same role-binding model. A User simply holds Organization-scope roles, Context-scope roles, or both.

Users and roles

Platform-level identity, two role scopes, SAML delegation.

Platform overview

What the platform is, and how your account fits.

Organization overview

The Organization-scope surfaces in depth.

Glossary

Quick definitions for terms used across the documentation.