Applies to version 2020.1.3; author: Michał Kastelik
It may be necessary to grant access to WEBCON BPS Portal and its processes to users from outside the organization. Such a user will most often not have an account in the organizational Active Directory (or in another user database).
Examples of such situations are:
To avoid adding external users to the organizational user database, WEBCON BPS allows you to add them from the portal’s administration panel. After adding the user, they must be granted appropriate privileges to the required WEBCON BPS processes.
To properly understand the operation of the user’s administration panel, two concepts should be introduced:
Adding a user via administration panel is used to authorize and enable access to WEBCON BPS Portal for accounts managed by external identity providers, such as Google, Azure ID, LiveID, BPS Auth, ADFS. First, the user must authenticate with the appropriate provider, for example with a login and password. To log into WEBCON BPS Portal, authentication with external providers must be configured in Designer Studio.
It is possible to configure the authentication so that you can log into WEBCON BPS Portal with an external provider. However, the BPS users list will not be automatically synchronized with that provider. After adding the user to the BPS users list, the system administrator must grant them access to the required application(s) and process(es). In the case of WEBCON BPS Cloud, the administration panel is also used to manage user licenses.
To explain how to use the BPS users list, we have created a simple “Purchase order” workflow. At the “Purchase order approval” step, it is necessary to consult the order with a person from outside the organization; they are not on the BPS users list. To do so, we will add an external user and give them appropriate privileges.
Fig. 1. The fragment of the “Purchase order” workflow
Adding a user to the WEBCON BPS users list
To add a user to the list from the portal level, you must have global system administrator privileges (System settings -> Global parameters -> Global privileges). Go to the Administration tab -> User management -> All users.
Fig. 2. The Administration panel
Fig. 3. The All users tab
The WEBCON BPS users list contains both users synchronized with the internal user database and external users (“Type” column). The list of users synchronized with AD comes from Active Directory and is completed after each synchronization. In the case of WEBCON BPS Cloud, the users list administration tab is also used to manage user licenses:
Let’s add the “Artur Rohacz” user from the external “WeeSter” company to the user's list. Select the “Add” button and fill out the user’s details. Remember that the BPS ID field should be completed with the target user ID on WEBCON BPS Portal (usually an e-mail address).
Fig. 4. Adding a user in the administration panel of WEBCON BPS Portal
After creating the account, it will appear in the luser's list on the Portal and will be automatically defined as the external user’s account (Defined – External User).
Fig. 5. The list of BPS users with the external user
Artur Rohacz is also visible in the WEBCON BPS users list in Designer Studio.
Fig. 6. Users list in Designer Studio
After adding an external user, their account will be treated the same as Active Directory accounts (i.e., accounts of the organization’s employees). For example, it will be possible to give them tasks (Fig.7) and assign them to BPS groups (Fig.8).
Fig. 7. The task assigned to the Artur Rohacz
Fig. 8. The user was added to the BPS_EXTERNAL group
Granting privileges to the application and process
To grant the user access to the application, you must add privileges in Designer Studio. On the application level, select the “User privileges” tab and add the user in the “Read-only” section.
Fig. 9. Granting privileges on the application level
Now, Artur Rohacz will have access to the” Purchase order” application and instances (processes) in which they collaborated. It which should be sufficient in the business case we present.
However, if you want to grant the user access to all process elements, you can do this on the process level. To do so, go to the “User privileges” tab add the user in the “Access all workflow instances and attachments” section (or another field of the Access type).
Fig. 10. Granting privileges on the process level