2018 September Release

Organization MembersPermanent link for this heading

To allow users to access the Fabasoft Cloud, they have to be added as organization members to the organization.

The administration of members, external members, teams, organizational units and external organizations follows a uniform scheme. This allows you to quickly find your way around all areas of membership administration.

Lists in the Membership Administration

  • Lists provide an easy way to perform operations on multiple users simultaneously.
  • You can cut, copy or paste users and thus efficiently define the organizational structures. For example, you can use Ctrl + X to remove the selected users from a team.
  • The properties of users, organizational units, external organizations or teams can also be changed efficiently using column editing (F2 key or Ctrl + C and Ctrl + V).

Import MembersPermanent link for this heading

Via the CSV import also many members can be created comfortably.

  1. In the dashboard of the organization click Membership, to open the membership administration.
  2. Click the “Import Members” action.
  3. Enter the path to the CSV file in the Content field.
    Note: Click the “Download CSV Template” button to retrieve a template that describes the necessary data structure.
  4. Click “Start Import”.
  5. After the import has finished, click “Next”.

The imported members are stored in the members list. In case of a re-import existing members are updated. The unique identification of the members is carried out via the e-mail address.

The “Invite Members” action can be used to send an invitation e-mail to the imported members (see chapter “Invite Members”).

Data structure of the CSV file

CSV Column

Description

EMail

Log-in E-Mail Address (unique; required)

CN

Common Name (is necessary for the log-in with client certificates and has to correspond with the CN of the client certificate of the particular user)

PinPhone

Phone Number the SMS PIN Is Sent to (if not defined, the log-in e-mail address is used)

PinEMail

E-Mail Address the E-Mail PIN Is Sent to (if not defined, the log-in e-mail address is used)

PinRadiusID

RADIUS Server User Identification (if RADIUS is used, the user identification corresponding to your server configuration can be defined here)

PinOrder

Dispatch Type for Two-Factor Authentication

  • MPO_SMSFIRST (SMS)
  • MPO_EMAILFIRST (E-Mail)
  • MPO_RADIUSFIRST (Use RADIUS Server)

FirstName

First Name (required)

MiddleInitial

Middle Initial

Surname

Surname (required)

Title

Title

PostTitle

Post Title

Sex

Sex (possible values: SEX_FEMALE and SEX_MALE)

Salutation

Salutation

Birthday

Birthday (format: yyyy-mm-dd)

Street

Addresses (Street)

PostOfficeBox

Addresses (Post Office Box)

ZipCode

Addresses (ZIP Code)

City

Addresses (City)

State

Addresses (State)

Country

Addresses (Country)

Phone

Telephone Numbers (Business)

Fax

Telephone Numbers (Fax)

Mobile

Telephone Numbers (Mobile)

PrivatePhone

Telephone Numbers (Private)

Function

Function in the Organization

TeamKey

Import ID (of the team; if no team with the import ID is found a new one is created, otherwise the name is updated if applicable)

TeamName

Name (of the team)

AdminTeamKey

Team Administrator (possible values: Import IDs of the teams to be administrated separated by „|“)

Website

Website

Language

Language (spelling corresponding to the language e.g. Español; the possible values can be found in the CSV template or in the „Basic Settings” under Language; alternatively language identifiers according to ISO 639-1 can be used)

Edition

Edition (possible values: Fabasoft Cloud ID or reference of the edition)

Apps

Apps (possible values: Fabasoft Cloud ID or full reference of apps separated by „|“)

InvalidAuthMethods

Deactivated Authentication Methods (possible value: AuthenticationMethodUsernamePassword)

MainLocation

Main Location (possible values: at, de, ch; not available in the Fabasoft Private Cloud)

InvitationSent

Invited (possible values: true, false)

ManageHome

Manage Home (possible values: true, false)

CreateTeamrooms

Create Teamrooms – All Locations (possible values: true, false)

CreateTeamrooms-LocationAustria

Create Teamrooms – Location Austria (possible values: true, false; not available in the Fabasoft Private Cloud)

CreateTeamrooms-LocationGermany

Create Teamrooms – Location Germany (possible values: true, false; not available in the Fabasoft Private Cloud)

CreateTeamrooms-LocationSwitzerland

Create Teamrooms – Location Switzerland (possible values: true, false; not available in the Fabasoft Private Cloud)

TransferTeamrooms

Transfer Teamrooms (possible values: true, false)

grpolicysearchaudit

Create Search Folders for Audit Logs (possible values: true, false)

grpolicyaddmembers

Add Members to the Organization (possible values: true, false)

grpolicyremovemembers

Remove Members From the Organization (possible values: true, false)

grorgstructmanagers

Manage Organizational Structure (possible values: true, false)

grorgunitmanagers

Manage Teams (possible values: true, false)

grpolicyaddexternal

Add External Members to the Organization (possible values: true, false)

grextorgmanagers

Manage External Organizations (possible values: true, false)

grpolicydigitalsignature

Digitally Sign Documents (possible values: true, false)

grpolicyopenonlineex

Edit Office Documents in Microsoft Office Online (possible values: true, false)

grpolicyreadonworkspace

Open or Download Content on the Workstation (possible values: true, false)

