Managing users is the process of creating, editing, and deactivating user profiles, and assigning roles to those profiles (like admin, author, or reviewer).
There are two methods of managing users in OpenForms.
-
In the OpenForms admin area.
-
With an external system like Microsoft Azure AD or the OpenCities CMS.
Depending on your organization’s needs and IT policies, you can manage users with any combination of methods, although an individual user can only be managed by one system (OpenForms, Azure AD or OpenCities) at a time.
If you opt to manage users externally, it’s important to retain at least one account owner managed in the OpenForms admin area. This user can access forms ad responses in the event of an outage in your external system.
Manage users in the admin area
When you first start using OpenForms, the default method of managing users is through the admin area.
This is also where admins and account owners can see a full list of the users in your OpenForms organization.
Users managed in the admin area:
See manage users in the admin area for more information.
Manage users with Azure AD
The Azure AD connector is undergoing final review by Microsoft and will be available shortly. Keep an eye out for an in-app notification letting you know the connector is ready.
If your organization uses Microsoft Azure AD to manage staff access to apps and services, you can use the Azure AD connector - a premium connector available in the Integrations area - to manage OpenForms users.
Users managed through the Azure AD connector:
- Are automatically assigned profiles and roles based on their Azure AD user group.
- Are added to Azure AD user groups by your IT team.
- Are managed in OpenForms as groups by account owners (cannot be managed individually).
- Login to OpenForms using their Microsoft SSO credentials for your organization.
- Cannot update their own details and password in OpenForms.
See manage users with Azure AD for more information.
Manage users with OpenCities
If your organization has an OpenCities site you can use the OpenCities CMS to manage staff that also use OpenForms. (For example, content authors who might insert OpenForms into pages).
Users managed through OpenCities
-
Are automatically assigned profiles and roles based on their OpenCities role.
-
Are assigned roles in OpenCities by system admins, site managers, or user managers.
-
Login to OpenForms using their OpenCities credentials.
-
Cannot update their own details and password in OpenForms.
-
Can insert OpenForms directly into OpenCities pages from the WYSIWYG.
If your organization has both an OpenCities site and an Azure AD account, we recommend using the Azure AD connector to manage OpenForms users.This system is not available for some legacy Seamless CMS sites.Managing users through OpenCities is a process that is controlled entirely within OpenCities, so for more information see the OpenCities help center.
How systems are prioritized
If an individual OpenForms user is managed by multiple user management systems, their profile and roles will be assigned according to the following priority order:
-
Azure AD
-
OpenCities
-
OpenForms
Each system completely overrides those below it.
For example, if your organization uses both Azure AD and OpenCities to manage users, and an individual user is assigned the admin and reviewer role through OpenCities, but only the reviewer role in Azure AD, they will only have the reviewer role in OpenForms.
Users managed in both Azure AD and OpenCities will have their profiles and roles managed in Azure AD, but retain the ability to insert OpenForms into OpenCities pages.
User conflicts are defined by the user’s email address, rather than their name or other attributes, so it’s important to use the same email address for staff across user management systems.
What happens if an external system is disconnected
If your organization manages users via an external system like Azure AD or OpenCities, and you permanently disconnect from that system, the users managed by that system will be affected in following ways:
Azure AD
|
If the Azure AD connector is permanently disconnected, any OpenForms users managed via the connector will also be permanently deactivated, regardless of whether they were previously managed in OpenCities or OpenForms. If you’ve disconnected from Azure AD but would like to retain the user profiles managed by the Azure AD connector, contact OpenForms to migrate the management of those users to your OpenForms admin area.
|
OpenCities
|
If OpenCities is permanently disconnected [link] from OpenForms, any OpenForms users managed in OpenCities will migrate to a user managed in the OpenForms admin area (unless they are already managed in Azure AD).
Users will need to update their password to finalize this migration. (We’ll send them a link automatically).
|
What next?