User management

  An administrator role is required. For information, see User roles.

In the User management page, you can:

  • Configure single sign-on using SAML 2.0 protocol with SAML-supported identity providers. Example: Google Suite, Okta, Active Directory Federation Services and more.
  • Add new users and assign roles. You can also edit and delete existing users from the tenant.

Access the User management page

  1. On the top navigation bar, click Settings.

    The License and subscription page appears, with options on the left.

  2. On the left, click User management.

Configure identity federation

You must be a verified primary domain owner.

Important: 
  • The ability to configure new single sign-on setups with Windows Azure Active Directory has been deprecated. Use the SAML protocol for single sign-on setup instead. SAML offers broader compatibilities and allows you to seamlessly integrate with a wider range of identity providers and service providers. This ensures a more flexible and scalable single sign-on solution. For more information, see Configure single sign-on using SAML protocol.

  • Configuring identity federation enables automatic user onboarding. Users from the federated domain are automatically onboarded when they access the Nintex Automation Cloud tenant. Auto-onboarding is subject to rate limiting and should not be used for bulk onboarding.

Configure the identity federation of your Nintex Automation Cloud tenant using SAML 2.0 protocol so you can configure single sign-on using other identity providers An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. such as Google Suite, Okta, PingOne, and Active Directory Federation Services. For instructions, see Configure single sign-on using SAML protocol.

Note: Read the FAQ guide on SAML to learn how single sign-on with SAML works and what it can provide for your Nintex Automation Cloud tenant.

Upgrade identity federation

You must be a verified primary domain owner.

If you see an info message indicating an update for the SAML IdP, you must update your identity federation.

To upgrade identity federation, create a new federation or upgrade an existing one. To create a new identity federation, see Configure identity federation. To upgrade an existing identity federation, follow these steps:

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Identity federation section, click and select Upgrade for the required provider.
  3. Select your identity provider.
  4. Copy the Entity ID and Reply URL, then add or update them in your IdP.

    Important: Update these values in your IdP before proceeding to avoid being locked out of your tenant.

  5. Sign out and sign into your Nintex Automation Cloud tenant to complete the upgrade process.
  6. Note: If your federation configuration fails, use OTP to regain access to your tenant.

Delete identity federation

Administrator and verified primary domain owner access is required.

Important: Once a federation is deleted, all the users registered with your identity provider will no longer be able to sign into your Nintex Automation Cloud tenant via Single sign-on.

  1. Open the User management page: Click Settings and then click User management.
  2. Under the Identity federation section, click and select Delete for the required provider.
  3. Sign out and sign into your Nintex Automation Cloud tenant to complete the deletion process.
  4. The corresponding identity federation is removed.

    Important: Any users listed in the User management > Users settings will be able to access your Nintex Automation Cloud tenant with their unfederated username and password. We recommend reviewing the list of users after deleting the federation.

Configure identity federation settings

You must be a verified primary domain owner.

After you set up Single sign-on, you can configure auto-acceleration and welcome emails for the federated domain/tenant.

Note: You must be a global administrator and have completed domain verification in order to configure identity federation settings. For more information, see Domain management.

  1. Click Settings and then click User management to open the User management page.
  2. In the Identity federation settings section, toggle Enable auto-acceleration. Configuring this setting enacts the following changes: 
    • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Automation Cloud tenant and the Nintex Automation Cloud sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

    • If disabled: For every login, you will need to sign into the Nintex Automation Cloud tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  3. (Optional) Toggle Send welcome email to new participant role users. This setting is off by default.

Create, edit, and manage user groups

Create new groups of users. Permissions of workflows and connections can be assigned to the created groups in order to share the workflows and connections with the members in the group.

Add, edit, and remove tenant users

User roles

Nintex Automation Cloud users can be assigned one of the following user roles:

  • Participant: Permissions to view and submit forms, and view and manage their tasks in Nintex Automation Cloud tenant via the Nintex Mobile app and the My Nintex > Forms page. Tasks with authentication enabled will require assignees to have Participant access.
  • Designer: Permissions to create and manage workflows and view tasks for the workflows they own. Includes permissions of the Participant role.
  • Developer: Permissions to create and manage custom connectors, Xtensions and Form plugins. For instructions on creating custom connectors, and Xtensions see Nintex Xtensions SDK. For instructions on creating Form plugins see, Form plugins SDK. Includes permissions of the Designer role and Participant role.
  • Automation administrator: Permissions to access all the Nintex Automation Cloud tenant pages, which includes My Nintex, Automate, and Settings. Automation administrators can override all tasks for all workflows. They can add users, but are not able to assign the Global administrator role. Automation administrators cannot configure Identity federation. Includes permissions of the Developer role, Designer role, and Participant role.
  • Global administrator: All permissions in Nintex Automation Cloud, including configuring Identity federation, and can assign Global administrator role to other users. Includes permissions of the Automation administrator role, Developer role, Designer role, and Participant role.

    The Global administrator role is assigned automatically to the first person to request a Nintex Automation Cloud tenant.

For information about workflow owner and business owner permissions for workflows, see Manage workflow permissions.

Permissions

The table below shows the permissions for each user role:

 

Participant

Designer

Developer

Automation

administrator

Global

administrator

Nintex Mobile app

         

Complete tasks

Submit forms

My Nintex          
Complete tasks **

Submit forms

Automate

 

 

 

 

 

Create and modify workflows

Assign Workflow owner and Business owner permissions * With Workflow owner permissions : With Workflow owner permissions :

Create connections

Depends on Connection settings

Depends on Connection settings

Assign connection permissions Depends on Connection settings Depends on Connection settings

Access Xtensions framework

View workflow instances*
View tasks*
Override tasks
Settings          
Domain management
Configure identity federation
Add and manage users
Add and manage groups

Assign Global administrator role to users

View and manage tokens
Important: 

*If the user has business owner permission for a workflow, they are able to view instance details and tasks for that workflow from Workflow tracking in My Nintex, despite their assigned role in User management. For information about applying permissions for workflows, see Manage workflow permissions.

**If the user has business owner permission for a workflow, they are able to delegate and override tasks depending on My Nintex Business owner settings.