ImageName

Photo (name of the image that should be assigned)

ImageTeamrooms

Fabasoft Cloud ID of the Teamroom that contains the images

OverrideKeys

CSV columns of properties to be overwritten separated by commas (otherwise empty values are ignored and values are added in list properties)

For addresses, telephone numbers and organization policies following keys must be used for the related CSV columns: address, telephone, policies (for addresses, telephone numbers the following applies: overwriting is carried out within the corresponding type, e.g. Fax; for policies the following applies: empty cell is equivalent to false)

Note: To add several addresses or assign members to several teams, more lines with the same e-mail address (EMail) can be specified.

Add MembersPermanent link for this heading

In addition to the CSV import, members can also be created and managed individually.

  1. In the dashboard of the organization, click Membership to open the membership administration.
  2. Click the “Add Members” action.
  3. In the Users field, enter the e-mail address of the user.
  4. In the drop-down menu, click an existing user to add the user as a member. If no user with the entered e-mail address exists, click “Invite new user” to create a new user.
  5. To add additional members repeat step 3 and 4.
  6. If applicable, select the teams or organizational units to which the users should be assigned.
  7. Click the “Add” button.
  8. Assign an edition and apps to users without an edition and click “Assign”. This step is omitted, if all specified users already have an edition.
  9. Click “Invite” to send each member an e-mail to confirm the membership. Click “Invite Later” to send the invitation later (see chapter “Invite Members”).

The added members can be further processed via the “Properties” context menu command.

Invite MembersPermanent link for this heading

If you have performed a CSV import or manually added users who have not yet been invited, you can send an invitation via the “Invite Members” action.

To invite members, perform the following steps:

  1. In the organization, click the “Invite Members” action. The action is only available if members are present who have to be invited.
  2. Define the recipients. For easy selection of recipients, the following recipient groups can be selected: not invited members, not registered members and members with open confirmation.
  3. The fields Subject and Message are prefilled. Take any necessary adjustments.
  4. Click “Invite”.

An e-mail is sent to the users to confirm the membership.

State InformationPermanent link for this heading

To check the state information of users, navigate in the organization in the membership administration. The state information is shown as columns by default.

  • State
    Users can be the owner, member or external member of the organization. If the state must be confirmed by the user and the confirmation is still pending, the “Confirmation Required” state is displayed.
  • Invited
    Shows whether the user has been invited by e-mail. The value can also be manually changed to “Yes”, if the user should no longer to be considered in the “Invite Members” dialog, for example.
  • Registered
    Shows whether the user is registered and can therefore log into the Fabasoft Cloud.

Note: Users who rejected an invitation or have been excluded from the organization are displayed in the membership administration under “Exclusions”.

Change MembershipPermanent link for this heading

External members can be converted to members and vice versa.

To change the membership, perform the following steps:

  1. In the dashboard of the organization, click Membership.
  2. Navigate to the desired member or external member.
  3. In the context menu of the member or external member, click “Change Membership”.
  4. If applicable, select external organizations, teams or organizational units to which the user should be assigned to and click the “Change Membership” button.
  5. If a member has administrative rights in the organization, you must confirm the loss of the rights.

Changing a membership removes a member from all teams and organizational units and removes an external member from all external organizations.

Exclude MembersPermanent link for this heading

Members who have been excluded from an organization are also removed from all positions, teams and Teamrooms. When excluding a member, a successor can be defined. This successor is entered in the positions, teams and Teamrooms that the user has been excluded from.

To exclude a member from an organization, perform the following steps:

  1. Navigate to the desired member.
  2. In the context menu of the member, click “Exclude Member”.
  3. Define whether the member is to be informed by e-mail and the user is to be deactivated. If necessary, specify a successor.
    Note: The user can only be deactivated, if the user is managed by your organization.
  4. Click “Exclude Member” to confirm the exclusion.

Excluded members are displayed in the organization in the membership administration under “Exclusions”. Here you can also view the processing state of the exclusion.

Note:

  • Users who have full control in the organization’s Teamrooms and are members of this organization will be notified by e-mail. These users have the opportunity to re-invite the excluded user to the Teamroom, if the user is not inactive. If the excluded user is the last user with „Full Control” in a Teamroom and no successor has been defined, the owner of the organization becomes the user with “Full Control” of the Teamroom.
  • The removal of the user from the Teamroom and the adding of the successor to the Teamroom may take some time.
  • When terminating a membership in external organizations, organizational units or teams, those with full control in the Teamroom are also informed by e-mail, if the Teamroom is restricted to the affected external organization, organizational unit or team.
  • For Teamrooms of other organizations the following applies:
    • If the user's membership in his or her main organization is terminated, users with full control in Teamrooms of other organizations will also be informed about the exclusion and, if applicable, about the successor. The access rights can be manually adjusted by a user with full control.
    • If the user's membership in one of his or her non-main organizations is terminated, only Teamrooms that are restricted to the affected organization are handled.

