User management
An administrator role is required. For information, see User roles.
In the User management page, you can:
- Configure single sign-on using SAML 2.0 protocol with SAML-supported identity providers. Example: Google Suite, Okta, Active Directory Federation Services and more.
- Add new users and assign roles. You can also edit and delete existing users from the tenant.
Jump to:
Access the User management page
-
On the top navigation bar, click Settings.
The License and subscription page appears, with options on the left.
-
On the left, click User management.
Configure identity federation
You must be a verified primary domain owner.
-
The ability to configure new single sign-on setups with Windows Azure Active Directory has been deprecated. Use the SAML protocol for single sign-on setup instead. SAML offers broader compatibilities and allows you to seamlessly integrate with a wider range of identity providers and service providers. This ensures a more flexible and scalable single sign-on solution. For more information, see Configure single sign-on using SAML protocol.
-
Configuring identity federation enables automatic user onboarding. Users from the federated domain are automatically onboarded when they access the Nintex Automation Cloud tenant. Auto-onboarding is subject to rate limiting and should not be used for bulk onboarding.
Configure the identity federation of your Nintex Automation Cloud tenant using SAML 2.0 protocol so you can configure single sign-on using other identity providers An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. such as Google Suite, Okta, PingOne, and Active Directory Federation Services. For instructions, see Configure single sign-on using SAML protocol.
Note: Read the FAQ guide on SAML to learn how single sign-on with SAML works and what it can provide for your Nintex Automation Cloud tenant.
Upgrade identity federation
You must be a verified primary domain owner.
If you see an info message indicating an update for the SAML IdP, you must update your identity federation.
To upgrade identity federation, create a new federation or upgrade an existing one. To create a new identity federation, see Configure identity federation. To upgrade an existing identity federation, follow these steps:
- Open the User management page: Click Settings and then click User management.
- Under the Identity federation section, click and select Upgrade for the required provider.
- Select your identity provider.
-
Copy the Entity ID and Reply URL, then add or update them in your IdP.
Important: Update these values in your IdP before proceeding to avoid being locked out of your tenant.
- Sign out and sign into your Nintex Automation Cloud tenant to complete the upgrade process.
Note: If your federation configuration fails, use OTP to regain access to your tenant.
Delete identity federation
Administrator and verified primary domain owner access is required.
Important: Once a federation is deleted, all the users registered with your identity provider will no longer be able to sign into your Nintex Automation Cloud tenant via Single sign-on.
- Open the User management page: Click Settings and then click User management.
- Under the Identity federation section, click and select Delete for the required provider.
- Sign out and sign into your Nintex Automation Cloud tenant to complete the deletion process.
The corresponding identity federation is removed.
Important: Any users listed in the User management > Users settings will be able to access your Nintex Automation Cloud tenant with their unfederated username and password. We recommend reviewing the list of users after deleting the federation.
Configure identity federation settings
You must be a verified primary domain owner.
After you set up Single sign-on, you can configure auto-acceleration and welcome emails for the federated domain/tenant.
Note: You must be a global administrator and have completed domain verification in order to configure identity federation settings. For more information, see Domain management.
- Click Settings and then click User management to open the User management page.
- In the Identity federation settings section, toggle Enable auto-acceleration. Configuring this setting enacts the following changes:
If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Automation Cloud tenant and the Nintex Automation Cloud sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.
If disabled: For every login, you will need to sign into the Nintex Automation Cloud tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.
- (Optional) Toggle Send welcome email to new participant role users. This setting is off by default.
Create, edit, and manage user groups
Create new groups of users. Permissions of workflows and connections can be assigned to the created groups in order to share the workflows and connections with the members in the group.
- Open the User management page: Click Settings and then click User management.
- Under the Groups section, click Add new. The Add new section is displayed with fields to create a new group.
- Type a Name for the group.
- Type a Description for the group.
- Select one or more owners from the Owner(s) drop-down list.
- Select the members you want to add to the group from the Member(s) drop-down list.
- Click Add. The group is created and displayed in the Groups section.
After the group is created, you can assign the permissions of workflows and connections to the group. For instructions, see Assign User and Owner permissions to connections and Manage workflow permissions.
-
Access the User management page: Click Settings and then click User management.
-
In the Groups section, on the right of the group you want to edit, click and then select Edit.
- Edit the fields as required and click Update.
Add, edit, and remove tenant users
Note: Only users with email addresses from organization domain(s) can be added to your Nintex Automation Cloud tenant.
- Access the User management page: Click Settings and then click User management.
-
In the Users section, click Add user.
Additional fields appear.
- Type the Email address of the user you want to add to the tenant. The email address must match the organization domain(s). For example, if the domain configured is Nintex.com, the email address must be user@nintex.com.
-
Type the First name and Last name of the user.
- Select the role to assign to the user from the Roles drop-down.
-
Click Add.
The new user is added to the list of users on the page.
The added user receives an invitation email message to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process.
-
Global administrators and Automation administrators cannot change their own user role.
-
Global administrator roles cannot be assigned to guest users.
-
Access the User management page: Click Settings and then click User management.
