Account information

Organization management

Within the SS&C | Blue Prism Document Automation system, multiple accounts can be created and associated with an organization. Every organization has a primary account owner, and usually multiple other roles for each organization member.

Please contact a Document Automation team member to create the main account and have it set as the organization owner.

Types of organization roles and permissions

There are different types of roles within an organization, with the following permissions:

Role

Permissions

Owner

  • All Collaborator and Admin permissions.

  • Manage other team members in the organization.

    • Invite users to the organization.

    • Change a user's role.

    • Remove organization members.

Admin

  • All Collaborator permissions.

  • Add and edit fields in the Field Library.

  • Access the Templates Dashboard to create, edit, and archive templates.

  • Switch template status between active and draft.

  • Submit batches for digitization.

  • View Sorting Dashboard and associated jobs.

Collaborator

  • Sort and digitize batches using active templates only.

  • View and edit completed jobs.

Reviewer
  • Access cases in the Review Portal.

Affiliate
  • Additional permission to switch to an Admin or Reviewer role in another assigned workflow.

Please request Affiliate permissions from Support.

How to add organization team members

  1. In the organization owner’s account, click the gear icon in the top bar, and then Settings from the drop-down menu.

  2. On the profile page, click Manage Users.

  3. Type in each new organization member’s email address in the Invite collaborators by email field, and set the appropriate role:

    • To add an Admin, select the Admin option.

    • To add a Collaborator, select the Collaborator option.

    • To add a Reviewer, select the Collaborator and REVIEW Only option.

    Each user must be registered with a unique email address and username. If a user has an existing account associated with another Document Automation account, an alternate email is required for the new organization.

  4. Once all the new additions have been completed, click the gray Send Invites button. These invites ask new users to sign up to create a new account within the Document Automation system. If there is an invalid email address, the Send Invites button will remain grayed out.

  5. The invites are pending until the users have created the account for the organization. If required, invitations can be re-sent to the new users.

  6. Once the invite has been accepted, the user appears under the Team Members section where the organization owner can adjust the Admin and Collaborator account status.

    If the customer stops using Document Automation, then all associated accounts and pipelines are disabled and any remaining data is deleted.

How to switch between affiliate workflows

Do not switch between workflows on a new window.

  1. Log in to your account and navigate to the REVIEW Portal.

  2. Click Switch Workflow to view the available workflows you can switch to, and select the relevant workflow.

  3. Once you’ve selected another workflow, you can make edits for that workflow as required.

  4. Return to the REVIEW Portal to switch workflows as needed.

Password set up and guidelines

Document Automation has the following password requirements:

  • Passwords are case sensitive.

  • Passwords must have a minimum of eight characters.

  • Passwords must contain at least two of the following characters: uppercase, lowercase, number, special character.

  • Each account will require the user to reset their password every 90 days.

Multi-factor authentication

Multi-factor authentication (MFA) is an available option to add an additional layer of protection for users. If your organization wants to make MFA mandatory, it can be enforced through policy.

How to setup MFA for your account

  1. Click on the gear icon in the top bar.

  2. In My Profile, under the Two Factor Authentication row, click Setup.

  3. Follow the remaining steps to enable MFA. It uses the typical QR code type set up that works with applications such as Google Authenticator.

Users establish their own secure password and the system checks for weak or insufficient passwords at the time of creation.

Getting started with SSO

Who is SSO for?

Single sign-on (SSO) login is now available to Document Automation users. It increases security and streamlines the login process.

SSO can only be applied to one pipeline within your company. If you have multiple pipelines, SSO login can only work with one production pipeline. SSO does not support +dev and +prod email addresses, or allow users to switch between pipelines.

We recommend SSO for production account users on the Document Automation platform. When a new SSO user is created, the default permission will be REVIEW only. Contact your Customer Success Manager if you want a different permission set for non-REVIEW users.

Please refer to the Organization Management to understand account organization structures.

SSO login conversion summary

It is important you contact your Customer Success Manager to coordinate associating SSO to your pipeline.

  1. For production users, all +prod accounts must have the “+prod” removed. Coordinate a time for Document Automation to change existing usernames and email addresses. This will prevent SSO from creating duplicate new users for associated email addresses when SSO is enabled.

  2. Once the conversion is completed, production users should log in through the Identity Provider (IDP) for the first time (without “+prod”). The “+dev” development accounts will remain available for use.

  3. After completing the OKTA SSO setup, send the Identity Provider Metadata URL to your Customer Success Manager. The UL is required for Document Automation to connect to your IDP account.

SSO user management

SSO user addition

Adding a new user with SSO requires you to contact your Customer Success Manager to associate that user to the correct pipeline of your choice. If a non-associated user logs in, a 'You have no workflow' error message displays.

SSO user deletion

If an active SSO user is removed from their IDP, the user will still have an account but will not be able to log in. Any user login will be redirected to the IDP, however, they will not be allowed access since they no longer exist in the IDP. Please contact your Customer Success Manager to deactivate the account.

User reactivation

If a user is re-added they should regain access when they log in through the IDP. If there is a SP log in issue, the user should try to login through the IDP.

How to request SSO?

Contact your Customer Success Manager, or contact Support if you are interested in implementing SSO on your pipeline.