User management

  An administrator role is required. For information, see User roles.

In the User management page, you can:

  • Configure single sign-on using SAML 2.0 protocol with SAML-supported identity providers. Example: Google Suite, Okta, Active Directory Federation Services and more.
  • Add new users and assign roles. You can also edit and delete existing users from the tenant.

Jump to:

Access the User management page

  1. On the top navigation bar, click Settings.

    The License and subscription page appears, with options on the left.

  2. On the left, click User management.

Configure identity federation

You must be a verified primary domain owner.

Important: 

  • The ability to configure new single sign-on setups with Windows Azure Active Directory has been deprecated. Use the SAML protocol for single sign-on setup instead. SAML offers broader compatibilities and allows you to seamlessly integrate with a wider range of identity providers and service providers. This ensures a more flexible and scalable single sign-on solution. For more information, see Configure single sign-on using SAML protocol.

  • Configuring identity federation enables automatic user onboarding. Users from the federated domain are automatically onboarded when they access the Nintex Automation Cloud tenant. Auto-onboarding is subject to rate limiting and should not be used for bulk onboarding.

Configure the identity federation of your Nintex Automation Cloud tenant using SAML 2.0 protocol so you can configure single sign-on using other identity providers An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. such as Google Suite, Okta, PingOne, and Active Directory Federation Services. For instructions, see Configure single sign-on using SAML protocol.

Note: Read the FAQ guide on SAML to learn how single sign-on with SAML works and what it can provide for your Nintex Automation Cloud tenant.

Delete identity federation

Administrator and verified primary domain owner access is required.

Important: Once a federation is deleted, all the users registered with your identity provider will no longer be able to sign into your Nintex Automation Cloud tenant via Single sign-on.

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Identity federation section, click and select Delete for the required provider.
  3. Sign out and sign into your Nintex Automation Cloud tenant to complete the deletion process.

    4. The corresponding identity federation is removed.

    Important: Any users listed in the User management > Users settings will be able to access your Nintex Automation Cloud tenant with their unfederated username and password. We recommend reviewing the list of users after deleting the federation.

Configure identity federation settings

You must be a verified primary domain owner.

After you set up Single sign-on, you can configure auto-acceleration and welcome emails for the federated domain/tenant.

Note: You must be a global administrator and have completed domain verification in order to configure identity federation settings. For more information, see Domain management.

  1. Click Settings and then click User management to open the User management page.
  2. In the Identity federation settings section, toggle Enable auto-acceleration. Configuring this setting enacts the following changes: 

    • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Automation Cloud tenant and the Nintex Automation Cloud sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

    • If disabled: For every login, you will need to sign into the Nintex Automation Cloud tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  3. (Optional) Toggle Send welcome email to new participant role users. This setting is off by default.

Create, edit, and manage user groups

Create new groups of users. Permissions of workflows and connections can be assigned to the created groups in order to share the workflows and connections with the members in the group.

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Groups section, click Add new. The Add new section is displayed with fields to create a new group.
  3. Type a Name for the group.
  4. Type a Description for the group.
  5. Select one or more owners from the Owner(s) drop-down list.
  6. Select the members you want to add to the group from the Member(s) drop-down list.
  7. Click Add. The group is created and displayed in the Groups section.

After the group is created, you can assign the permissions of workflows and connections to the group. For instructions, see Assign User and Owner permissions to connections and Manage workflow permissions.

  1. Access the User management page: Click Settings and then click User management.

  2. In the Groups section, on the right of the group you want to edit, click and then select Edit.

  3. Edit the fields as required and click Update.

Add, edit, and remove tenant users

Note: Only users with email addresses from organization domain(s) can be added to your Nintex Automation Cloud tenant.

  1. Access the User management page: Click Settings and then click User management.

  2. In the Users section, click Add user.

    Additional fields appear.

  3. Type the Email address of the user you want to add to the tenant. The email address must match the organization domain(s). For example, if the domain configured is Nintex.com, the email address must be user@nintex.com.

  4. Type the First name and Last name of the user.

  5. Select the role to assign to the user from the Roles drop-down.

  6. Click Add.

    The new user is added to the list of users on the page.

    The added user receives an invitation email message to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process.

Note: 

  • Global administrators and Automation administrators cannot change their own user role. 

  • Global administrator roles cannot be assigned to guest users.

  1. Access the User management page: Click Settings and then click User management.

  2. On the right of the row for the user you want to edit, click and then select Edit.

  3. Select the role to assign to the user from the Role drop-down and then click Submit.

Important: When a user is deleted, the user's session will be terminated and any unsaved work will be lost.

  1. Access the User management page: Click Settings and then click User management.

  2. On the right of the row for the user you want to edit, click and then select Delete.

User roles

Nintex Automation Cloud users can be assigned one of the following user roles:

  • Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Automation Cloud tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
  • Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
  • Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
  • Automation administrator: Permissions to access all the Nintex Automation Cloud tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
  • Global administrator: All permissions in Nintex Automation Cloud, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.

    The Global administrator role is assigned automatically to the first person to request a Nintex Automation Cloud tenant.

