User management

  An administrator role is required. For information, see User roles.

In the User management page, you can:

  • Configure single sign-on using SAML 2.0 protocol with SAML-supported identity providers. Example: Google Suite, Okta, Active Directory Federation Services and more.
  • Add new users and assign roles. You can also edit and delete existing users from the tenant.

Jump to:

Access the User management page

  1. On the top navigation bar, click Settings.

    The License and subscription page appears, with options on the left.

  2. On the left, click User management.

Configure identity federation

You must be a verified primary domain owner.

Important: 

  • The ability to configure new single sign-on setups with Windows Azure Active Directory has been deprecated. Use the SAML protocol for single sign-on setup instead. SAML offers broader compatibilities and allows you to seamlessly integrate with a wider range of identity providers and service providers. This ensures a more flexible and scalable single sign-on solution. For more information, see Configure single sign-on using SAML protocol.

  • Configuring identity federation enables automatic user onboarding. Users from the federated domain are automatically onboarded when they access the Nintex Workflow tenant. Auto-onboarding is subject to rate limiting and should not be used for bulk onboarding.

Configure the identity federation of your Nintex Workflow tenant using SAML 2.0 protocol so you can configure single sign-on using other identity providers An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. such as Google Suite, Okta, PingOne, and Active Directory Federation Services. For instructions, see Configure single sign-on using SAML protocol.

Note: Read the FAQ guide on SAML to learn how single sign-on with SAML works and what it can provide for your Nintex Workflow tenant.

Upgrade identity federation

You must be a verified primary domain owner.

If you see a message indicating an update for the SAML IdP, you must update your identity federation.

To upgrade identity federation, create a new federation or upgrade an existing one. To create a new identity federation, see Configure identity federation. To upgrade an existing identity federation, follow these steps:

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Identity federation section, click and select Upgrade for the required provider.
  3. Select your identity provider.

  4. Copy the Entity ID and Reply URL, then add or update them in your IdP.

    Important: Update these values in your IdP before proceeding to avoid being locked out of your tenant.

  5. Complete the remaining configuration in the Nintex Workflow identity federation wizard, and then select Connect.
  6. Sign out and sign into your Nintex Workflow tenant to complete the upgrade process.

    7. Note: If your federation configuration fails, use one-time password (OTP) to regain access to your tenant.

If the upgrade fails, follow these steps:

  1. Sign in using an OTP.

  2. Delete your existing federation configuration.

  3. Set up federation again with your preferred IdP.

    • Copy the Entity ID and ACS URL exactly as provided.

    • Confirm that attribute mappings are correct.

If the upgrade continues to fail, delete the federation setup, switch to username and password login, and contact Nintex Support for help.

Delete identity federation

Administrator and verified primary domain owner access is required.

Important: Once a federation is deleted, all the users registered with your identity provider will no longer be able to sign into your Nintex Workflow tenant via Single sign-on.

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Identity federation section, click and select Delete for the required provider.
  3. Sign out and sign into your Nintex Workflow tenant to complete the deletion process.

    4. The corresponding identity federation is removed.

    Important: Any users listed in the User management > Users settings will be able to access your Nintex Workflow tenant with their unfederated username and password. We recommend reviewing the list of users after deleting the federation.

Configure identity federation settings

You must be a verified primary domain owner.

After you set up Single sign-on, you can configure auto-acceleration and welcome emails for the federated domain/tenant.

Note: You must be a global administrator and have completed domain verification in order to configure identity federation settings. For more information, see Domain management.

  1. Click Settings and then click User management to open the User management page.
  2. In the Identity federation settings section, toggle Enable auto-acceleration. Configuring this setting enacts the following changes: 

    • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Workflow tenant and the Nintex Workflow sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

    • If disabled: For every login, you will need to sign into the Nintex Workflow tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  3. (Optional) Toggle Send welcome email to new participant role users. This setting is off by default.

Create, edit, and manage user groups

Create new groups of users. Permissions of workflows and connections can be assigned to the created groups in order to share the workflows and connections with the members in the group.

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Groups section, click Add new. The Add new section is displayed with fields to create a new group.
  3. Type a Name for the group.
  4. Type a Description for the group.
  5. Select one or more owners from the Owner(s) drop-down list.
  6. Select the members you want to add to the group from the Member(s) drop-down list.
  7. Click Add. The group is created and displayed in the Groups section.

After the group is created, you can assign the permissions of workflows and connections to the group. For instructions, see Assign User and Owner permissions to connections and Workflow permissions.

  1. Access the User management page: Click Settings and then click User management.

  2. In the Groups section, on the right of the group you want to edit, click and then select Edit.

  3. Edit the fields as required and click Update.

Add, edit, and remove tenant users

Note: Only users with email addresses from organization domain(s) can be added to your Nintex Workflow tenant.

  1. Access the User management page: Click Settings and then click User management.

  2. In the Users section, click Add user.

    Additional fields appear.

  3. Type the Email address of the user you want to add to the tenant. The email address must match the organization domain(s). For example, if the domain configured is Nintex.com, the email address must be user@nintex.com.

  4. Type the First name and Last name of the user.

  5. Select the role to assign to the user from the Roles drop-down.

  6. Click Add.

    The new user is added to the list of users on the page.

    The added user receives an invitation email message to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process.

Note: 

  • Global administrators and Automation administrators cannot change their own user role. 

  • Global administrator roles cannot be assigned to guest users.

  1. Access the User management page: Click Settings and then click User management.

  2. On the right of the row for the user you want to edit, click and then select Edit.

  3. Select the role to assign to the user from the Role drop-down and then click Submit.

Important: When a user is deleted, the user's session will be terminated and any unsaved work will be lost.

