STEP can only be accessed by authenticated users. This section contains information needed to work with Users in Users and Groups from the STEP Workbench. Information detailed in this topic includes:
- Creating a user
- Adding a user to a group
- Duplicating a user
- Removing a user from a group
- Deleting a user
For how to change a user password, refer to the Changing a User Password topic here.
Creating a User
Once user groups and their associated privilege rules have been defined, users can be created.
-
Right-click on the user group and select New User.
-
In the dialog box, add the following information:
-
User ID -The ID that the user will use to sign into the STEP Workbench or Web UI. The user ID is not case sensitive, and it is recommended not to use special characters.
All user IDs must be unique as this is the ID that is used to track everything that is done in STEP Workbench or the Web UI.
-
Name - Enter the name to be used for the user.
-
Password - Enter the password that the user will be using to sign on. Passwords may have up to 24 characters and are case sensitive.
-
Retype Password - Retype the password just entered.
Complete additional setup for the user and refer to the Adding a User to a Group section that follows.
Note: To make additional parameters for users, such as Group Information and User Information shown in the example below, create or identify description attributes. From Object Types & Structures, open the Basic Object Types node and select the User object type. Use the Add Attribute link in the Valid Attributes flipper to apply the attributes to user objects.
-
E-Mail - add the email address used for error reporting from processes started by the user and to publish objects to PDX from the Web UI Search Screen.
-
Force Authentication via STEP - check to use STEP to authenticate users instead of a configured external authentication, for example, SAML in an on-premise system. Additionally, when checked, the user is allowed to change their password on the Web UI. Refer to the Changing a User Password topic here.
'Force Authentication via STEP' is not available on STEP systems with OAuth2-based authentication enabled (single sign-on). Instead, use the 'Externally Maintained' option below.
-
Externally Maintained - check to ensure that authentication does not use STEP managed credentials, that a STEP password cannot be set or changed for the user account, and that the STEP password expiration policy does not apply. When checked, users managed via an IDP cannot introduce a conflict to their IDP credentials within STEP.
'Externally Maintained' is available only on SaaS STEP systems with single sign-on (SSO) enabled. This option is automatically checked when logging in via an IDP, where user authentication is managed outside of STEP.
-
Bulk Adding New Users
With a STEPXML import, it is possible to create multiple new users at once in an instance of STEP. To create multiple users and the privilege groups required to enable those users, a STEPXML import file must be created that details this information. The STEPXML example below creates a user named 'AdminSteve' who is privileged with all setup and user actions for the Product hierarchy, Classification 1, and Entity hierarchy roots. This example can be used as a template for creating new users. Copy this template for each new user being created, replacing the existing values with the values relevant to the new user being created.
<?xml version="1.0" encoding="utf-8"?>
<STEP-ProductInformation ContextID="GL" WorkspaceID="Main">
<UserGroupList>
<UserGroup ID="AdminSteve" ReadOnly="false">
<Name>AdminSteve</Name>
<PrivilegeRule ActionSetID="All setup actions"/>
<PrivilegeRule ActionSetID="All user actions" ProductID="Product hierarchy root"/>
<PrivilegeRule ActionSetID="All user actions" ClassificationID="Classification 1 root"/>
<PrivilegeRule ActionSetID="All user actions" EntityID="Entity hierarchy root"/>
</UserGroup>
</UserGroupList>
<UserList>
<User ID="AdminSteve" ForceAuthentication="false" Password="Password" EMail="AdminSteve@acme.com">
<Name>AdminSteve</Name>
<UserGroupLink UserGroupID="AdminSteve"/>
</User>
</UserList>
</STEP-ProductInformation>
Once the STEPXML has been built with all required users, the file may be imported via the File > Import > Data... menu option.
For more information, refer to the Creating a Data Import topic in the Data Exchange documentation here.
Adding a User to a Group
Users are added to groups in System Setup > Users & Groups.
Note: Adding a user to multiple groups is not recommended as it makes it difficult to track which privileges a user has.
Adding a user to a group will provide the user with the privileges assigned to this group.
- In System Setup, open Users & Groups, and then click the relevant group. The group appears in the group editor.
-
Under the Users flipper, click the Add User to Group link. A Select User dialog box displays.
-
Select the relevant user, and then click Select. A user has now been added to the selected group, and the user appears under Users.
Note: Although a user can be a member of many groups, it is not recommended as it makes it difficult to define what privileges a user actually has.
Duplicating a User
Duplicating a user can be useful if several users need to adhere to the same privileges. For instance, if one hundred users need to be added to the same group, create the first user and then duplicate it for the others.
Important: Duplicating a user is very efficient, but metadata attribute values on the duplicated user are also duplicated. So, for example, if a user email address value is in the user being duplicated, that value will be carried over to the new user object and will need to be changed.
-
To create the first user, follow the process in Creating a User section above.
-
Right-click the user you just created, and select Duplicate.
-
In the Duplicate User dialog, follow the steps outlined in Creating a User. The duplicated user will have all of the same privileges, GUI Set-Up, and System Settings as the user that was duplicated.
Removing a User from a Group
There are two ways a user can be removed from a group. If a user is no longer permitted to have any access to STEP whether in the workbench or in the Web UI, the user ID can be deleted by finding the user in the group where the user resides, right-clicking on the user, and selecting Delete in the dialog. This will delete the user from all groups in the system.
There may be reasons a user cannot be deleted such as the user is an assignee within a workflow task or you are trying to delete your own user ID / name. If this is the case, you will be presented with additional information within the dialog that displays.
Sometimes, a user is a member of multiple groups and needs to be removed from one or more groups while remaining in another group or groups. In this case, as shown below, find the user group to remove the user from, under the Users flipper, right-click the arrow next to the User ID, and select Remove User from Group. If the user needs to be removed from multiple groups, repeat this process for each group.
Deleting a User
When a user needs to be removed from accessing STEP altogether, right-click the desired user and select Delete.
A confirmation prompt displays. Select OK to confirm deletion.
After a background process completes, the user is deleted.
Considerations
A user cannot delete the user they are logged in as.
A user cannot be deleted while they have any outstanding actions. Outstanding actions that will halt the deletion process include:
- scheduled background processes, either queued or running, that were started by the user
- inbound and outbound integration endpoints that are configured with the user in the Identify Endpoint step User parameter
- workflow states that have the user assigned to them
Attempting to delete the user with responsibilities displays the following error showing where in STEP the user is assigned to tasks. Until the user is removed from these actions, they cannot be deleted, even with the 'Force Delete' button.
