There are two ways for managing users in iPaaS:
without single sign-on (SSO) in the User Management Service (UMS)
using SSO, e.g. SAML
By default, the authentication mode is UMS. SSO via SAML integration can be requested.
Rights are summarized in groups in the SEEBURGER User Management Service (UMS). Groups are assigned for the staging and production environment separately. That means, according to your requirements, a user can have different rights on each system.
If you are not using single sign-on authentication, you can manage your users in UMS. That means setting up new user accounts, and managing existing users with their user rights and permissions.
Note: Only administrators can access the User Management Service (UMS). |
The Change Manager of your company will get administrator rights for UMS and can invite further users. Administrators can assign rights to new users, for example assign rights for more administrators or combine user rights in a different way.
The following standard user groups are possible in iPaaS:
IAM User (global): administrator for user and access management
BIS User: permissions for all BIS Web Front End apps, except User Management Service (UMS)
BIS User Legacy: permissions for using the classic BIS Front End
Message Tracking User: only permissions for the app Message Tracking
If you have specific requirements, customized groups for these rights can also be created.
You decide which rights you assign to which user. A user can be assigned to different groups at the same time. For example, a combination of BIS User and BIS User Legacy can make sense for users to work with the classic and the new BIS Front End in parallel.
If you are using single sign-on authentication, for example SAML, the required user groups, their names and permissions need to be defined with SEEBURGER so that SEEBURGER can configure them for your iPaaS system.
The following standard user rights are possible in iPaaS:
Key User: full permissions
Consultant: full permissions
Message Tracking User: only permissions for the app Message Tracking
Read-only: only permissions for reading and viewing
If you have specific requirements, customized groups for these rights can also be created.
The group names can be transmitted as an attribute in the response of the SAML Identity Provider (IDP). This enables an automatic creation of new user accounts and the corresponding permissions in your company system: When you create new user accounts or when new users of your company register themselves in your company system, they automatically get the required permissions and are set up in your iPaaS system after the approval of your company administrator.
That means, the configuration of your user management is done with SEEBURGER, but after that you can manage your users yourself.
If changes of the existing groups, or new groups with different permissions are needed, you can:
In the initial project, require these changes from your SEEBURGER consultant.
After the initial project, make a change request at the Service Desk.