HomeDocumentationProduct UpdatesProduct Roadmap
User Docs
Request DemoWebsite

Managing User Access

Learn how to manage user access for your workspace with and without single sign-on (SSO).

Suggest Edits

As you begin your journey with SAP LeanIX, managing user access and roles directly within the application is a straightforward way to get started. Later, you can set up SSO for a more efficient and streamlined experience for managing user access. You can view workspace users in the Users section of the administration area. For more information, see Users.

Managing User Access Without SSO

Without SSO, you can manage user access for your workspace directly within SAP LeanIX. Users sign in to the application with their email and password.

  • Adding users: To invite a user to a workspace, in the user profile menu, select Invite User, enter the user’s email address, select a role, then click Invite. You can invite multiple users at once.

  • Managing roles: During the invitation process, assigning a role is required. You can change a user’s role later in the Users section of the administration area. To do that, select a user by clicking their email address, change their role, then click Save.

  • Deactivating users: You can deactivate a user by archiving them. In the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This action revokes the user's access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can reinvite the user by using the Invite User option on the user profile menu.

    For additional information, see User Details.

Managing User Access with SSO

When SSO is enabled for your organization, you can manage user access through your identity provider (IdP). Users sign in to SAP LeanIX through your IdP. To learn how to set up SSO, see Single Sign-On (SSO).

  • Adding users: To invite a user, you need to provide them with access permissions in your IdP. This enables the user to access all workspaces within the organization's SSO domain.

    If you enabled the Invite only flow for a workspace during the SSO setup, in addition to granting access permissions in your IdP, you need to invite users through the Invite User option in the user profile menu. If a user is granted access permissions in your IdP but is not explicitly invited, they can’t access the workspace.

  • Managing roles: Depending on your SSO setup, you can manage user roles either within SAP LeanIX or within your IdP. For more information, see Managing User Roles with SSO.

  • Deactivating users: You can deactivate a user by archiving them. In the Users section of the administration area, select a user by clicking their email address, then click Archive next to Status. This revokes access to a specific workspace, but the user still has access to other workspaces where their permission is active. If needed, you can reinvite the user by using the Invite User option on the user profile menu.

    If you remove a user from your IdP, they can no longer access any workspaces within the organization’s SSO domain.

Updated about 1 month ago