Read more about file based user uploads and automatic role assignment.
1. What is a Customer Supplied Role?
A Customer Supplied Role is like a user persona, e.g. HR Business Partner, or People Leader.
It is defined by the customer and is a way of grouping together a set of One Model Application Access and Data Access Roles.
The Customer Supplied Roles can be sent to One Model via SSO or the User File Upload. These roles can also be defined in the Company Page, but will only take effect if they are then sent to One Model via SSO or User File Upload.
The Customer Supplied Role is used in the User Upload Options section in the Company page to define the mapping to One Model Application Access and Data Access Roles.
2. How do I create a Customer Supplied Role?
In most cases these roles will be automatically added to the One Model application from SSO or a User File Upload.
Navigate to the Admin tab, then select Company, and scroll to the User Upload Options section, under which you’ll see Customer Role Mapping. Here you will see a list of Customer Supplied Roles in the table ready for mapping to One Model Applilcation Access and Data Access roles.
You can also manually create Customer Supplied Roles using the link to Create New in this section. From there, you’ll be able to name your new role and add any application and data access roles.
Customer supplied roles don’t necessarily need to be mapped first prior to them being included in the file you upload. However, any user trying to login with a Customer Supplied role that doesn't have any associated One Model Application Access or Data Access roles mapped in this table won't have any permissions within the system.
3. How do I edit Customer Supplied Roles?
Navigate to the Admin tab, then select Company, and scroll to the User Upload Options section, under which you’ll see Customer Role Mapping.
For any already created Customer Supplied Roles, you’ll see options to Edit or Remove roles to the right of each role.
4. How do I download the template for a file-based bulk user upload?
You’ll need to first need the Application Access Role permissions for managing users and user upload.
If you have the permissions, then you'll need to ensure that the Enable user upload box is turned on under the User Upload Options section in the Company page.
**Be sure none of your users have the option On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload turned on in their user accounts.
If you turn on the Enable user upload option in the Company page without having a file user accounts can refer to, any user with the option, On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload, will refer to a non-existing file and all of their current roles will be removed.**
Once you’ve ensured the Enable user upload box is turned on, navigate to the Users page where you’ll see a hyperlink for Upload Users. Click Upload Users, where you’ll be taken to a new page where you’ll see the option to Download Template.
5. Should every single user be included in the file-based bulk user upload?
Not necessarily, though your team will ultimately need to decide who to include.
We recommend you:
1. Think through your user groups and decide, for example, whether Admin accounts or super-users should bypass auto-assigned roles. You may not want those supporting or driving the process to be directly affected by the file-based bulk user upload, and
2. Think through how you’ll manage and track new users, users who have their roles manually assigned to them, how many users are manually assigned roles vs. automatically assigned roles, etc.
6. In the file we upload for user roles, what roles should be included?
You need to include the Customer Supplied Role for each user in the file, where a Customer Supplied Role is defined by specific application and data access roles.
7. Can a user have multiple Customer Supplied Roles?
Yes, users may have more than one, and can have multiple Customer Supplied Roles.
8. After we’ve uploaded a file for our current users, can we manually create user accounts for any new user in the future?
Yes, you’ll still be able to manually create new user accounts after you’ve previously uploaded a file. Be mindful, however, that doing both approaches may lead to increased manual maintenance and you'll need to be careful about tracking who had their roles assigned manually versus via a file upload.
9. Can I manually change a user's application and/or data access roles after I’ve assigned them roles via file-based bulk user upload?
A user cannot be both manually assigned roles as well as automatically assigned roles at the same time.
If a user has the option, On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload, turned on in their user account, they will be assigned roles via the uploaded file and their account will always refer to the file for their roles despite any manual changes in role assignment you may make in the site.
If you deselect the On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload option, however, you may start making manual changes again for a user.
Once this option is turned on, the Application Access and Data Access roles that had been automatically assigned will still appear, but the user will not have their roles updated in any future file uploads.
10. I have new users and/or changes I want to make to a user’s assigned roles. Can I upload a new file?
Yes, you can absolutely make additions or changes and upload a new file to your site. Of course, for any new users, ensure their account has the On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload option turned on.
11. Can I change the mapping of my Customer Supplied Roles to application/data access roles after I’ve uploaded a file?
Yes, you can change the mapping of your Customer Supplied Roles to application/data access roles after you’ve uploaded a file. Bear in mind, however, that new roles/new mappings won’t take effect until impacted users have logged in again, and their roles will stay as is until they do so.
Also, please note that proxying in as one of those users will not cause new roles/new mappings to take effect.
12. Will users of the new accounts I create via file-based bulk user upload automatically receive an email to access the One Model site for the first time?
No, they will not automatically receive an email the same way as when user accounts have been manually created. You’ll need to share the One Model site URL with your new users who had their accounts created via file-based bulk user upload in order for them to login.
13. For user provisioning with the CSV bulk upload method, who gets access to One Model?
With file based user uploads, anyone listed in the CSV file and anyone with access to the site URL (and gets through SSO) will have a user account created. If they are not listed in the uploaded CSV file, they will not have any roles assigned and therefore no permissions or access, but they will have an account created and can see the default One Model home page.
14. I uploaded a file, but some of my users don’t have any roles assigned to them. How do I resolve this?
We ask that you verify five things:
1. Ensure users have logged in, as roles will not be assigned until a user has logged in. Proxying as a user will not assign roles.
2. Ensure Enable user upload is turned on under the User Upload Options section of the Company page.
3. Ensure users have a Person ID or Email correctly inputted into their user account (these will be case-sensitive), and double-check what User key is defined under the User Upload Options section of the Company page. For example, if the User key is defined as Person ID and users don’t have a Person ID inputted into their user accounts, then they can’t link to the file you’ve uploaded and be assigned their roles.
4. Ensure users have the On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload option turned on in their user account. If they don’t, they won’t be assigned their roles via the file you’ve uploaded.
5. Check the Customer Role Mapping table to ensure that the Customer Role has Application Access Roles and Data Access Roles are defined in this table. To view the Customer Role Mapping table, click the Admin tab, then select Company and find the Customer Role Mapping table.
If you’ve verified the above and are still experiencing issues, please contact Customer Success.
Comments
0 comments
Please sign in to leave a comment.