PCE Organization and Users
A PCE organization is a group of policies and users targeted toward a specific business unit or group, including all the networking security rules and individuals associated with the policy. An organization can contain any number of users, workloads, policy objects (such as rulesets, IP lists, services, and security settings), and labels.
Your Illumio administrator initially sets up organizations. When an organization is created, an email is sent that contains a user login for the organization. When this user logs in, the organization is created, and users can now be invited to join.
RBAC User Roles and Permissions
For information on creating local or external users and assigning PCE permissions to those users, see
Invite Users to Your Organization
As an organization owner, you can invite other users to your organization and assign roles to specify their permissions.
When you invite a user to your organization, they receive an email at the specified address that contains a link for setting up their account. The link in the invitation email is valid only for 7 days, after which it expires. If you invited a user who did not receive their email or did not sign up using that email, you can re-invite them.
External Users and Non-Email Usernames
When you use an external corporate Identity Provider (IdP) to authenticate users with the PCE, but your IdP usernames do not use email addresses, the PCE cannot send email invitations to those users when you add them to the PCE. When you add this type of user, send them a login URL that they can use to set up their Illumio Core accounts and log in to the PCE web console.
Invitation Emails Are Not Sent
When users you invite do not receive their invitation emails, the SMTP server might not be configured correctly with the PCE.
Make sure that your PCE’s IP address is allowed to relay messages and that any anti-spam protection does not block its emails.
Check your PCE's
runtime_env.ymlfile to make sure that thesmtp_relay_addressvalue is correct.