  1. Access the User management page: Click Settings and then click User management.

  2. On the right of the row for the user you want to edit, click and then select Delete.

User roles

Nintex Workflow users can be assigned one of the following user roles:

  • Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Workflow tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
  • Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
  • Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
  • Automation administrator: Permissions to access all the Nintex Workflow tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
  • Global administrator: All permissions in Nintex Workflow, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.

    The Global administrator role is assigned automatically to the first person to request a Nintex Workflow tenant.

For information about workflow owner and business owner permissions for workflows, see Workflow permissions.

Permissions

The table below shows the permissions for each user role:

 

Participant

Designer

Developer

Automation

administrator

Global

administrator

Nintex Mobile app

          

Complete tasks

Submit forms

My Nintex          
Complete tasks **

Submit forms

Automate

 

 

 

 

 

Create and modify workflows

Assign Workflow owner and Business owner permissions * With Workflow owner permissions : With Workflow owner permissions :

Create connections

Depends on Connection settings

Depends on Connection settings

Assign connection permissions Depends on Connection settings Depends on Connection settings

Access Xtensions framework

View workflow instances*
View tasks*
Override tasks
Settings          
Domain management
Configure identity federation
Add and manage users
Add and manage groups

Assign Global administrator role to users

View and manage tokens
Important: 

*If the user has business owner permission for a workflow, they are able to view instance details and tasks for that workflow from Workflow tracking in My Nintex, despite their assigned role in User management. For information about applying permissions for workflows, see Workflow permissions.

**If the user has business owner permission for a workflow, they are able to delegate and override tasks depending on My Nintex Business owner settings.

Section

 Selection (or column or field) Description

Identity federation

Configure

Opens prompts in a new window for configuring identity federation to create a single sign-on experience. This selection is available only when no identity federation is configured yet.

For the steps on configuring identity federation, see the following links:
 

Provider

The protocol or method which enabled single sign-on for your Nintex Workflow tenant:

  • Azure Active Directory: Users can single sign-on to Nintex Workflow using their Azure Active Directory accounts.
  • SAML: Users can single sign-on using the credentials verified by their identity provider such as Okta, Active Directory Federation Services (ADFS), Google Suite, and more.

    • For more information on SAML, see Frequently asked questions: Single Sign-on with SAML protocol.

 

Domains

The domains that are federated for single sign-on with the Nintex Workflow tenant.

Example: YourDomain.com, YourCompany.com.

 

Configured by

Tenancy user name of person who configured the provider.

 

Date configured

Date and time on when the provider was configured.

  Options ()

 This feature requires the user to be a Global administrator and a verified primary domain owner.

Lists the following selections:

  • Update: Option to navigate to the Identity federation setup wizard. For more information see Configure identity federation.
  • Delete: Removes the selected identity federation from the Nintex Workflow tenant or tenants.
  • Upgrade: Upgrades the selected identity federation on the Nintex Workflow tenant or tenants.
Identity federation settings Enable auto-acceleration

  This feature requires the user to be a Global administrator and a verified primary domain owner.

This setting is enabled by default for new tenants.

  • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Workflow tenant and the Nintex Workflow sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  • If disabled: For every login, you will need to sign into the Nintex Workflow tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.
  Send welcome email to new participant role users

This feature requires the user to be a Global administrator and a verified primary domain owner.

This setting is off by default.

Users

Add new

Displays the Add user section with the following fields:

  • Email: Email address for the new user. Maximum number of characters: 255.

    Email addresses for users added to the tenancy must match the organization domain(s) of the tenant. The initial domain of the organization is the email address used by the person who requested the Nintex Workflow tenancy. You can add more domains in the Domain management page later.

    For example, if John Smith requested the tenancy using the email address jsmith@mycompany.com, then the email addresses entered for new users are validated for the mycompany.com domain.

    For more information on adding domains, see Domain management.

  • First name: First name of the new user; automatically populated if the email address is already registered with Nintex. Maximum number of characters: 30.
  • Last name: Last name of the new user; automatically populated if the email address is already registered with Nintex. Maximum number of characters: 30.
  • Roles: Lists the roles to assign to users. To add a role, select from the drop-down list. Roles are defined below.

When you click Add, an invitation email message is sent to the new user to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process.

 

Email

Email address of the user.

 

First name

First name of the user.

 

Last name

Last name of the user.

 

Roles

Roles assigned to the user:

For more information about role permissions, see Permissions.

  • Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Workflow tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
  • Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
  • Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
  • Automation administrator: Permissions to access all the Nintex Workflow tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
  • Global administrator: All permissions in Nintex Workflow, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.

    The Global administrator role is assigned automatically to the first person to request a Nintex Workflow tenant.

 

Options ()

Lists the following selections:

  • Edit: Lists roles. To add a role, select from the drop-down list.
  • Delete: Deletes the user from the Nintex Workflow tenancy.
Groups Add new

Displays the Add new section with the following fields to enter details and create a new user group:

  • Name: Name for the group.
  • Description: Description about the group.
  • Owners(s): Drop-down list to select one or more owners for the group.
  • Member(s): Drop-down list to select one or more members for the group.
  • Add: Button to add the group after entering details in the given fields.
Name Name of the group.
Description Description of the group.
Owner(s) The owner or owners assigned for the group. Open the drop-down to see the names of the owners.
Member(s) The members assigned for the group. Open the drop-down to see the names of the members in the group.
Options ()

Opens a list with the following options:

  • Edit: Opens the Edit section to edit details of the selected group.
  • Delete: Deletes the selected group.