Inviting or Adding SSO users

After successfully configuring the Enterprise SSO (SAML or OpenID) with your project, you can start inviting previously added users or adding new users as SSO users.

Adding a new SSO user

It is almost similar to Adding a regular Document360 user, with just one variation.

1. From the knowledge portal, go to Settings → Users & Security → Team accounts & groups and the Team account tab would be the default selection
2. Click the New team account button at the top right
3. A New team account blade appears on the right

a. Set up the basics

• First name & Last name - Type in the first name and last name for the SSO user. This is an optional field. After the addition of the SSO user, they can set their own first and last name.
• Email - Provide a valid email address of the SSO user

• Select the user type - Select SSO user
  This option is available on projects which have already been configured using either one of the SSO standards

  Skip invitation email
  Select the Skip invitation email checkbox to skip the invitation email sent to the SSO users. The SSO users will not receive an invitation email

Click the Next button at the bottom when you're done.

b. Portal role

The list of portal roles available and its description (if provided) in the knowledge base would be displayed. Choose the level of role to the knowledge base portal for the new SSO user. By default, document360 comes with portal roles such as Contributor, Owner, and Admin. You can also add Custom portal roles and assign them to the SSO user. To read more about portal role, see Portal role.

1. Select the check box of the portal role you want to assign the SSO user
2. Click on the Next button at the bottom when you're done.

c. Content role & access

Choose the level of role and access to the knowledge base content for the new SSO user. You can add a specific role and access for the available content level.

• Click on the Add content role & access button
• Add content role & access blade window would appear on the right

Content role

Choose the level of role to the knowledge base content level. The list of content roles available and its description (if provided) in the knowledge base would be displayed. You can also add custom roles and assign them to the SSO user. To read more about content role, see Content role.

For example, you want to restrict the SSO user from publishing the documentation and give access to manage the documentation, you can assign the role as Draft writer.
The Draft writer can add or update articles, but cannot publish

• Select the check box of the role which you want to assign the SSO user

Content access

Choose the level of access to the knowledge base content for the SSO user.

For example, you want to restrict the SSO user to access only a particular category.

To read more about content access, see Content access . There are four levels available:

• None - No access to the knowledge base site content. This can be used for instances when the Owner or Admin has not decided on the content scope and would like to do it later.
• Complete knowledge base (Project) - Access the entire knowledge base with all its version(s), language(s), categories, and articles
• Version / Language - Access specific version(s) and language(s) in the knowledge base site
• Category - Access specific categories in version(s) and language(s) of the knowledge base site

• Select the check box of the content access, which you want to assign the SSO user. If applicable, select the required categories, versions, or languages you want to assign the SSO user
• Click on the Apply button
• The chosen content role and access would be created as a new combination
• You can create the required content role and access combinations. There is no limit to the number of combinations

a. Editing content role and access combination

• In the Content role & access blade window, hover over the combination you want to edit, you would see the Edit icon on the right
• Click on the Edit icon
• You can choose the desired content role and access combination by selecting the checkbox of the desired content role and access
• Click on the Apply button

  For example, you want to change the content access from Version/Language level to Category level to restrict the content access for an SSO user.

• Click on the Cancel button to go back to the Content role & access window

b. Deleting content role and access combination

• In the Content role & access blade window, hover over the combination you want to delete, you would see the Delete icon on the right
• Click on the Delete icon
• The desired combination would be deleted

For example, you duplicated a content role & access combination and you want to keep only one combination.

• Once you have selected the desired content role and access combinations, click on the Next button

d. Assign groups

• Team accounts can be grouped under one or more team account groups. This is an optional step.
• The list of team account group(s) available would be displayed.
• Select the group(s) required.
• To associate the team account to all the team account groups available, click on the selection button on the left of the list title.
  Click on the Next button at the bottom when you're done.

e. Review and finish

1. Review all the details and settings for the new SSO user before you finish
2. If you want to update the previous sections, click on the Previous button to go back to the previous section
3. Click on the Add button

• The new SSO user is added to the team account list.

• In the team account list, you can distinguish the SSO users with the SSO user tag next to the name.

Inviting an existing user as an SSO user

Let's say you have a bunch of existing Document360 users added to your project. You have recently configured the Enterprise SSO feature, and you wish to add some or all of the existing team members as SSO users.

Here's how you go about it.

1. Click on Settings → Users & Security → SAML/OpenID
2. In the configured SSO (SAML or OpenID) you can find the Invite existing users section at the bottom when you scroll down

3. You can either select Invite all team members, or select Pick and invite
4. If you select Pick and invite, you can select the members and click on the Invite button

Once a team member has been added, they will receive an invitation email containing the following details

• The team member who has initiated the invite
• Project name
• Team role in the project
• Username
• Portal link

Here is a sample invitation mail for a better understanding

Deleting an SSO user

If the SSO user account is no longer required in the project, you can delete it.

1. Go to Settings → Users & Security → Team accounts & groups and the Team account tab would be the default selection
2. You can view the existing team accounts in the project

3. Hover the mouse pointer over the SSO user you want to delete, and the Delete icon appears on the right

4. Click the Delete icon

5. In the Delete confirmation prompt, click the Yes button