Creating and Managing a Person User
Before reading this you might want to read:
Main Article
Productivity Aids
If all or most users within your customer domain work from the same country/state/province and the same timezone, you can be lot more productive (by saving some time) in setting up users within your domain. By checking off the first of the options that is captioned "For a new user being created, default the Location ('country' and 'state') and Locale ('timezone') to the values of the admin user creating the user account", the location and locale of a new person user account will be defaulted to that of the administrative person user that is setting up the new user account. By default, this option is enabled within all domains. If the users within your domain are in different geographical locations, you are recommended to turn off this option.
The second option makes a new user that logs into your Worksoft SaaS domain the first time more productive especially if the administrative person user that set up that new user's account has filled out most if not all of the mandatory information that is required for each person user. By checking off the first of the options that is captioned "When a user logs in for the first time, skip sections of his/her profile within which the admin user already filled out all the mandatory fields", the new user will NOT have to go through all sections but instead would be expected to only go into sections where required information, if any, were missing. By default, this option is enabled within all domains. If you as administrative person user that set up the user account are usually not sure if the information you filled out is correct and would rather want the new user to review and as needed update information in the various sections, you are recommended to turn off this option. If you enable this option in the Domain Information screen, and the administrative person user that set up the new user has filled out all the required information for that user, then the only thing that the new user would have to do when he/she logs into your domain is accepting the terms of service for the Worksoft SaaS Test Automation Platform.
Enabling Authentication Types within your Worksoft SaaS Domain
Worksoft SaaS supports 3 different types of authentication:
- Worksoft SaaS Native Login: This authentication type if enabled will enable users to have login credentials (email + password) for the Worksoft SaaS domain that will be separate from any other credentials that users may have to other systems within your company.
- Authentication performed by Google Social: This authentication type if enabled will NOT require separate credentials for your Worksoft SaaS domain and the user gets authenticated against Google social account. Once a user is successfully authenticated by Google, if the user is authorized for a specific domain and/or projects within that domain, then he/she can get into the domain without being expected to provide his/her credentials again.
- Authentication performed within an External Federated Identity Provider:This authentication type if enabled will NOT require separate credentials for your Worksoft SaaS domain and the user gets authenticated against your company's federated identity management system (like OneLogin, Okta, etc.,). Once a user is successfully authenticated by your identity management system (aka Identity Provider or IdP for short), if the user is authorized for a specific domain and/or projects within that domain, then he/she can get into the domain without being expected to provide his/her credentials again.
By default, the Worksoft SaaS Native' authentication type is enabled for all new domains and the other two authentication types are disabled.
You will NOT be allowed to disable the 'Worksoft SaaS Native' authentication type checkbox within your domain because at least one administrative person user must have such an authentication type enabled so that that user can get into Worksoft SaaS platform and perform whatever needs to be done within the domain.
Before you set up any new user, you must make a decision on which of the two authentication types you want enabled within your domain.
- If you use Google's GSuite account for your employees (users) and you would like your users to get authenticated by Google, then enable the 'Google Social' authentication type.
- If you use an Identity Management System like OneLogin or Okta for managing the identity of your employees, then enable the 'External Federated Identity Provider' authentication type.
Enabling a particular authentication type at the domain level does NOT mean that every new user that you create will have all that authentication type automatically enabled. You, as a administrative user, can decide which users need which authentication types, and enable only a subset of authentication types based on your decision.
However, disabling a particular authentication type at the domain level automatically means that every existing user within your domain will have all that authentication type disabled.
Process of Creating New Person Users
The process of creating person users is quick and pretty straight-forward. You go through a wizard style user interface that walks you through a series of sections that have mandatory information to be filled out.
The Create User screen is made up of several sections and sub-sections Each of sub-sections are arranged using an accordian style layout where in only one sub-section can be opened at a time.
The listing below summarizes the various sections and sub-sections that you are available to be filled out within the New User Creation wizard:
- User Information
- Name & Contact Info: This sub-section allows you to enter fist name, last name, email address, and phone numbers for a user. Please note that at least one phone number is required for a user.
