HomeDocumentationProduct UpdatesProduct Roadmap
User Docs
Request DemoWebsite

Managing Users

Learn how to manage user access and roles with and without single sign-on (SSO).

Suggest Edits

As you begin your journey with SAP LeanIX, managing user access and roles directly within the application is a straightforward way to get started. Later, you can set up SSO for a more efficient and streamlined user management experience. You can view workspace users in the Users section of the administration area. For more information, see Users Overview.

Managing Users Without SSO

Without SSO, you can manage users for your workspace directly within SAP LeanIX. Users sign in to the application with their email and password.

Inviting Users

To invite a user to a workspace, follow these steps:

  1. In the user profile menu in the upper-right corner, select Invite User.

    Selecting "Invite User" in the User Profile Menu

    Selecting "Invite User" in the User Profile Menu

  2. In the overlay that appears, enter the user’s email address, select a role, then click Invite. You can invite multiple users at once.

Inviting Users to a Workspace

Inviting Users to a Workspace

Invited users receive email invitations to join the workspace.

Managing Roles

When inviting users to a workspace, you need to assign them a role. If needed, you can later change a user's role in the Users section of the administration area. To do this, click on the user's email address, adjust their role, and then click Save.

Changing a User's Role

Changing a User's Role

Deactivating Users

You can deactivate a user by archiving them. To do this, in the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This action revokes the user's access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can invite the user again by using the Invite User option on the user profile menu.

Deactivating a User by Clicking "Archive"

Deactivating a User by Clicking "Archive"

Managing Users with SSO

When SSO is enabled for your organization, you can manage user access through your identity provider (IdP). Users sign in to SAP LeanIX through your IdP. To learn how to set up SSO, see Single Sign-On (SSO).

Inviting Users

To invite a user, you need to provide them with access permissions in your IdP. This enables the user to access all workspaces within the organization's SSO domain.

If you enabled the Invite only flow for a workspace during the SSO setup, in addition to granting access permissions in your IdP, you need to invite users through the Invite User option in the user profile menu. If a user is granted access permissions in your IdP but is not explicitly invited, they cannot access the workspace.

Managing Roles

Depending on your SSO setup, you can manage user roles either within SAP LeanIX or within your IdP. For more information, see Managing User Roles with SSO.

Deactivating Users

You can deactivate a user by archiving them. In the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This revokes access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can reinvite the user by using the Invite User option on the user profile menu.

If you remove a user from your IdP, they can no longer access any workspaces within the organization’s SSO domain.

Updated about 1 month ago