Nintex Workflow and Nintex Apps connected user management

If you are licensed to access both Nintex Workflow and Nintex Apps, then the users that you add in Nintex Workflow are automatically authenticated and authorized to use both parts of the product, ensuring a connected user experience.

Some tenants may have Nintex Apps-only users. Migrating these users to platform-managed accounts is recommended. For more information, see Nintex Apps user management scenarios.

Set up users in the connected experience

1. If the user will be accessing Nintex Workflow and they are a new user, add them on the User management page in Nintex Workflow. The new user will receive a welcome email from Nintex with links and sign-on instructions. For more information about adding users in Nintex Workflow, see Add, edit, and remove tenant users.

2. Assign the user an appropriate Nintex Workflow role based on their allowed permissions. For information about assigning roles in Nintex Workflow, see Add, edit, and remove tenant users.

   When the new user first attempts to access Nintex Apps, they will be autoprovisioned in Nintex Apps. Users assigned a Participant role in Nintex Workflow will be assigned the Standard site permission set in Nintex Apps; all other users (including Global administrators, Automation administrators, Designers, and Developers) will be assigned the Admin site permission set.

   If the user previously existed in Nintex Apps and was assigned the Admin site permission set and you set them up as a new Participant user in Nintex Workflow, they will be reassigned with the Standard site permission set in Nintex Apps. If they were previously assigned the Standard site permission set in Nintex Apps, no permission set changes will be made.

   If the user previously existed in Nintex Apps and was assigned the Standard site permission set and you set them up as a new Global administrator, Automation administration, Designer, or Developer user in Nintex Workflow, they will be reassigned with the Admin site permission set in Nintex Apps. If they were previously assigned the Admin site permission set in Nintex Apps, no permission set changes will be made.

3. If needed, modify the user's Nintex Apps permission set based on their allowed permissions. Most of the time, the assigned permission set will appropriate for the user and you will not need to modify it. For information about modifying permission sets in Nintex Apps, Permissions in Nintex Apps .

When single sign-on is enabled, users can log in and access applicable parts of the connected experience.

Syncing Nintex Apps user records with Nintex Workflow

It's possible to manually sync Nintex Apps user records with Nintex Workflow to ensure the latest user data is reflected in Nintex Apps. This process updates existing users and adds new users from Nintex Workflow.

When a sync is performed:

• New users are added to Nintex Apps
• User detail updates are applied
• User permission sets are updated to reflect current role mappings, if platform role overrides are not enabled

To sync user records:

1. Go to Settings > Users.
2. Click More Options  > Update user records from Nintex Workflow.

The sync process completes in the background.

Role mapping

 

Role mapping determines how Nintex Workflow roles map to specific site permission sets in Nintex Apps. This impacts whether users have designer access (with builder capabilities) or runtime-only access to Nintex Apps.

By default, all non-participant users (developers, designers, administrators) become admins in Nintex Apps:

• Global administrator: Admin
• Automation administrator: Admin
• Designer: Admin
• Developer: Admin
• Participant: Standard

This default mapping may not fit all organizations—for example, some developers in Nintex Workflow may not need designer access in Nintex Apps. To customize role mappings:

1. Go to Settings > Users.

2. Click More Options  > User management settings above the user list.

3. In the Role mapping section, use the dropdown beside each Nintex Workflow role to select the preferred Nintex Apps site permission set.
4. Select Save.

Role mappings apply automatically to individual users whenever they first access Nintex Apps and whenever they log in. Mappings are applied to all users whenever user records are synced. The only exception being if Allow platform role override is enabled, role mapping settings will not apply. For more information see Allow Nintex Apps-only users.

Nintex Apps user management scenarios

While connected tenants by default allow Nintex Apps-only users to be created, migrating to a platform-focused user management practice is recommended. The scenarios described below illustrate how to navigate this transition and why some tenants may utilize one management practice or the other.

Enforce platform user management

When Allow Apps-only users is disabled, all users must be provisioned through Nintex Workflow. Users remain in sync between Nintex Workflow and Nintex Apps, which ensures consistent user management, user permissions, and simplifies account maintenance across products.

Note: While platform user management is currently optional, it will be enforced in future versions.

Prerequisites: Migrate Nintex Apps-only users

If any Nintex Apps-only users exist in your tenant, you'll be unable to disable Allow Apps-only users, as doing so would deny access to these existing users. These users will be marked in Nintex Apps as Apps user.

Before you can enforce platform user management, you must migrate existing Nintex Apps-only users to Nintex Workflow. You have two options for handling Nintex Apps-only users:

Option 1: Deactivate the user

1. Ensure the user has been created in the Nintex Workflow user management interface (if they need continued access).
2. Go to Settings > Users.
3. Beside the user to deactivate, click More Options > Deactivate.

It's also possible to deactivate users from the Security Settings tab in the user's details.

Option 2: Sync the user to platform

Use this option to convert an Nintex Apps-only user to a platform-managed user by syncing their account information.

1. Create a matching user in Nintex Workflow with the same email.
   • Matching logic is not case-sensitive.
   • Matching may fail if multiple users share the same email.
2. Go to Settings > Users.
3. Click More Options > Update user records from Workflow above the user list.
4. Click Sync users.

When you run the platform user sync, the Nintex Apps-only user becomes a platform-managed user.

To disable Apps-only user creation

1. Migrate all Nintex Apps-only users using one of the options above.
2. Go to Settings > Users.
3. Click More Options  > User management settings above the user list.
4. Click to disable Allow Apps-only users.
5. Click Save.

Once disabled, all future users must be created through Nintex Workflow.

Allow Nintex Apps-only users

Enabling Nintex Apps-only users allows for Nintex Apps-only users to exist, which means the user list between Nintex Workflow and Nintex Apps will not be in sync. This can be useful in certain scenarios—legacy implementations, temporary access, testing/staging environments. However, it's typically recommended that this setting be disabled, activating platform user management.

To enable Nintex Apps-only users

1. Go to Settings > Users.
2. Click More Options  > User management settings above the user list.
3. Click to enable Allow Apps-only users.
4. Click Save.

You can also enforce Apps-only permissions by enabling Allow platform role override. Doing so prevents any Role mapping settings from applying to Apps users when user records are synced, preserving their current site permission sets.

To enable Allow platform role override

1. Go to Settings > Users.
2. Click More Options  > User management settings above the user list.
3. Click to enable Allow platform role override.
4. Click Save.