Managing User Licenses and Groups

Objectives

After completing this lesson, you will be able to:

  • Manage Users and Groups

User Licenses and Groups

Before We Start, Let's Review Some Facts about Licenses.

Every user in the system requires a license to access the respective SAP Signavio Process Transformation Suite solution. In the following examples, we look at licenses for SAP Signavio Process Manager and the SAP Signavio Process Collaboration Hub.

Since a license is always bound to a certain user, let's check what happens if users get invited or removed from workspaces.

Product Licenses

Every user needs a license

An administrator must assign at least one license to every user in a workspace. When you invite users via the user management, you select the license you want to assign.

Invited users with existing license

Users with a license for another workspace cannot access your workspace, unless you assign this workspace license to your user.

Removing users and their licenses

Once you remove a user from your workspace, the user's license goes back into the pool and can be assigned to other users.

Two Types of Users

There are two types of users, modeling users, and process viewer.

SAP Signavio Process Manager

By default, every modeling user has access to the complete content in the Share documents folder. To restrict access rights of users, you can assign them to a user group with limited access permissions when you invite them to your Process Manager workspace. 

To restrict access rights based on organizational roles, we recommend setting up a folder structure that reflects the different access right variations. See examples for possible folder structures later in this lesson. Then, create user groups with access rights that are tailored to your organizational requirements. 

SAP Signavio Process Collaboration Hub

These users only have access to diagrams that have been explicitly published to the Collaboration Hub. The way you can manage access rights for the Collaboration Hub users depends on your usage scenario:

If the users authenticate via an Active Directory - or a SAML-based mechanism, you can manage access rights of the Collaboration Hub users based on their Active Directory user groups, or names, or SAML identities.

If you roll out an authentication certificate to your Collaboration Hub users, all users have access to all published diagrams.

There are two different ways to manage users and groups:

  • Using an included central user management accessible via SAP Signavio Process Collaboration Hub
  • Using SAP Signavio Process Manager directly
Note
In the long term, the central user management includes all functionalities to replace the user management in SAP Signavio Process Manager. In the transition time, both components exist in parallel and are covered in the following.

Using the Central User Management

We recommend using this option to:

  • Invite workspace users (per bulk or instantly).
  • Get a quick overview of all users.
  • Get an e-mail list of all users with one click.
  • Remove users from all SAP Signavio Applications.
  • Create or delete a user group.

Manage users in SAP Signavio Process Manager

We recommend using this to:

  • Move users from one group to another (remove & add).
  • Define authorizations on users or user groups to specific folders (H,R,W,D,P) or dictionary categories (V,W,D,P).
  • Activate feature sets for your created groups.

Creating User Accounts

There are two ways to create user accounts. They can either be created by an administrator, or through feedback invitations created by modelers.

Users Invited to a Workspace

In the User Management, you invite new users to your workspace. You also select the license type and the user groups that you want to assign to the new user.

The license for a new user is connected to the e-mail address in which you sent the invitation. The new user has to register with the same e-mail address to use the license.

Users Invited for Feedback

SAP Signavio Process Manager users can invite internal and external process stakeholders to review and comment on diagrams. Internal users already have an account. Externals must create one to log in.

Internal Users

Users that already have an account and license are invited to review and comment on diagrams. They use their existing e-mail address and password combination to log in. Reminder: internal users are managed with the user management.

External Users

External users that are invited to comment on diagrams must create an account using the link on the invitation e-mail. They can then sign in to the SAP Signavio Process Collaboration Hub and view the diagram. Instead of a paid license, they are assigned a commenting license so that they can view and add comments.

These user accounts are similar to those created with user management, but the following restrictions apply:

  • Users can only see the diagram that they are invited to.
  • Users are not assigned to any user group, not even the default groups.
  • Users cannot access any other component.

To revoke access, remove the account from the user management. When you just remove the licenses, external users can still sign on to the SAP Signavio Process Collaboration Hub. They will no longer see diagrams. They will just be informed on their trial expiration.

Creating Accounts

You have the following options to add users to your workspace:

  1. Create accounts with bulk invites, in case you want to invite multiple users at the same time into the workspace.
  2. Create user accounts individually, if you want to invite a specific user.
Note
New users must register first before they access the workspace to create an account. Users who are already invited to other workspaces can select the workspace to log in to.

Every user you invite to your workspace has the following default permissions:

  • Viewing and editing diagrams in the folder Shared documents.
  • Viewing and editing dictionary entries.

You can change these permissions by going to SetupManage Access Rights

Details about access rights will be covered in the next lesson.

Note
In this lesson, there are several videos showing how to complete each task. You can pause the videos at any point.

Invite Users to the Workspace

Now, let's look at how to create and manage user accounts. In the video below we want to add a couple of new users to the user group "Hub Users". We can do this by sending bulk invites. If we deselect the option to send an invitation, we do not need to wait for the user to register. This way, we can immediately continue processing the user account and, for example, assign individual access rights if necessary.

Edit or Delete User Account

Within the Users tab, you can assign licenses to a user, assign users to groups, reset the user's password, and delete an account. Note that when you delete an account, all content in the My Documents folder is removed from the workspace. However, the content in the Shared Documents folder, user's comments, and changes made will remain there.

Creating Groups

Now, that we learned how to create, edit, and delete user accounts, let's look at how to do this with groups. 

Instead of clicking the Users tab, we will now look at the Groups tab. In the Groups tab, you can edit the name of the group, add new users to a group automatically, create a group hierarchy, and remove users from a group. 

In the next video, we want to edit the name of our group - Users in Asia. We want to rename it to Users in Southeast Asia, add new users to this group automatically, and add two new users - Lisa and Eliza.

Default Groups

When customizing user groups, you can set one or more groups as default groups. For example, you can use a default group to provide new users with a basic set of access rights.

To define a group as a default group, activate the option Add new users to this group automatically (we saw this function in the previous video) in the group settings. Each user invited through the user management is assigned to all default groups by default.

To assign the user you want to invite to another group, you can assign user-specific user groups in the user management dialog when you set up the invitation.

Users created with SAML or CSV API are also assigned to the default groups, unless you specify other user groups by configuration.

Activate Feature Sets

You can activate specific feature sets in the user group management dialog. You can provide each modeler group with the feature sets so they can perform their tasks. In the case where only a certain group of users is allowed to upload documents to the workspace, the Restricting feature sets are useful.

Create Workspace Administrators

In SAP Signavio Process Manager, administrators have extensive permissions to manage workspace settings and user access. The only thing that they cannot access or manage is the content in a modeler's My Documents folder.

To create an administrator account, you create a user account and assign it to the Administrators user group. The user then receives administrative rights for your workspace. To revoke administrative rights, remove the user from the Administrators group.

Key Takeaways - User Licenses and Groups

Great, you are now able to manage user licenses and groups - continue and familiarize yourself with user access rights.

Log in to track your progress & complete quizzes