Pre-authorize users
Last updated
Was this helpful?
Last updated
Was this helpful?
When using an on-premises installation, SigningHub gives you an option to pre-authorise users in your Directory so that they may serve as your registered enterprise users. In this way, your enterprise users can use their Directory credentials (i.e. organisational domain user ID and password) for SigningHub authentication, and won't even need to create their SigningHub IDs.
SigningHub supports SCIM-based auto-provisioning to streamline and automate user management through an external identity provider. With this feature, user accounts in SigningHub are automatically created, updated, disabled, deleted, or re-enabled based on changes made in the connected identity provider. This ensures that user information, such as job titles or contact details, remains consistent and up to date without requiring manual input. Currently, SigningHub supports SCIM-based automatic user provisioning exclusively through Azure Active Directory (AAD).
Follow the steps below to enable SCIM provisioning:
Log in with your enterprise admin credentials.
Click "Configurations" from the left menu and click "Users" under "People" options in the "Enterprise Configurations" section.
Tick the "Enable SCIM provisioning" check box.
Click the "Save" button.
Log in with your enterprise admin credentials.
Click "Configurations" from the left menu and click "Users" under "People" options in the "Enterprise Configurations" section.
Tick the "Automatically register the users" check box.
The "Authentication Profile" field will appear, listing all the Active Directory Authentication Profiles and the Azure Active Directory Authentication Profiles configured in the SigningHub Admin console. Select the required authentication profile from the list.
Click the "Save" button.
All the users that belong to the selected authentication profile will be authorised through Azure Active Directory upon Login, and will be automatically registered and activated in SigningHub under the default SigningHub role, provided that provisioning is not enabled by any other enterprise within the same on-premises deployment.
This implies, if multiple enterprises have been configured within an on-premises deployment, then the "Automatically register the users" check box should be ticked for only one enterprise.
You can also give the role-based access to SigningHub (i.e., Enterprise Admin, Enterprise Users, etc.) at the Security Group level. SigningHub allows you to manage (Add, Edit, and Delete) the Security Groups from the same screen.
Log in with your enterprise admin credentials.
Click "Configurations" from the left menu and click "Users" under "People" options in the "Enterprise Configurations" section.
Click "Add a security group".
Specify a Group name.
Now, select a role to assign to this security group and click the "Submit" button. The default role is shown as automatically chosen for the security group; change it as required.
The added security group will be listed inside the Security Group grid. All the users that belong to the security group will be automatically registered and activated in SigningHub under the specified role.
Select the security group whose role is required to edit.
Click "Edit" in the right panel.
Select the role as required and click "Save changes".
Select the security group required to be deleted.
Click "Delete" from the right panel.
Click "Delete" in the confirmation dialogue.