- Location & Locale: This sub-section allows you to enter the country and state/province where the user works/resides and the user's timezone. The location is captured for informational purposes to the administrative personal users. Worksoft SaaS will 'personalize' the displayed dates and times based on the user's timezone. As mentioned at the top of this article, if the first of the 'Productivity Aids' setting within the 'Domain Information' screen is checked off, then the location & locale of the new user will be auto-populated with the values of location & locale of the administrative person user setting up that user, with override capability.
- Organization Info:This sub-section allows you to optionally capture the user's organizational unit (department or division) and the user's job title. This data is captured for informational purposes to the administrative personal users. This data has no significance in Worksoft SaaS.
- Security
- Approaches for User Authentication:This sub-section allows an administrative person user to choose from and enable as many authentication types as deemed necessary for a user from the list of authentication types enabled at the domain level. If no authentication type is enabled, the person user will NOT be able login in Worksoft SaaS.
- Authorizations
- User Role:This sub-section allows an administrative person user to choose the role for a new user. By default 'administrative person user' role is assigned to every new user. If a person with an 'administrative person user' role wants the new user to have 'administrative person user' role, he/she can switch the user role and continue.
- Projects:This sub-section allows an administrative person user to choose which projects a new user should have access to within the Worksoft SaaS domain. It is not necessary that a user should be authorized to at least one project within a domain. It is quite normal for some administrative person users to not be authorized for any projects. Such user can still log into Worksoft SaaS and perform administrative functions like managing users and projects, accessing domain level analytics and reports, and manage integrations within external tools/systems like Atlassian JIRA, Slack, Federated Identity Providers, etc., A user can be authorized to all the projects within the domain. In other words, there is no limit on how many projects a user can be authorized for within a domain.
An administrative person user need not complete the user set up in one go. The user can complete the setup across several login sessions. Until all the mandatory information is filled out in the above-listed sections and sub-sections, the new user account will remain in a WIP (work in progress) status. The new user will not get any notifications from Worksoft SaaS indicating that he/she now has a user account with access to one or more projects unless and until the user account's status is changes to 'Active'. If you complete the set up of a new user using the New User Creation wizard, then automatically the user's status is changed to 'Active' and the necessary email notifications will go out to the new user.
Additional sections and/or sub-sections that are available for administrative users during user set up and/or ongoing user management
The listing below summarizes the various sections and sub-sections that are available to administrative users as part of ongoing administration and updates to users:
- Security
- Resend Invitation: This option is available only if the user has Worksoft SaaS Native authentication type enabled, the user set up is completed, the user account's status is 'Active' and the user complains that they did not receive an invitation for Worksoft SaaS or the code that was sent to them for choosing a password expired.
- Reset Password:This option only shows up in case the user has Worksoft SaaS Native authentication type enabled and he/she logged in and chose the password as part of the first-time login into your Worksoft SaaS domain. This option can be used if the user forgot his/her password and requests one of the administrative person users within the domain to trigger the password reset process. Please note that this process will NOT send the user a new password but will send an invitation for the user to self-service himself/herself.
- Multi-Factor Authentication (MFA) Device Management:This option is only available if the MFA option is enabled for use by users that have Worksoft SaaS native authentication and if the user has configured (registered) a MFA device at their personal level. Administrative person users can delete/deactivate the MFA device of any person user within the domain.
- User Aliases: One or more (up to 20) aliases can be set up by each user, if the user chooses to. The Administrative Person Users have read-only access to the user aliases owned by a user. Please note however, that an administrative person user can create and manage aliases for users of the 'machine user' type. The main purpose of user aliases is to get parallelism of execution of tests by allocating (restricting) aliases to have specific/limited capacity and concurrency.
- QaCONNECT REST API Access Key:This is a secure user-level (personal) access key that can be used to make calls to the Worksoft SaaS QaCONNECT REST API. A key is automatically generated for all new users. Each user can regenerate the access key at their own will. It is strongly recommended that a user resets his/her QaCONNECT Access Key periodically (at least every time he/she changes their password).
- Capacity & Concurrency
- Capacity & Concurrency:As mentioned above, this sub-section allows the user to see and change the capacity and concurrency allocated to user aliases. Administrative person users cannot allocate/update the capacity and concurrency to user aliases owned by a person user. That person user himself/herself can allocate/change the capacity and concurrency to user aliases he/she creates/owns. However, administrative person users can allocate/update the capacity and concurrency to user aliases owned by a machine user.
After reading this you might want to read: