Skip to main content
English (US) Nederlands

Setting up users and user groups in the WoodWing Identity Service using an external identity provider

  • Updated

The WoodWing Identity Service (WIS) is a cloud-only service for WoodWing Cloud customers in which administrators can manage users and user groups in a central location, and give these users access to one or more WoodWing products.

Setting up users and user groups can be done in one of two ways:

  1. Manually
  2. By integrating a Single Sign-On (SSO) provider; users and user groups that are set up in that provider are then automatically added

Note: A mix of these methods is also possible.

This article describes how to set up and manage users in the WoodWing Identity Service using an external identity provider.

The process is as follows:

  1. The identity provider is connected to the WoodWing Identity Service.
  2. User groups are optionally given the role of 'owner'.
  3. Users and tenants are added to a group.

Supported providers

The following SSO standards are supported:

  • OpenID
  • SAML

We cannot test compatibility with all identity platforms but the following have been tested:

  • Microsoft EntraID (currently ongoing)
  • Okta
  • Keycloak

User group roles

Within the WoodWing Identity Service, a user group can have one of two roles:

  1. A default role. Users within a group with this role can only access their profile page. This role is used for all users who should not have admin access to the WoodWing Identity Service.
  2. The role of owner. Users within a group with this role can access all areas of the WoodWing Identity Service and set up and manage users, user groups, and an external identity provider.

Adding an identity provider

Note: Only one connection to a provider can be made.

Step 1. Log in to the WoodWing Identity Service as a user that is part of a group with the role of 'owner'.

Step 2. Access the Settings page.

A page appears with information about the organization, including any identity provider that is set up.

wis-settings-page.jpg

Step 3. To set up an identity provider, click Set up or edit in the Identity provider section.

A panel appears in which the identity provider can be configured.

wis-settings-idp-setup-panel-none.jpg

Step 4. Set up your connection as needed by using one of the following protocols:

  • SAML. The Security Assertion Markup Language Single Sign-On (SAML SSO) is a protocol that allows users to access multiple applications with a single set of login credentials. This simplifies user authentication, enhances security, and improves user experience by reducing the need to remember and enter multiple passwords.

wis-settings-idp-setup-panel-saml-setup-empty.jpg

  • OIDC. The OpenID Connect Single Sign-On (OIDC SSO) is an authentication protocol built on top of the OAuth 2.0 framework. It enables users to authenticate once and gain access to multiple applications without needing to log in separately for each one. OIDC SSO enhances security and streamlines the user experience by providing a standardized and efficient approach to identity verification.

wis-settings-idp-setup-panel-oidc-setup-empty.jpg

Step 5. When done, click Set up. Once users and user groups start logging in, they become available within the WoodWing Identity Service.

Assigning the 'owner' role to a group

Users who should be able to manage users, user groups, and identity providers in the WoodWing Identity Service should be part of a group to which the 'owner' role is assigned.

To do this, select one or more groups on the Groups page, click Promote, and confirm the action.

Adding users and tenants to a group

When users and user groups have been added, user groups can be fully set up.

Step 1. On the Groups page, select the group that you want to edit and click Edit.

A panel appears containing the following tabs:

  • Group info. Shows a summary of the number of users and tenants that are part of the group, and an option to change the name of the group.

wis-groups-edit-panel-group-info-tab.jpg

  • Users. Shows a list of all users that have been set up in the WoodWing Identity Service. Select the check box for the users who should be part of the group, and clear the check box for the users who should not be part of the group.

Note: When using SSO, users cannot be added or removed from groups when the user comes from the external identity provider. The user’s groups are fully managed through the external identity provider.

wis-groups-edit-panel-users-tab.jpg

  • Tenants. Shows all tenants that have been made available to the organization (this is managed by WoodWing). Select the check box for the tenants that users in the group should have access to, and clear the check box for the tenants that users in the group should not have access to.

wis-groups-edit-panel-tenants-tab.jpg

Step 2. Make the necessary changes and when done click Save.

Related articles

Comment

Do you have corrections or additional information about this article? Leave a comment!
Do you have a question about what is described in this article? Please contact Support.


0 comments

Please sign in to leave a comment.