Managing User Licenses and Groups

Every user in the system requires a license to access the respective SAP Signavio Process Transformation Suite solution. In the following examples, we look at licenses for SAP Signavio Process Manager and the SAP Signavio Process Collaboration Hub.

Since a license is always bound to a certain user, let's check what happens if users get invited or removed from workspaces.

An administrator must assign at least one license to every user in a workspace. When you invite users via the user management, you select the license you want to assign.

Users with a license for another workspace cannot access your workspace, unless you assign this workspace license to your user.

Once you remove a user from your workspace, the user's license goes back into the pool and can be assigned to other users.

There are two types of users, modeling users, and process viewer.

By default, every modeling user has access to the complete content in the Share documents folder. To restrict access rights of users, you can assign them to a user group with limited access permissions when you invite them to your Process Manager workspace. 

To restrict access rights based on organizational roles, we recommend setting up a folder structure that reflects the different access right variations. See examples for possible folder structures later in this lesson. Then, create user groups with access rights that are tailored to your organizational requirements. 

These users only have access to diagrams that have been explicitly published to the Collaboration Hub. The way you can manage access rights for the Collaboration Hub users depends on your usage scenario:

If the users authenticate via an Active Directory - or a SAML-based mechanism, you can manage access rights of the Collaboration Hub users based on their Active Directory user groups, or names, or SAML identities.

If you roll out an authentication certificate to your Collaboration Hub users, all users have access to all published diagrams.

There are two different ways to manage users and groups:

• Using an included central user management accessible via SAP Signavio Process Collaboration Hub
• Using SAP Signavio Process Manager directly

We recommend using this option to:

• Invite workspace users (per bulk or instantly).
• Get a quick overview of all users.
• Get an e-mail list of all users with one click.
• Remove users from all SAP Signavio Applications.
• Create or delete a user group.

We recommend using this to:

• Move users from one group to another (remove & add).
• Define authorizations on users or user groups to specific folders (H,R,W,D,P) or dictionary categories (V,W,D,P).
• Activate feature sets for your created groups.

There are two ways to create user accounts. They can either be created by an administrator, or through feedback invitations created by modelers.

In the User Management, you invite new users to your workspace. You also select the license type and the user groups that you want to assign to the new user.

The license for a new user is connected to the e-mail address in which you sent the invitation. The new user has to register with the same e-mail address to use the license.

SAP Signavio Process Manager users can invite internal and external process stakeholders to review and comment on diagrams. Internal users already have an account. Externals must create one to log in.

Users that already have an account and license are invited to review and comment on diagrams. They use their existing e-mail address and password combination to log in. Reminder: internal users are managed with the user management.

External users that are invited to comment on diagrams must create an account using the link on the invitation e-mail. They can then sign in to the SAP Signavio Process Collaboration Hub and view the diagram. Instead of a paid license, they are assigned a commenting license so that they can view and add comments.

These user accounts are similar to those created with user management, but the following restrictions apply:

• Users can only see the diagram that they are invited to.
• Users are not assigned to any user group, not even the default groups.
• Users cannot access any other component.

To revoke access, remove the account from the user management. When you just remove the licenses, external users can still sign on to the SAP Signavio Process Collaboration Hub. They will no longer see diagrams. They will just be informed on their trial expiration.

You have the following options to add users to your workspace:

1. Create accounts with bulk invites, in case you want to invite multiple users at the same time into the workspace.
2. Create user accounts individually, if you want to invite a specific user.

Every user you invite to your workspace has the following default permissions:

• Viewing and editing diagrams in the folder Shared documents.
• Viewing and editing dictionary entries.

You can change these permissions by going to Setup → Manage Access Rights. 

Details about access rights will be covered in the next lesson.

Now, let's look at how to create and manage user accounts. In the video below we want to add a couple of new users to the user group "Hub Users". We can do this by sending bulk invites. If we deselect the option to send an invitation, we do not need to wait for the user to register. This way, we can immediately continue processing the user account and, for example, assign individual access rights if necessary.

Within the Users tab, you can assign licenses to a user, assign users to groups, reset the user's password, and delete an account. Note that when you delete an account, all content in the My Documents folder is removed from the workspace. However, the content in the Shared Documents folder, user's comments, and changes made will remain there.

Now, that we learned how to create, edit, and delete user accounts, let's look at how to do this with groups. 

Instead of clicking the Users tab, we will now look at the Groups tab. In the Groups tab, you can edit the name of the group, add new users to a group automatically, create a group hierarchy, and remove users from a group. 

In the next video, we want to edit the name of our group - Users in Asia. We want to rename it to Users in Southeast Asia, add new users to this group automatically, and add two new users - Lisa and Eliza.

When customizing user groups, you can set one or more groups as default groups. For example, you can use a default group to provide new users with a basic set of access rights.

To define a group as a default group, activate the option Add new users to this group automatically (we saw this function in the previous video) in the group settings. Each user invited through the user management is assigned to all default groups by default.

To assign the user you want to invite to another group, you can assign user-specific user groups in the user management dialog when you set up the invitation.

Users created with SAML or CSV API are also assigned to the default groups, unless you specify other user groups by configuration.

You can activate specific feature sets in the user group management dialog. You can provide each modeler group with the feature sets so they can perform their tasks. In the case where only a certain group of users is allowed to upload documents to the workspace, the Restricting feature sets are useful.

In SAP Signavio Process Manager, administrators have extensive permissions to manage workspace settings and user access. The only thing that they cannot access or manage is the content in a modeler's My Documents folder.

To create an administrator account, you create a user account and assign it to the Administrators user group. The user then receives administrative rights for your workspace. To revoke administrative rights, remove the user from the Administrators group.