Sustainable Enterprise Reporting And Management

KB424 - Managing users in the SaaS environment

  

Current Status

The SERAM application manages multiple tenants for different companies. Therefore, whenever a new user registers with SERAM, the correct association to the existing tenant(s) and the actual permissions are not yet known. Also, unless the e-mail used by the user is registered as "managed domain", the tenant administrator will not see the new user appear in his user list because the user is not associated with that company yet.

For this reason, managing new users requires some manual intervention, using one of the following workflows. Requests to the Service Desk related to user management are quickly resolved and free of charge.

Pre-register user by email address (self-service)

Note: This is only available when the user will register using the SERAM OpenID provider and you have been granted ManageUser permissions on the system.

  • Log on to SERAM and go to Tenant Users.
  • Click "Switch to Global User Management".
  • Click "Add Global User or Group".
  • Enter the user name (e.g. "Firstname Lastname") and save.
  • Click on "Claims of Firstname Lastname".
  • Click on "Add E-Mail Claim", and enter the e-mail address (lowercase only) to pre-register, save.
    Note: you can assign multiple addresses to the same user if applicable, but one address cannot be added to to more than one user
  • Optional: Grant other users or groups permissions on the new user object by clicking "View permissions of: Firstname Lastname".
    Note: for impersonation, the ManageUser permission on the user is required 
  • Click "Tenant Users" to return to Tenant User Management.
  • Locate the new user (with globe), and click on "Create metadata", save.
    Note/Optional: you can also add a custom customer logo here if enabled for your tenant
  • In Structures, grant the appropriate permissions to the new user.
  • When the user registers an OpenID account using the registered email address, he'll be associated with the prepared account, and he can use the system right away.

Associate user after registration (managed domain with self-service)

  • The user logs on to https://login.seram.ch and registers with an e-mail of a known "managed domain", and received a page telling him that the administrator has been notified of his account creatin and that he would be informed when his permissions have been set up.
  • You as the administrator of the domain will receive ManageUser permissions on the new account, and be notified by e-mail that the user has registered.
  • Log on to SERAM and go to Tenant Users.
  • Locate the new user (with globe), and click on "Create metadata", save.
    Note/Optional: you can also add a custom customer logo here if enabled for your tenant.
  • In Structures, grant the appropriate permissions to the new user.
  • Send an e-mail to the user informing him that SERAM is now ready to be used.

Pre-register user by email address (via Service Desk)

Note: This is only available when the user will register using the SERAM OpenID provider (e.g. "Username and Password" option).

  • Open a ticket with Service Desk, specifying the e-mail address, first and last name of the new user, and optionally an initial set of permissions to grant (such as "Role Encoder on CO Davos").
  • When the ticket is resolved, you'll have the user listed in the Tenant Users module.
  • When the user registers an OpenID account using the registered email address, he'll be associated with the prepared account, and he can use the system right away.

Associate user after registration (via Service Desk)

  • The user logs on to https://login.seram.ch and registers, and receives a page telling him that no tenant is associated to his account.
  • Open a ticket with Service Desk, specifying a means of identification (e-mail address or name as used on registration) of the user, and optionally an initial set of permissions to grant (such as "Role Encoder on CO Davos").
  • When the ticket is resolved, you'll have the user listed in the Tenant Users module.

Merge users

If the same user has multiple logins, these can be consolidated into a single login. 

  • Open a ticket with Service Desk, specifying the primary user name to keep and the user name(s) to merge into the primary user.
    Note: The primary user should ideally be the one with permissions in the tenant. The user name label of the non-primary user is lost in the merge process, so that any permissions granted to that user would only appear with a cryptic ID even though they continue to be in effect.
  • When the ticket is resolved, only the primary user will exist but all claims/identities and permissions of the removed users will now apply to this primary user.

See also

Last modified: 05.07.2016 14:01
© 2009-2013 Sirius Technologies AG