Manage TeamsPermanent link for this heading

Teams are used for the informal structuring of organization members, external members and members of other organizations. For example, they can be used in Teamrooms to authorize the entire team.

To create a team, perform the following steps:

  1. In the dashboard of the organization click Membership and then click Teams.
  2. Click the “Create Team” action.
  3. Define a name. In the Define Team Members field, you can add users to the team.
  4. Click “Create”.

Note:

  • For teams you can define standard Teamrooms (see chapter “Standard Teamrooms”).
  • Organization administrators can define users who are entitled to manage teams (organization dashboard > “Advanced Settings” > “Define Policies” > “Actions” tab > Manage Teams).
  • Organization administrators can define team administrators (via the “Define Administrators” action in the respective team). Team administrators can perform the following actions: add and remove members, release processes and forms for the team.
  • For organizational units an access protection can be defined (“Properties” > “Security” tab). This way either only organization members or all users can search the team. The access protection of the organization is not inherited from the organization.

Define Authentication and Two-Factor AuthenticationPermanent link for this heading

The log-in can be carried out with username and password, Digital ID, SAML 2.0, AD FS (Microsoft Active Directory Federation Services) or client certificates.

For the two-factor authentication mobile PIN (SMS), e-mail PIN and one-time password via a RADIUS server is provided. Depending on the cloud edition, not all methods are available.

To change the settings for a user, perform the following steps:

  1. Navigate in the desired member and click the “Properties” action.
  2. On the “Account” tab, you can define the settings regarding the authentication and second factor.
    • Primary E-Mail Address
      The user can log in with this e-mail address. Notifications are also sent to this e-mail address.
    • Common Name (CN)
      Defines the common name of the corresponding user certificate (certificate authorities have to be defined in the organization).
    • User ID Used for RADIUS Server
      Defines the link between the user and the RADIUS server (a RADIUS server has to be configured in the organization).
    • Mode of Dispatch for Mobile PIN
      Defines the primary second factor. Depending on the selected factor a phone number, a RADIUS user identification or an e-mail address has to be provided in the following fields. If several fields are filled, the user can select an alternative method when logging in.
    • Mobile Phone Number for Mobile PIN
      The PIN is sent to this phone number.
    • E-Mail Address for Mobile PIN
      The PIN is sent to this e-mail address.
    • Deactivated Authentication Methods
      To prevent the user from logging in using certain authentication methods, the not allowed authentication methods can be defined here. Before disabling authentication methods, make sure you do not lock out the user.
  3. Click “Next” to save the changes.

Note:

  • Only administrators and owners of the primary organization of the user can change the user data. You find the primary organization in the properties of the user on the “User” tab in the Organization field.
  • The settings can also be defined via the CSV import.
  • To enable users to log in directly with SAML 2.0 without registering, you must execute the “Register Members for SAML 2.0” context menu command on the organization. The context menu command is only available, if non-registered members with state “Member” exist and the organization is configured for the use of SAML 2.0.

Show Account Activities of MembersPermanent link for this heading

To view the account activities of members, perform the following steps:

  1. Navigate to the desired organization, team, external organization or (external) member.
  2. Run the “Show Account Activities” or “Advanced” > “Show Account Activities” context menu command.
  3. The account activities of the member are displayed and can be downloaded via the “Export Account Activities as CSV File” button.
  4. Click “Close”.

Note:

  • Only members who are managed by you are displayed.
  • If a member has never logged in, the columns in the CSV file are filled with “N/A”.

Manage External MembersPermanent link for this heading

Employees of suppliers, partner companies or customers can be added as external members to your organization. To simplify the cross-organizational cooperation even further, external organizations are available to combine and manage external members based on their company affiliation.

To manage external members, perform the following steps:

  1. In the dashboard of the organization click Membership, to open the membership administration.
  2. Within External Members you can import, add or exclude external members.
  3. Within External Organizations you can create external organizations to be able to structure external members logically.

