There are two ways for managing users in the Cloud Integration Managed Service:
local authentication in the User Management Service (UMS)
using SSO based on SAML
By default, the authentication mode is UMS. SSO via SAML integration can be requested.
Rights are summarized in groups in the SEEBURGER User Management Service (UMS). Groups are assigned for the staging and production environment separately. That means, according to your requirements, a user can have different rights on each system.
If you are not using single sign-on authentication, you can manage your users in UMS. That means setting up new user accounts, and managing existing users with their user rights and permissions.
The Change Manager of your company will get administrator rights for UMS and can invite further users. Administrators can assign rights to new users, for example assign rights for more administrators or combine user rights in a different way.
Note: Only administrators can access the User Management Service (UMS). |
The following standard user groups are possible in the Cloud Integration Managed Service:
IAM User (global): administrator for user and access management
Message Tracking User: only permissions for the app Message Tracking
If you have specific requirements, customized groups for these rights can also be created.
You decide which rights you assign to which user. A user can be assigned to different groups at the same time. For example, a combination of BIS User and BIS User Legacy can make sense for users to work with the classic and the new BIS Front End in parallel.
If you are using SAML for single sign-on authentication, the required user groups, their names and permissions need to be defined with SEEBURGER so that SEEBURGER can configure them for your Cloud Integration Managed Service system.
The following standard user rights are possible in the Cloud Integration Managed Service:
Key User: full permissions
Consultant: full permissions
Message Tracking User: only permissions for the app Message Tracking
Read-only: only permissions for reading and viewing
If you have specific requirements, customized groups for these rights can also be created.
The group names can be transmitted as an attribute in the response of the SAML Identity Provider (IDP). This enables an automatic creation of new user accounts and the corresponding permissions in your company system: When you create new user accounts or when new users of your company register themselves in your company system, they automatically get the required permissions and are set up in your Cloud Integration Managed Service system after the approval of your company administrator.
That means, the configuration of your user management is done with SEEBURGER, but after that you can manage your users yourself.
If changes of the existing groups, or new groups with different permissions are needed, you can:
In the initial project, require these changes from your SEEBURGER consultant.
After the initial project, make a change request at the Service Desk.