After successfully configuring the Enterprise SSO (SAML or OpenID) with your project, you can start inviting previously added users or adding new users as SSO users.
Adding a new SSO user
It is almost similar to Adding a regular Document360 user, with just one variation (selecting the SSO user checkbox).
By default, the Owner and Admin have access to add new team accounts to the project.
a) Setting up the basic details
-
From the Knowledge base portal, navigate to Settings → Users & Security → Team accounts & groups, and the Team account tab would be the default selection
-
Click the Create -> Team account button at the top right and the Create team account blade appears
- Email: Provide a valid email address for the SSO user
- An email ID can be associated with both a Document360 user and an SSO user
- Only the SSO configured domain email can be added for an SSO user
-
Select the SSO user checkbox
This option is available on projects that have already been configured using either one of the SSO standards -
Skip invitation email
Select the Skip invitation email checkbox to skip the invitation email sent to the SSO users. The SSO users will not receive an invitation email
b) Portal role
The list of portal roles available and its description (if provided) in the knowledge base would be displayed. Choose the level of role to the knowledge base portal for the new SSO user. By default, document360 comes with portal roles such as Admin, Contributor, Owner, and FR custom role to assign them to the SSO user. To read more about the portal role, see Portal role
- From the drop-down menu, select the appropriate portal role
c) Content role and access
Choose the level of role and access to the knowledge base content for the new SSO user. You can add a specific role and access for the available content level.
The None content role can be associated only with the None content access
For example, you cannot associate the None content role with the Complete knowledge base
Possible combinations:
Content role | Content access |
---|---|
None | None |
Editor | Complete knowledge base (Project), Workspace/Language, Category |
Draft writer | Complete knowledge base (Project), Workspace/Language, Category |
Custom role | Complete knowledge base (Project), Workspace/Language, Category |
Content role
Choose the level of role for the knowledge base content level. The list of content roles available and their description (if provided) in the knowledge base would be displayed. You can also add custom roles and assign them to the SSO user. To read more about the content role, see Content role
For example, if you want to restrict the SSO user from publishing the documentation and give them access to manage the documentation, you can assign the role of Draft writer.
The Draft writer can add or update articles but cannot publish them
- From the drop-down menu, select the desired content role
Content access
Choose the level of access to the knowledge base content for the SSO user.
For example, you want to restrict the SSO user to accessing only a particular category.
To read more about content access, see Content access
- None: No access to the knowledge base site content. This can be used for instances where the Owner or Admin has not decided on the content scope and would like to do it later.
- Complete knowledge base (Project): Access the entire knowledge base with all its workspace(s), language(s), categories, and articles
- Workspace / Language: Access specific workspace(s) and language(s) in the knowledge base site
- Category: Access specific categories in the workspace(s) and language(s) of the knowledge base site
You must select a content role before assigning content access
- From the content access drop-down menu, select the appropriate access
- The chosen content role and access would be created as a new combination
- You can create the required content role and access combinations. There is no limit to the number of combinations
Deleting content role and access combination
- In the Content role & access blade window, hover over the combination you want to delete, and you will see the Delete icon on the right
- Click on the Delete icon, and the desired combination would be deleted
The Delete icon will be available only if there is more than one content role and access
For example, you duplicated a content role and access combination, and you want to keep only one combination.
Assign groups
-
Team accounts can be grouped under one or more team account groups. This is an optional step.
-
Select the drop-down menu, and the list of team account group(s) available would be displayed.
-
Select the group(s) check box required to associate the team account with all the team account groups available
Once you have made your changes, click Create team account
If there is an error, the respective toast message would appear on the top right.
Update the required changes, and then click the Create team account button in this section
-
The new SSO user is added to the team account list.
-
In the team account list, you can distinguish the SSO users with the SSO user tag next to the name.
Inviting an existing user as an SSO user
Let's say you have a bunch of existing Document360 users added to your project. You have recently configured the Enterprise SSO feature, and you wish to add some or all of the existing team members as SSO users.
Here's how you go about it.
The process is similar irrespective of the SSO (SAML or OpenID) you have configured.
-
Click on Settings → Users & Security → SAML/OpenID
-
In the configured SSO (SAML or OpenID), you can find the Invite existing users section at the bottom when you scroll down
We found 'n' users matched with your configured SSO domain. Would you like to invite them as a SSO user?
-
You can either select All users team members or select Selected users only
-
If you select Selected users only, you can select the members and click on the Invite button
Once a team member has been added, they will receive an invitation email containing the following details:
- The team member who has initiated the invite
- Project name
- Team role in the project
- Username
- Portal link
Here is a sample invitation mail for your better understanding
When you invite an existing Document360 user to become an SSO user in your project, an additional user account is added. The regular user account would also continue to exist along with the SSO user account.
Deleting an SSO user
If the SSO user account is no longer required for the project, you can delete it.
When you delete an SSO user, the user would no longer have access to the project. All the attributes and mentions of the SSO user would be removed from the content.
-
Go to Settings → Users & Security → Team accounts & groups, and the Team account tab would be the default selection
-
You can view the existing team accounts in the project
The SSO users are distinguished by a yellow label marked as SSO user.
- Hover the mouse pointer over the SSO user you want to delete, and the Delete icon appears on the right
You can also choose the Edit option to change the roles and permissions of the user.
- Click on the Delete icon, and click Yes in the Delete confirmation prompt
- If the team account email was added as both a Document360 user and SSO user, and you have deleted the SSO user account alone, the team account would still be a part of the project unless removed again as a Document360 user
- If the team account email was added only as an SSO user, you have deleted it: the team account would be permanently removed from the project
All the contributions made by the deleted SSO user would be changed to Anonymous
For example, If a user who has created 15 articles is deleted and later re-added through SSO, the deleted user's information will still appear as 'Anonymous.' This occurs because each user is associated with a unique ID that is not mapped to the same user's email ID.