Note:

  • When importing external members (available CSV columns see chapter “Import Members”), the following two additional CSV columns are available in comparison to importing members: ExtOrganizationKey (import ID of an external organization) and ExtOrganizationName (name of the external organization). In addition, only the organization policies grpolicyopenonlineex and grpolicyreadonworkspace apply to external members. AdminTeamKey is also not available for external members.
  • External members consume licenses as members.
  • Editions and apps can be assigned to external members as to members.
  • External members cannot create Teamrooms that are assigned to the organization.
  • Only administrators and owners of the primary organization of the user can change the user data. You find the primary organization in the properties of the user on the “User” tab in the Organization field.
  • The by default created external organization “All external members” always includes all external members, regardless of whether the members are also assigned to other external organizations.
  • Administrators can define users who are entitled to manage external organizations (Organization dashboard > “Advanced Settings” > “Define Policies” > “Actions” tab > Manage External Organizations).

Manage the Organizational StructurePermanent link for this heading

The organizational structure is used for the hierarchical mapping of organizational units and positions of your organization. You can find the organizational structure in your organization under “Membership” > “Organizational Structure”.

  • Organizational Unit
    An organizational unit summarizes one or more positions and can contain subordinate organizational units. The hierarchy of organizational units is defined on the one hand by the tree structure of the organizational structure and on the other hand by the assigned hierarchy levels (e.g. business unit, division, team).
  • Position
    Positions are assigned to organizational units and are used to define the jobs in your organization. A concrete user can be assigned to a position.
    There are two types of positions: “Head” and “Staff Member”. This information can be used in the workflow for approvals (for example, the leave request for an employee is assigned to the head of the respective organizational unit).

Organizational administrators or users who are entitled via the “Manage Organizational Structure” policy are responsible for maintaining the organizational units and positions (for example, assigning a user to a position).

Define Hierarchy LevelsPermanent link for this heading

If you are in the organizational structure, you can use the “Settings” action to set the hierarchy levels. By default, the following hierarchy levels are predefined:

  • Management Board (Level 01)
  • Business Unit (Level 02)
  • Division (Level 03)
  • Team (Level 04)

You can use the “Properties” context menu command to adjust the name and level. You can obtain new hierarchy levels via the “New” background context menu command.

Note: Organizational units can only contain organizational units with a larger level value (for example, organizational units of level 02 can only contain organizational units from level 03).

Create Organizational UnitsPermanent link for this heading

If you are in the organizational structure, you can create organizational units using the “Create Organizational Unit” action. Navigate in organizational units that have already been created to create subordinate organizational units.

You can set the following values:

  • Name
    Defines the name of the organizational unit.
  • Staff Unit
    If an organizational unit is not part of the linear hierarchy, it can be marked as a staff unit.
  • Hierarchy Level
    Defines the hierarchy level of the organizational unit. Only levels with a higher value than the level defined in the superordinate organizational unit are displayed.
    Note: You can define the available levels in the settings of the organizational structure.
  • Description
    Defines the description of the organizational unit.
  • Import ID
    If the organizational structure is externally managed and imported, an import identifier for the organizational unit can be defined. This allows an update of the organizational unit.
  • Members with Role “Head”
    Defines the heads of the organizational unit.
  • Members with Role “Staff Member”
    Defines the staff members of the organizational unit.

Note: You can use the “Move to Organizational Structure” context menu command to convert teams to organizational units.

Create PositionsPermanent link for this heading

If you are in the organizational structure, in an organizational unit, you can use the “Create Position” action to create a position for the respective organizational unit.

You can set the following values:

  • Type
    Defines whether it is a staff member or a head position.
  • Staff Unit
    If a position is not part of the linear hierarchy, it can be marked as a staff unit.
  • Organizational Unit
    The position is assigned to the shown organizational unit.
  • User
    Defines the employee who is assigned to the position.
  • Primary Position
    If an employee is assigned to several positions, one position can be marked as primary. The primary position is used for evaluating the supervisor (e.g. in a workflow context).
  • Name
    Defines the name of the position.

Note: Additional fields are available when using the Fabasoft Personnel File.

Import the Organizational StructurePermanent link for this heading

If you are in the organizational structure, you can use the “Import Organizational Structure” action to import or update the organizational structure using a CSV file. The “Download CSV Template” button can be used to retrieve a template that describes the necessary data structure. The Complete Organizational Structure Matching option allows you to define whether existing positions and organizational units that do not exist in the CSV file should be deleted.

The CSV columns are in general free-text fields of type string. The import ID can be used to update objects. Following CSV columns are available:

CSV Column

Field

Possible Value

Key

Import ID

string

Type

-

string (OrganizationalUnit, OrganizationalPosition)

ParentKey

-

string (import ID of the superordinate organizational unit; empty on top level)

Name

Name

string

Level

Hierarchy Level

string (import ID of the hierarchy level; only organizational units)

StaffUnit

Staff Unit

string (TRUE, FALSE; only organizational units)

UnitDescription

Description

string (only organizational units)

PositionType

Type

string (HeadPos, StaffPos; only positions)

PrimaryPosition

Primary Position

string (TRUE, FALSE)

User

User

string (e-mail-address; only positions)

Note: If the Fabasoft Personnel File is licensed, additional metadata can be imported.