DocsAccount information
Organization management
Within the SS&C | Blue Prism Document Automation system, multiple accounts can be created and associated with an organization. Every organization has a primary account owner, and usually multiple other roles for each organization member.
Please contact a Document Automation team member to create the main account and have it set as the organization owner.
Types of organization roles and permissions
There are different types of roles within an organization, with the following permissions:
|
Role |
Permissions |
|---|---|
|
Owner |
|
|
Admin |
|
|
Collaborator |
|
| Reviewer |
|
| Affiliate |
Please request Affiliate permissions from Support. |
How to add organization team members
-
In the organization owner’s account, click the gear icon in the top bar, and then Settings from the drop-down menu.
-
On the profile page, click Manage Users.
-
Type in each new organization member’s email address in the Invite collaborators by email field, and set the appropriate role:
-
To add an Admin, select the Admin option.
-
To add a Collaborator, select the Collaborator option.
-
To add a Reviewer, select the Collaborator and REVIEW Only option.
Each user must be registered with a unique email address and username. If a user has an existing account associated with another Document Automation account, an alternate email is required for the new organization.
-
-
Once all the new additions have been completed, click the gray Send Invites button. These invites ask new users to sign up to create a new account within the Document Automation system. If there is an invalid email address, the Send Invites button will remain grayed out.
-
The invites are pending until the users have created the account for the organization. If required, invitations can be re-sent to the new users.
-
Once the invite has been accepted, the user appears under the Team Members section where the organization owner can adjust the Admin and Collaborator account status.
If the customer stops using Document Automation, then all associated accounts and pipelines are disabled and any remaining data is deleted.
How to switch between affiliate workflows
Do not switch between workflows on a new window.
-
Log in to your account and navigate to the REVIEW Portal.
-
Click Switch Workflow to view the available workflows you can switch to, and select the relevant workflow.
-
Once you’ve selected another workflow, you can make edits for that workflow as required.
-
Return to the REVIEW Portal to switch workflows as needed.
Password set up and guidelines
Document Automation has the following password requirements:
-
Passwords are case sensitive.
-
Passwords must have a minimum of eight characters.
-
Passwords must contain at least two of the following characters: uppercase, lowercase, number, special character.
-
Each account will require the user to reset their password every 90 days.
Multi-factor authentication
Multi-factor authentication (MFA) is an available option to add an additional layer of protection for users. If your organization wants to make MFA mandatory, it can be enforced through policy.
How to setup MFA for your account
-
Click on the gear icon in the top bar.
-
In My Profile, under the Two Factor Authentication row, click Setup.
-
Follow the remaining steps to enable MFA. It uses the typical QR code type set up that works with applications such as Google Authenticator.
Users establish their own secure password and the system checks for weak or insufficient passwords at the time of creation.
Getting started with SSO
Who is SSO for?
Single sign-on (SSO) login is now available to Document Automation users. It increases security and streamlines the login process.
SSO can only be applied to one pipeline within your company. If you have multiple pipelines, SSO login can only work with one production pipeline. SSO does not support +dev and +prod email addresses, or allow users to switch between pipelines.
We recommend SSO for production account users on the Document Automation platform. When a new SSO user is created, the default permission will be REVIEW only. Contact your Customer Success Manager if you want a different permission set for non-REVIEW users.
Please refer to the Organization Account Permissions article to understand account organization structures.
SSO login conversion summary
It is important you contact your Customer Success Manager to coordinate associating SSO to your pipeline.
-
For production users, all +prod accounts must have the “+prod” removed. Coordinate a time for Document Automation to change existing usernames and email addresses. This will prevent SSO from creating duplicate new users for associated email addresses when SSO is enabled.
-
Once the conversion is completed, production users should log in through the Identity Provider (IDP) for the first time (without “+prod”). The “+dev” development accounts will remain available for use.
-
After completing the OKTA SSO setup, send the Identity Provider Metadata URL to your Customer Success Manager. The UL is required for Document Automation to connect to your IDP account.
SSO user management
SSO user addition
Adding a new user with SSO requires you to contact your Customer Success Manager to associate that user to the correct pipeline of your choice. If a non-associated user logs in, a 'You have no workflow' error message displays.
SSO user deletion
If an active SSO user is removed from their IDP, the user will still have an account but will not be able to log in. Any user login will be redirected to the IDP, however, they will not be allowed access since they no longer exist in the IDP. Please contact your Customer Success Manager to deactivate the account.
User reactivation
If a user is re-added they should regain access when they log in through the IDP. If there is a SP log in issue, the user should try to login through the IDP.
How to request SSO?
Contact your Customer Success Manager, or contact Support if you are interested in implementing SSO on your pipeline.