-
On the right of the row for the user you want to edit, click and then select Edit.
-
Select the role to assign to the user from the Role drop-down and then click Submit.
Important: When a user is deleted, the user's session will be terminated and any unsaved work will be lost.
-
Access the User management page: Click Settings and then click User management.
-
On the right of the row for the user you want to edit, click and then select Delete.
User roles
Nintex Automation Cloud users can be assigned one of the following user roles:
- Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Automation Cloud tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
- Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
- Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
- Automation administrator: Permissions to access all the Nintex Automation Cloud tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
- Global administrator: All permissions in Nintex Automation Cloud, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.
The Global administrator role is assigned automatically to the first person to request a Nintex Automation Cloud tenant.
For information about workflow owner and business owner permissions for workflows, see Manage workflow permissions.
Permissions
The table below shows the permissions for each user role:
|
Participant |
Designer |
Developer |
Automation administrator |
Global administrator |
---|---|---|---|---|---|
Nintex Mobile app |
|||||
Complete tasks |
✔ |
✔ |
✔ |
✔ |
✔ |
Submit forms |
✔ |
✔ |
✔ |
✔ |
✔ |
My Nintex | |||||
Complete tasks ** |
✔ |
✔ |
✔ |
✔ |
✔ |
Submit forms |
✔ |
✔ |
✔ |
✔ |
✔ |
Automate |
|
|
|
|
|
Create and modify workflows |
✘ |
✔ |
✔ |
✔ |
✔ |
Assign Workflow owner and Business owner permissions * | ✘ | With Workflow owner permissions : ✔ | With Workflow owner permissions : ✔ | ✔ | ✔ |
Create connections |
✘ |
Depends on Connection settings |
Depends on Connection settings |
✔ |
✔ |
Assign connection permissions | ✘ | Depends on Connection settings | Depends on Connection settings | ✔ | ✔ |
Access Xtensions framework |
✘ |
✘ |
✔ |
✔ |
✔ |
View workflow instances* | ✘ | ✔ | ✔ | ✔ | ✔ |
View tasks* | ✘ | ✔ | ✔ | ✔ | ✔ |
Override tasks | ✘ | ✘ | ✘ | ✔ | ✔ |
Settings | |||||
Domain management | ✘ | ✘ | ✘ | ✘ | ✔ |
Configure identity federation | ✘ | ✘ | ✘ | ✘ | ✔ |
Add and manage users | ✘ | ✘ | ✘ | ✔ | ✔ |
Add and manage groups | ✘ | ✘ | ✘ | ✔ | ✔ |
Assign Global administrator role to users |
✘ |
✘ |
✘ |
✘ |
✔ |
View and manage tokens | ✘ | ✘ | ✘ | ✔ | ✔ |
*If the user has business owner permission for a workflow, they are able to view instance details and tasks for that workflow from Workflow tracking in My Nintex, despite their assigned role in User management. For information about applying permissions for workflows, see Manage workflow permissions.
**If the user has business owner permission for a workflow, they are able to delegate and override tasks depending on My Nintex Business owner settings.
Section |
Selection (or column or field) | Description |
---|---|---|
Identity federation |
Configure |
Opens prompts in a new window for configuring identity federation to create a single sign-on experience. This selection is available only when no identity federation is configured yet. For the steps on configuring identity federation, see the following links: |
Provider |
The protocol or method which enabled single sign-on for your Nintex Automation Cloud tenant:
For more information on SAML, see Frequently asked questions: Single Sign-on with SAML protocol. |
|
|
Domains |
The domains that are federated for single sign-on with the Nintex Automation Cloud tenant. Example: YourDomain.com, YourCompany.com. |
|
Configured by |
Tenancy user name of person who configured the provider. |
|
Date configured |
Date and time on when the provider was configured. |
Options () |
This feature requires the user to be a Global administrator and a verified primary domain owner. Lists the following selections:
|
|
Identity federation settings | Enable auto-acceleration |
This feature requires the user to be a Global administrator and a verified primary domain owner. This setting is enabled by default for new tenants.
|
Send welcome email to new participant role users |
This feature requires the user to be a Global administrator and a verified primary domain owner. This setting is off by default. |
|
Users |
Add new |
Displays the Add user section with the following fields:
When you click Add, an invitation email message is sent to the new user to create a Nintex password. This password link expires in five days. If the link is expired, the added user can request a new link from Support or click Forgot password? on the login page and create a password through the reset password process. |
|
|
Email address of the user. |
|
First name |
First name of the user. |
|
Last name |
Last name of the user. |
|
Roles |
Roles assigned to the user: For more information about role permissions, see Permissions.
|
|
Options () |
Lists the following selections:
|
Groups | Add new |
Displays the Add new section with the following fields to enter details and create a new user group:
|
Name | Name of the group. | |
Description | Description of the group. | |
Owner(s) | The owner or owners assigned for the group. Open the drop-down to see the names of the owners. | |
Member(s) | The members assigned for the group. Open the drop-down to see the names of the members in the group. | |
Options () |
Opens a list with the following options:
|