Versions Compared

Old Version 6

changes.mady.by.user Megan Ellis

Saved on

compared with

New Version Current

changes.mady.by.user Megan Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section


Column
width40%


Panel
borderColorlightgrey
bgColor#F0F0F0
titleColorwhite
borderWidth1
titleBGColor#88AACC
borderStylesolid
titleAbout

frevvo has a pluggable security framework and offers a variety of built-in Security Managers. If you use the frevvo Default Security Manager, a tenant admin can create users and roles directly in your frevvo tenants. See the Manage Users and the Manage Roles for instructions on creating users and roles. Note that with LDAP Security Manager and Delegating Security Manager, groups are the equivalent of frevvo roles.

frevvo also supports two types of LDAP Security Managers that pull users and groups from your external Active Directory or Open LDAP system; a Delegating Security Manager when you are integrating frevvo with Confluence; and a SAML Security manager that allows enterprises to take advantage of Internet Single sign On.

Note
  • frevvo Security Managers are an Add on feature with additional costs.
  • frevvo only supports/certifies Security Managers when frevvo is running in the Apache Tomcat container. Refer to our Supported Platforms for the list of Application Servers supported/certified by frevvo.




Column
width20%


Panel
borderColorlightgrey
bgColor#F0F0F0
titleColorwhite
borderWidth1
titleBGColor#88AACC
borderStylesolid
titlefrevvo Security Managers

Which Security Manager do I choose?

Working with LDAP

SAML Security Manager

Azure SAML Security Manager

Changing the Security Manager for your Tenant



...

Excerpt

Preserve Access to Forms and Workflows

Projects, forms, workflows, submissions, and spaces are maintained in users' accounts. If your usernames will change as a result of changing security managers, the original designer user(s)/owner(s) will not be able to access them. Before you change your Security Manager, you must take steps to ensure continued access to your existing resources.

We recommend that you download the Projects/Forms/Workflows that you want to preserve to your desktop as a backup BEFORE changing the Security Manager.

Production User

frevvo Best Practice recommends that you create a user account in your Active Directory/IDP that will house all of your deployed Production forms/workflows. This user can be named anything (e.g., frevvoProduction) but it must be a member of the frevvo.Designer group.

Evaluate User/Role Set Up

First, answer these questions.

  • Are the users/roles in your LDAP(s)/SAML/Azure tenant the same as the ones that exist in your Default Security Manager tenant?
    • If your new user/role id's are exactly the same as your current (default Security Manager) user/role id's, you do not need to take these actions. Your resources will remain accessible after the Security Manager change. 
    • If No, answer the remaining questions.
  • If users/roles are not the same, are you able to create user(s) accounts in your IDP that are identical to the one(s) that currently (default Security Manager) contain your current default production forms/workflows/spaces?
    • If Yes, see Option 2 below.
    • If No, see Option 1 or Option 3 below.
  • Do you need access to frevvo submissions in your existing tenant?
    • If Yes, see Option 2 or Option 3 below.
    • If No, see Option 1 below.
  • Do your form/workflow Access Control settings, Step Assignments, Business Rules, or controls (e.g. a dropdown control) refer to hard-coded user/role assignments?
    • See Other Considerations below.

Option 1 Migrate Forms and Workflows, Leave Behind Submissions and Spaces

Preserve Projects/Forms/Workflows developed in your trial/starter tenant with three easy migration steps. These steps will not preserve submissions. 

  1. Download the Projects or individual Forms/Workflows that you want to preserve to your desktop as a backup. Do this for all frevvo user accounts that have Projects/Forms/Workflows that you want to keep. See this documentation on downloading projects.
  2. When the backup of all Projects/Forms/Workflows is completed, delete the user accounts in your Default Security Manager tenant.
  3. After changing your security manager, log in as the new production user and upload the Projects/Forms/Workflows.

Option 2 Create a Production User in your IDP and Give them Access to Forms and Workflows

Preserve access to your production Projects/Forms/Workflows and submissions by creating a generic user in your IDP who will have access to the existing resources.

  1. Create a generic production user in your IDP with the exact same username as your current frevvo production user. This user must have the frevvo.Designer role. 

Option 3 Access Original Designer User via Admin User

Preserve access to your original designer user's resources by accessing their designer home page via a saved URL (only available to logged-in Admin users.)

  1. Log in as the tenant admin.
  2. Go to the Manage Users page.
  3. Locate the designer user and click "Login As" for that user.
  4. Copy and save the URL for this user's homepage.

After you change Security Managers, the tenant admin will be able to access this URL in order to view or edit existing resources. The admin user must be logged in to access the URL.

Other Considerations

If your form/workflow Access Control settings, Step Assignments, Business Rules, or controls (e.g. a dropdown control) refer to hard-coded user/role assignments, you will need to update those to use the new LDAP(s)/SAML/Azure user/role IDs immediately after changing the Security Manager. "Old" user/role id references can lead to invalid task assignments and can limit user access to your forms/workflows.

Pending tasks assigned to “old” users/roles will need to be modified and reassigned by the workflow or tenant admin.

...