Setting Up Mixpanel
Each Mixpanel customer is assigned an Organization (opens in a new tab) which serves as the controlling entity for managing all your Mixpanel analytics needs.
- Pricing / Billing Plan (opens in a new tab) - determines data volume limits and features available across all projects in the organization
- Mixpanel Project(s) (opens in a new tab) - container for product's analytics data (events, properties, user profiles, reports, etc.)
- User Account(s) (opens in a new tab) - used to sign into Mixpanel given the appropriate role for organization and project level access
- Other organization settings - teams (opens in a new tab), service accounts (opens in a new tab), access security (SSO/ 2FA) (opens in a new tab), data & privacy (opens in a new tab), etc.
Each Mixpanel organization contains one or more Projects (opens in a new tab) that house events, properties, user profiles, and other reporting metadata that can be created with EU data residency if applicable.
- Timezone (opens in a new tab) - dates (opens in a new tab) (including timestamps) are ingested in UTC and converted to the project’s configured timezone for reporting.
- Access Keys
- Project Token (opens in a new tab) - used solely for ingestion to identify (not authenticate) a project when collecting data in front-end implementations (client-side SDKs or Ingestion API)
- API/Project Secret (opens in a new tab) - legacy authentication for importing and exporting data, Service Accounts are the preferred and should be used where possible as API SDecret will be deprecated over time
- Other project settings - group keys (opens in a new tab), data views (opens in a new tab), service accounts (opens in a new tab), public dashboard (opens in a new tab), sessions (opens in a new tab), etc.
Create at least 2 Mixpanel Projects (Production and Development)
Mixpanel recommends tracking 1 product with multiple platforms (mobile, web, etc.) into one project, but separate projects for development and production (opens in a new tab). There may be factors (opens in a new tab) where implementing separate projects is required, please refer to the Mixpanel Help.
Mixpanel User Accounts
Each Mixpanel user account belongs to an organization and may be assigned with multiple projects with varying permissions / roles.
Organization Role (opens in a new tab) - each user will have a single organization role per organization
- Owner (at least one) - super user for the organization and all projects underneath
- Admin - manage projects, members, and roles in the organization (with certain exceptions (opens in a new tab))
- Billing Admin - primarily for managing Billing Plans
- Member - basic membership for a user to have access to Project(s) and or Team(s)
Project Role (opens in a new tab) - each user can have multiple project roles, where it conflicts permissions are additive (opens in a new tab)
- Owner - super user for the project, default for organization owners
- Admin - manage project (except delete, reset, and security) and members within, default for organization admins
- Analyst - create, save, edit reports + share and make public dashboards (most common role for users)
- Consumer - create, save, edit reports but unable to share or create public dashboards
User Access Management Approach
There are two general approaches to user management in Mixpanel
Using Mixpanel Teams
Mixpanel enables assignment of projects and project roles to groups of users called Teams (opens in a new tab) with the flexibility to also assign such projects and project roles to individual user accounts if required.
Basic User Account Setup
Organization Owners and Admins can assign projects or teams directly to user accounts at the organization level by minimally provisioning them with an organization Membership.
Project Owners and Admins can be created to delegate access provisioning privileges at the project level. A default project role (opens in a new tab) can also be set for All Users in the Organization as a baseline access. Teams are not available at the project level.
Single Sign-On (SSO) and 2FA
Mixpanel provides Single Sign-On (SSO) (opens in a new tab) access to enterprise accounts using either an Identity Provider (IDP) (opens in a new tab) or a custom SAML implementation such as Okta (opens in a new tab) or Microsoft Azure (opens in a new tab).
- Enabling Just in Time (JIT) (opens in a new tab) provisioning using SAML removes the need for organization admins to invite individual users to an organization.
- IDPs (Okta, Onelogin, and Azure) that have auto-provisioning integrations with Mixpanel enables syncing of access provisioning and deprovisioning for users.
- To give provisioned users default access to projects, invite all users in the organization by Setting a Default Role on a Project (opens in a new tab).
Mixpanel also provides Two Factor Authentication (2FA) (opens in a new tab) feature requiring users to provide a security code sent via SMS to their configure mobile number to verify their identity.