Users and Roles in Aerobase/Keycloack and Admin Tool

Users type overview

Nintex RPA solution and components feature two types of users; Nintex RPA Admin user, and Kryon client application user.

Admin user:

  • A user that can access the Nintexmanagement component; Admin Tool.

  • Admin user can create client application users if it has the appropriate roles.

  • Admin users can be initially created and managed in Aerobase/Keycloack.

  • Once an Admin user is created with the appropriate access role in Aerobase, the same user can create and manage more Admin users directly through the Admin Tool.

Client application user:

  • A user with different types of access as assigned by the Admin user.

  • With the appropriate roles, the client application user can access the Nintex RPA client applications; Console Plus, Studio, an Attended/Unattended Robots.

Creating and managing Admin users

To access and use the Admin Tool, you need to create a user on Keycloak Admin Console and assign the user the appropriate roles as described in the table below.

Step 1: Open Keycloak Admin Console / Aerobase by logging in using the Authadmin user credentials as provided in the documentation.

URL format to access the management tool: FQDN/auth/admin/Kryon/console/

EXAMPLE:

Note: The Authadmin user provides access and user management permission on Keycloak Admin Console only. This user has one assigned role to it, the auth-admin-access role. Make sure not to modify the roles of this user unless you are instructed to by Nintex Support.

Step 2: Go to Manage > Users > Create User and create a user.

Step 3: Click the Role Mappings tab to assign roles to the user as following:

  1. Assign the admin-access role (Realm Roles) + Nintex-admin-tool (Client Roles).

  2. Assign one or more of the following Realm roles considering the type of access and permissions each role allows:

Role

 Allowed access and permission type 

admin-catalog

  • Wizard Catalog (view+manage)

  • Sensor Catalog (view+manage)

  • Applications (view+manage)

  • License (activation only)

  • Companies and Users (view only)

admin-permissions

  • Wizard Catalog (view+manage)

  • Sensor Catalog (view+manage)

  • Applications (view+manage)

  • License (activation only)

  •  Companies and Users (view+manage)

  • Client application users (view+manage)

admin-license

  • Wizard Catalog (view+manage)

  • Sensor Catalog (view+manage)

  • Applications (view+manage)

  • License tab (activation only)

  • Companies and Users (view+manage)

  • Client application users (view+manage)

  • Admin users (view+manage)*

  • In Orange: The common access and permissions between the three (3) roles.

  • In Green: The common access and permissions between the admin-permissions and the admin-license roles.

  • Any other roles are not relevant and can be disregarded.

*A user with admin-license role can create and manage other Admin users and Nintexclient application users directly through theAdmin tool.

Nintex RPA Admin users are managed under Tools in the Admin Tool. The roles available are equivalent to the roles in Keycloak/Aerobase as described above (Step 3 > Role Mapping > b.).

  • Admin users created by the Admin Tool can be viewed and managed through Aerobase (Keycloak Admin Console) and through the Admin tool.

  • Admin users created by Aerobase are managed and viewed only on Aerobase (Keycloak Admin Console).

Importing users

To make it easy to create a large number of users at one time, Admin allows you to import them from a CSV file. Doing so is a 3-stage process:

  1. Download the Import Users file template.

  2. Fill in the template with user information.

  3. Import the file.

Nintexapplication users vs. Admin users

Nintexclient application users are managed under the Users tab (Admin Tool > General > Users). Only Admin users with the assigned roles of either admin-permissions or admin-license can manage (create new users and edit existing users) Nintex client applications users.

Creating a new user

  1. In the Menu Pane, click Companies and Users.

  2. In the Entities Pane, select the company for which you are creating a user.

  3. In the Properties Pane, select the Users tab.

  4. Click New User.

  5. Enter the required information in the New User dialog then click Save.

  6. Enter a username, full name, and email address.

  7. Select whether the new user is active.

    Generally, the default value of Active is applicable to new users. However, the user status can be changed at any time.

  8. Assign the user to one or more roles.

  9. Enter and confirm new password:

    • Password-related fields are not applicable to Domain authentication and will not be visible when this authentication method is used.

    • Passwords require a minimum of 8 characters and must include at least 2 of the following: uppercase letters, lowercase letters, numbers, and symbols.

    • To create a random-generated password, click Generate Password.

    • To copy the password to the Windows clipboard, click the icon.

  10. Select whether the user is required to change the password the next time he/she logs in.

    This is often appropriate for human users, but not for unattended robots.

Nintex client application user roles

Client application roles can be managed directly through the Kryon Admin Tool (recommended). You can also manage the same exact roles through Aerobase/Keycloak. The table below maps out the roles as they appear in the Admin Tool and their equivalent roles in Aerobase/Keycloak.

Role in Admin Tool

Role in Aerobase/Keycloak

Description

Attended Robot

attended-robot

A human-end-user who runs automations on the desktop via the Nintex assistant client

Unattended Robot

unattended-robot

A virtual user that runs automations without human intervention via the Nintex Robot Client (generally initiated on a virtual machine)

Studio Developer

studio-developer

An automation developer who records/creates/edits automations in Studio

Console View Only

console-view-only

A permission to view the available information in the Nintex RPA Console Plus

Console Manager

console-user

An RPA administrator who schedules and manages unattended Robot tasks using Console Plus. This could also be a user created to schedule and manage tasks via API calls. Assign this type of user the Console Plus User role, then tick the Supported API calls check-box that appears underneath (Supported API calls).

Supported API calls

supports-api-calls

This role allows the user to schedule and manage tasks via API calls. This role become available only when the Console Manager role is selected.

Any other roles are not relevant and can be disregarded.

Download the Import Users file template

To download the Import Users file template:

  1. Go to Companies and Users and select the Users tab.

  2. Click the button.

  3. In the dialog box, click the link to Download the Import Users template and select a download location.

Import the file

To import the completed Import Users file:

  1. Go to Companies and Users and select the General tab.

  2. Click the button.

  3. In the dialog box, click the Browse button and navigate to the Import Users CSV file you created.

  4. Tick the checkbox if users are required to change their passwords the next time they log in.

    5. This is often appropriate for human users, but not for unattended robots

  5. Click the Import button.

The users listed in the file are created.