After successfully configuring the Enterprise SSO (SAML or OpenID) with your project, you can start inviting previously added users or adding new users as SSO users.

Adding a new SSO user

It is almost similar to Adding a regular Document360 user, with just one variation (selecting the SSO user checkbox).

a) Setting up the basic details

1. From the Knowledge base portal, navigate to Settings → Users & Security → Team accounts & groups, and the Team account tab would be the default selection

2. Click the Create -> Team account button at the top right and the Create team account blade appears

• Email: Provide a valid email address for the SSO user

• Select the SSO user checkbox
  This option is available on projects that have already been configured using either one of the SSO standards

• Skip invitation email
  Select the Skip invitation email checkbox to skip the invitation email sent to the SSO users. The SSO users will not receive an invitation email

b) Portal role

The list of portal roles available and its description (if provided) in the knowledge base would be displayed. Choose the level of role to the knowledge base portal for the new SSO user. By default, document360 comes with portal roles such as Admin, Contributor, Owner, and FR custom role to assign them to the SSO user. To read more about the portal role, see Portal role

• From the drop-down menu, select the appropriate portal role

c) Content role and access

Choose the level of role and access to the knowledge base content for the new SSO user. You can add a specific role and access for the available content level.

Content role

Choose the level of role for the knowledge base content level. The list of content roles available and their description (if provided) in the knowledge base would be displayed. You can also add custom roles and assign them to the SSO user. To read more about the content role, see Content role

For example, if you want to restrict the SSO user from publishing the documentation and give them access to manage the documentation, you can assign the role of Draft writer.

The Draft writer can add or update articles but cannot publish them

• From the drop-down menu, select the desired content role

Content access

Choose the level of access to the knowledge base content for the SSO user.

For example, you want to restrict the SSO user to accessing only a particular category.

To read more about content access, see Content access

• None: No access to the knowledge base site content. This can be used for instances where the Owner or Admin has not decided on the content scope and would like to do it later.
• Complete knowledge base (Project): Access the entire knowledge base with all its workspace(s), language(s), categories, and articles
• Workspace / Language: Access specific workspace(s) and language(s) in the knowledge base site
• Category: Access specific categories in the workspace(s) and language(s) of the knowledge base site

• From the content access drop-down menu, select the appropriate access
• The chosen content role and access would be created as a new combination
• You can create the required content role and access combinations. There is no limit to the number of combinations

Deleting content role and access combination

• In the Content role & access blade window, hover over the combination you want to delete, and you will see the Delete icon on the right
• Click on the Delete icon, and the desired combination would be deleted

For example, you duplicated a content role and access combination, and you want to keep only one combination.

Assign groups

• Team accounts can be grouped under one or more team account groups. This is an optional step.

• Select the drop-down menu, and the list of team account group(s) available would be displayed.

• Select the group(s) check box required to associate the team account with all the team account groups available

Once you have made your changes, click Create team account

• The new SSO user is added to the team account list.

• In the team account list, you can distinguish the SSO users with the SSO user tag next to the name.

Inviting an existing user as an SSO user

Let's say you have a bunch of existing Document360 users added to your project. You have recently configured the Enterprise SSO feature, and you wish to add some or all of the existing team members as SSO users.

Here's how you go about it.

1. Click on Settings → Users & Security → SAML/OpenID

2. In the configured SSO (SAML or OpenID), you can find the Invite existing users section at the bottom when you scroll down

3. You can either select All users team members or select Selected users only

4. If you select Selected users only, you can select the members and click on the Invite button

Once a team member has been added, they will receive an invitation email containing the following details:

• The team member who has initiated the invite
• Project name
• Team role in the project
• Username
• Portal link

Here is a sample invitation mail for your better understanding

Deleting an SSO user

If the SSO user account is no longer required for the project, you can delete it.

1. Go to Settings → Users & Security → Team accounts & groups, and the Team account tab would be the default selection

2. You can view the existing team accounts in the project

3. Hover the mouse pointer over the SSO user you want to delete, and the Delete icon appears on the right

4. Click on the Delete icon, and click Yes in the Delete confirmation prompt