For information about workflow owner and business owner permissions for workflows, see Manage workflow permissions.

Permissions

The table below shows the permissions for each user role:

 

Participant

Designer

Developer

Automation

administrator

Global

administrator

Nintex Mobile app

          

Complete tasks

Submit forms

My Nintex          
Complete tasks **

Submit forms

Automate

 

 

 

 

 

Create and modify workflows

Assign Workflow owner and Business owner permissions * With Workflow owner permissions : With Workflow owner permissions :

Create connections

Depends on Connection settings

Depends on Connection settings

Assign connection permissions Depends on Connection settings Depends on Connection settings

Access Xtensions framework

View workflow instances*
View tasks*
Override tasks
Settings          
Domain management
Configure identity federation
Add and manage users
Add and manage groups

Assign Global administrator role to users

View and manage tokens
Important: 

*If the user has business owner permission for a workflow, they are able to view instance details and tasks for that workflow from Workflow tracking in My Nintex, despite their assigned role in User management. For information about applying permissions for workflows, see Manage workflow permissions.

**If the user has business owner permission for a workflow, they are able to delegate and override tasks depending on My Nintex Business owner settings.

Section

 Selection (or column or field) Description

Identity federation

Configure

Opens prompts in a new window for configuring identity federation to create a single sign-on experience. This selection is available only when no identity federation is configured yet.

For the steps on configuring identity federation, see the following links:
 

Provider

The protocol or method which enabled single sign-on for your Nintex Automation Cloud tenant:

  • Azure Active Directory: Users can single sign-on to Nintex Automation Cloud using their Azure Active Directory accounts.
  • SAML: Users can single sign-on using the credentials verified by their identity provider such as Okta, Active Directory Federation Services (ADFS), Google Suite, and more.

    • For more information on SAML, see Frequently asked questions: Single Sign-on with SAML protocol.

 

Domains

The domains that are federated for single sign-on with the Nintex Automation Cloud tenant.

Example: YourDomain.com, YourCompany.com.

 

Configured by

Tenancy user name of person who configured the provider.

 

Date configured

Date and time on when the provider was configured.

  Options ()

 This feature requires the user to be a Global administrator and a verified primary domain owner.

Lists the following selections:

  • Update: Option to navigate to the Identity federation setup wizard. For more information see Configure identity federation.
  • Delete: Removes the selected identity federation from the Nintex Automation Cloud tenant or tenants.
Identity federation settings Enable auto-acceleration

  This feature requires the user to be a Global administrator and a verified primary domain owner.

This setting is enabled by default for new tenants.

  • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Automation Cloud tenant and the Nintex Automation Cloud sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  • If disabled: For every login, you will need to sign into the Nintex Automation Cloud tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.
  Send welcome email to new participant role users

This feature requires the user to be a Global administrator and a verified primary domain owner.

This setting is off by default.

Users

Add new

Displays the Add user section with the following fields:

  • Email: Email address for the new user. Maximum number of characters: 255.

    Email addresses for users added to the tenancy must match the organization domain(s) of the tenant. The initial domain of the organization is the email address used by the person who requested the Nintex Automation Cloud tenancy. You can add more domains in the Domain management page later.

    For example, if John Smith requested the tenancy using the email address jsmith@mycompany.com, then the email addresses entered for new users are validated for the mycompany.com domain.

    For more information on adding domains, see Domain management.

  • First name: First name of the new user; automatically populated if the email address is already registered with Nintex. Maximum number of characters: 30.
  • Last name: Last name of the new user; automatically populated if the email address is already registered with Nintex. Maximum number of characters: 30.
  • Roles: Lists the roles to assign to users. To add a role, select from the drop-down list. Roles are defined below.

When you click Add, an invitation email message is sent to the new user to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process.

 

Email

Email address of the user.

 

First name

First name of the user.

 

Last name

Last name of the user.

 

Roles

Roles assigned to the user:

For more information about role permissions, see Permissions.

  • Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Automation Cloud tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
  • Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
  • Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
  • Automation administrator: Permissions to access all the Nintex Automation Cloud tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
  • Global administrator: All permissions in Nintex Automation Cloud, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.

    The Global administrator role is assigned automatically to the first person to request a Nintex Automation Cloud tenant.

 

Options ()

Lists the following selections:

  • Edit: Lists roles. To add a role, select from the drop-down list.
  • Delete: Deletes the user from the Nintex Automation Cloud tenancy.
Groups Add new

Displays the Add new section with the following fields to enter details and create a new user group:

  • Name: Name for the group.
  • Description: Description about the group.
  • Owners(s): Drop-down list to select one or more owners for the group.
  • Member(s): Drop-down list to select one or more members for the group.
  • Add: Button to add the group after entering details in the given fields.
Name Name of the group.
Description Description of the group.
Owner(s) The owner or owners assigned for the group. Open the drop-down to see the names of the owners.
Member(s) The members assigned for the group. Open the drop-down to see the names of the members in the group.
Options ()

Opens a list with the following options:

  • Edit: Opens the Edit section to edit details of the selected group.
  • Delete: Deletes the selected group.