Inviting or Adding SSO users
  • 28 Jan 2023
  • 8 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Inviting or Adding SSO users

  • Dark
    Light
  • PDF

Article Summary

After successfully configuring the Enterprise SSO (SAML or OpenID) with your project, you can start inviting previously added users or adding new users as SSO users.


Adding a new SSO user

It is almost similar to Adding a regular Document360 user, with just one variation.

By default, Owner and Admin have access to add new team accounts to the project.

1_Screenshot-New_team_account

  1. From the knowledge portal, go to Settings → Users & Security → Team accounts & groups and the Team account tab would be the default selection
  2. Click the New team account button at the top right
  3. A New team account blade appears on the right

a. Set up the basics

2_Screenshot-Set_up_basics_sso_user

  • First name & Last name - Type in the first name and last name for the SSO user. This is an optional field. After the addition of the SSO user, they can set their own first and last name.
  • Email - Provide a valid email address of the SSO user
  • An email id can be associated as both Document360 user and SSO user
  • Only the SSO configured domain email can be added for an SSO user
  • Select the user type - Select SSO user
    This option is available on projects which have already been configured using either one of the SSO standards

    Skip invitation email
    Select the Skip invitation email checkbox to skip the invitation email sent to the SSO users. The SSO users will not receive an invitation email

Click the Next button at the bottom when you're done.


b. Portal role

The list of portal roles available and its description (if provided) in the knowledge base would be displayed. Choose the level of role to the knowledge base portal for the new SSO user. By default, document360 comes with portal roles such as Contributor, Owner, and Admin. You can also add Custom portal roles and assign them to the SSO user. To read more about portal role, see Portal role.

4_Screenshot-Adding_TA_Portal_role

  1. Select the check box of the portal role you want to assign the SSO user
  2. Click on the Next button at the bottom when you're done.

Click on the Previous button to go back to the previous section.

Click on the Cancel button to quit the creation of the SSO user.


c. Content role & access

Choose the level of role and access to the knowledge base content for the new SSO user. You can add a specific role and access for the available content level.

5_Screenshot-Adding_TA_Content_role_and_access

  • Click on the Add content role & access button
  • Add content role & access blade window would appear on the right
Things to consider when adding a content role & access combination

None content role can be associated only to the None content access

For example, you cannot associate None content role to the Complete knowledge base

Possible combinations:

Content roleContent access
NoneNone
EditorComplete knowledge base (Project), Version/Language, Category
Draft writerComplete knowledge base (Project), Version/Language, Category
Custom roleComplete knowledge base (Project), Version/Language, Category

Content role

6_Screenshot-Adding_TA_Content_role

Choose the level of role to the knowledge base content level. The list of content roles available and its description (if provided) in the knowledge base would be displayed. You can also add custom roles and assign them to the SSO user. To read more about content role, see Content role.

For example, you want to restrict the SSO user from publishing the documentation and give access to manage the documentation, you can assign the role as Draft writer.
The Draft writer can add or update articles, but cannot publish

  • Select the check box of the role which you want to assign the SSO user

Content access

7_Screenshot-Adding_TA_Content access

Choose the level of access to the knowledge base content for the SSO user.

For example, you want to restrict the SSO user to access only a particular category.

To read more about content access, see Content access . There are four levels available:

  • None - No access to the knowledge base site content. This can be used for instances when the Owner or Admin has not decided on the content scope and would like to do it later.
  • Complete knowledge base (Project) - Access the entire knowledge base with all its version(s), language(s), categories, and articles
  • Version / Language - Access specific version(s) and language(s) in the knowledge base site
  • Category - Access specific categories in version(s) and language(s) of the knowledge base site

You must select a content role before assigning the content access

  • Select the check box of the content access, which you want to assign the SSO user. If applicable, select the required categories, versions, or languages you want to assign the SSO user
  • Click on the Apply button
  • The chosen content role and access would be created as a new combination
  • You can create the required content role and access combinations. There is no limit to the number of combinations

8_Screenshot-Adding_TA_Content_access_EditandDelete

a. Editing content role and access combination

  • In the Content role & access blade window, hover over the combination you want to edit, you would see the Edit icon on the right
  • Click on the Edit icon
  • You can choose the desired content role and access combination by selecting the checkbox of the desired content role and access
  • Click on the Apply button

    For example, you want to change the content access from Version/Language level to Category level to restrict the content access for an SSO user.

