HomeDocumentationProduct UpdatesProduct Roadmap
User Docs
Request DemoWebsite

Managing User Access

Learn how to manage user access for your workspace with and without single sign-on (SSO).

Suggest Edits

As you begin your journey with SAP LeanIX, managing user access and roles directly within the application is a straightforward way to get started. Later, you can set up SSO for a more efficient and streamlined experience for managing user access. You can view workspace users in the Users section of the administration area. For more information, see Users.

Managing User Access Without SSO

Without SSO, you can manage user access for your workspace directly within SAP LeanIX. Users sign in to the application with their email and password.

  • Adding users: To invite a user to a workspace, click Invite on the navigation bar, enter the user’s email address, select a role, then click Invite. You can invite multiple users at once.

  • Managing roles: During the invitation process, assigning a role is required. You can change a user’s role later in the Users section of the administration area. To do that, select a user by clicking their email address, change their role, then click Save.

  • Deactivating users: You can deactivate a user by archiving them. In the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This action revokes the user's access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can reinvite the user by clicking Invite on the navigation bar.

    For additional information, see User Details.

    User Details Page in the Users Section of the Administration Area

    User Details Page in the Users Section of the Administration Area

Managing User Access with SSO

When SSO is enabled for your organization, you can manage user access through your identity provider (IdP). Users sign in to SAP LeanIX through your IdP. To learn how to set up SSO, see Single Sign-On (SSO).

  • Adding users: To invite a user, you need to provide them with access permissions in your IdP. This enables the user to access all workspaces within the organization's SSO domain.

    • Invite only flow: If you enabled the Invite only flow for a workspace during the SSO setup, in addition to granting access permissions in your IdP, you need to invite users by clicking the Invite button. If a user is granted access permissions in your IdP but is not explicitly invited, they can’t access the workspace.

  • Managing roles: Depending on your SSO setup, you can manage user roles either within SAP LeanIX or within your IdP. For more information, see Managing User Roles with SSO.

  • Deactivating users: You can deactivate a user by archiving them. In the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This revokes access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can reinvite the user by clicking Invite on the navigation bar.

    If you remove a user from your IdP, they can no longer access any workspaces within the organization’s SSO domain.

Updated 1 day ago