User Accounts Overview

   Journey Manager (JM) Previously known as Transact Manager (TM).  |    System Manager / DevOps  |   Updated in v19.05 This feature was updated in v19.05.

A user account is part of the Journey Manager security management system, which allows for fine-grained control based on user's functions, roles and access permissions. Manager distinguishes between the two types of the users: authenticated and anonymous (unauthenticated or public).

Authenticated Users

Before users can log in to a form space, which requires authentication, they must have valid user accounts. Manager allows an administrator to create a user and grants access to one or more form spaces. The user receives an email with login credentials, such as a username and password, to access forms hosted on the form space.

Manager allows authenticated users to login to a form pace using credentials by delegating authentication and authorization to the 3rd party system, such as Active Directory, LDAPLightweight Directory Access Protocol (LDAP) s an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. or SSOSingle sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems.. Manager can also maintain local users, such as contractors that are not in the organization's LDAP system.

The authenticated users can be:

• Business users internal to a company
• Government departments
• Staff and contractors that work in the field

Anonymous Users

Anonymous (unauthenticated or public) users can access forms if its form space is configured to allow anonymous access. An example of such a form space is the Web Plug-in form space. Members of the public click on a link from a company website which opens an unsecured form page in the portal. The available list of forms is manually maintained by the company on their website.

Using anonymous users has the following advantages:

• Removes the overhead of maintaining users and passwords.
• Minimizes privacy issues related with storing public users' data, such as PIIPersonally Identifiable Information (PII) is information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and any other information that is linked to an individual..

An anonymous user can still use the forms, but with the following limitations:

• If they save a form, an email will be sent to them with a link that will open the saved form.
• Tasks are emailed to a user with a link to open the task.
• Job statuses can be emailed out the user as the job progresses.

Anonymous users must provide their email address. Optionally, a security question can be set to open saved forms and tasks.

You can grant standard roles to users to control their access to and define capabilities at their form spaces. Each form space has a set of roles that can be granted to a user. You can create a new role as needed.

A typical form user must only be granted access to a form space where forms are hosted. This allows self-registered users immediate access to forms. However, most users must have an access to:

• Form spaces
• Modules
• Organizations
• Roles
• Groups

When working with user accounts, you should consider the environment that users are accessing, which can be production, development, or testing environment. Manager is designed to be customizable to accommodate enterprise’s security configurations and policies. The following users require access to a production environment:

• Form users to access, complete and submit forms.
• Operational staff to monitor and manage transactions and collaboration jobs.
• Administrators to manage the environment and keep it secure.
• System managers to view and analyze transaction reports.
• Reviewer or manager to approve or reject customer form applications.

The following users require access to a development and test environments:

• Administrators to manage the environment and keep it secure.
• Form builders to create and configure forms.
• Testers to test forms.

Users can only log into a form space if their user accounts are assigned to that form space. It is not possible to assign a form space to a user account when the form space is only accessed anonymously.

The following users should have access to form spaces:

1. Form users to log into a form space.
2. Form Builders to log into one or more form spaces:
• Maestro
• Manager
• Journey Analytics
• Business Reports
• Salesforce
• Workspaces
3. Administrators to log into Manager.
4. Testers to log into various form spaces.
5. Operators to log into Manager.
6. Managers to log into one or more form spaces:
• Journey Analytics
• Business Reports
• Salesforce
• Workspaces

A standard user account contains the following information:

• Credentials - username and password.
• User type - a security managers used in your form space, which can be Local, LDAP or SSO.
• User profiles - user contact details. A user can have more than one user profile containing different contact details.
• Form spaces - assigned to the user to authorize access to specific form spaces.
• Organizations - assigned to the user to authorize access to specific organizations. Applies to modules, but not relevant for form spaces.
• Roles - grants individual roles which specify fine-grained permissions to access Journey platform and form spaces .
• Groups - belongs to an individual group for authorizing access to restricted forms, receive alerts and notifications pertaining to a group.

Manager enforces some extra security rules to ensure that users cannot access restricted content, such as organizations, groups, users, forms, transactions and collaboration jobs.  |  v19.05 This feature was introduced in v19.05.

Next, learn how to view user accounts.