  • Click on the Cancel button to go back to the Content role & access window

b. Deleting content role and access combination

  • In the Content role & access blade window, hover over the combination you want to delete, you would see the Delete icon on the right
  • Click on the Delete icon
  • The desired combination would be deleted

For example, you duplicated a content role & access combination and you want to keep only one combination.

  • Once you have selected the desired content role and access combinations, click on the Next button

d. Assign groups

9_Screenshot-Adding_team_accounts_Assign_group

  • Team accounts can be grouped under one or more team account groups. This is an optional step.
  • The list of team account group(s) available would be displayed.
  • Select the group(s) required.
  • To associate the team account to all the team account groups available, click on the selection button on the left of the list title.
    Click on the Next button at the bottom when you're done.

e. Review and finish

5_Screenshot-Review_new_sso_user

  1. Review all the details and settings for the new SSO user before you finish
  2. If you want to update the previous sections, click on the Previous button to go back to the previous section
  3. Click on the Add button
Error

If there is an error, the respective toast message would appear on the top right.
Update the required changes and then click the Add button in this section

  • The new SSO user is added to the team account list.

  • In the team account list, you can distinguish the SSO users with the SSO user tag next to the name.

6_Screenshot-SSO_user_tag


Inviting an existing user as an SSO user

Let's say you have a bunch of existing Document360 users added to your project. You have recently configured the Enterprise SSO feature, and you wish to add some or all of the existing team members as SSO users.

Here's how you go about it.

Note

The process is similar irrespective of the SSO (SAML or OpenID) you have configured.

  1. Click on SettingsUsers & SecuritySAML/OpenID
  2. In the configured SSO (SAML or OpenID) you can find the Invite existing users section at the bottom when you scroll down
Text on screeen

We found 'n' users matched with your configured SSO domain . Would you like to invite them as a SSO user?

  1. You can either select Invite all team members, or select Pick and invite
  2. If you select Pick and invite, you can select the members and click on the Invite button

Once a team member has been added, they will receive an invitation email containing the following details

  • The team member who has initiated the invite
  • Project name
  • Team role in the project
  • Username
  • Portal link

Here is a sample invitation mail for a better understanding

40_Screenshot-SSO_user_invitation_mail_sample

New SSO user

When you invite an existing Document360 user to become an SSO user in your project, an additional user account is added. The regular user account would also continue to exist along with the SSO user account.


Deleting an SSO user

If the SSO user account is no longer required in the project, you can delete it.

When you delete an SSO user, the user would no longer have access to the project. All the attributes and mentions of the SSO user would be removed from the content.

  1. Go to Settings → Users & Security → Team accounts & groups and the Team account tab would be the default selection
  2. You can view the existing team accounts in the project

17_Screenshot-Deleting_team_account

The SSO users are distinguished with a yellow label marked as SSO user.

  1. Hover the mouse pointer over the SSO user you want to delete, and the Delete icon appears on the right

You can also choose the Edit option to change the roles and permissions of the user.

  1. Click the Delete icon

18_Screenshot-Team_Account_Delete_confirmation_prompt

  1. In the Delete confirmation prompt, click the Yes button
Team account deletion
  • If the team account email was added as both a Document360 user and SSO user, and you have deleted the SSO user account alone: the team account would still be a part of the project unless removed again as a Document360 user
  • If the team account email was added only as an SSO user, you have deleted it: the team account would be permanently removed from the project
Anonymous

All the contributions made by the deleted SSO user would be changed as Anonymous

For example, when you delete an SSO user from the project, the SSO user name would be replaced by Anonymous without a profile picture in the article contributors list


Was this article helpful?