There are several questions you need to answer before determining how users will access the system:
The following sections provide different methods to answer these questions.
Below are the four most common user management methods.
Method Description
Manual user management
This method is simple, but it is a manual process that relies on Appian system administrators. See User Management for more information.
Create new users and update user attributes upon sign-in
When authenticating with OpenID Connect, PIEE, LDAP or SAML, Appian has the ability to create new user accounts on first login as well as update user attributes upon sign-in.
User deactivation with these methods is handled based on the user inactivity. Idle User Deactivation Duration can be set and managed via the Admin Console.
LDAP synchronization
This solution on the AppMarket is typically run as a nightly process to create, update, deactivate, and reactivate users by synchronizing with your organization’s LDAP servers.
Process-based creation and update
You can design a custom user management method using a process model to create, update, deactivate, and reactivate users from various sources. For example, user lists could be loaded from CSV files or database queries. Some organizations utilize Web services to retrieve user lists.
The Add User Smart Service can be used in process to create new users.
In order for users to have proper roles and access, users must be added to Appian groups. Below are the most common methods for group and group membership management.
Manual group management
This method is simple, but it is a manual process that relies on Appian system administrators. See Group Management for more information.
Additionally, these activities could be delegated to individual group administrators, or business units to manage using User and Group Management Application.
Rule-based group membership management
This method can be combined with other synchronization methods to allow for user memberships to be resolved automatically based on values in users' profiles.
Synchronize a user’s groups upon sign-in
When using OpenID Connect, PIEE, or SAML, Appian has the ability to synchronize a user's group membership upon sign-in.
If you have your group memberships managed in an LDAP directory, the LDAP Synchronization application can synchronize users into the appropriate Appian groups. Modify the template application to suit your needs.
Process-based management
If users' group memberships are stored in a database or can be retrieved using a Web service, you can leverage Appian process models for automated management.
The Add Group Members and Remove Group Members smart services can be added in process to help manage your memberships.
See the LDAP Synchronization sample application for an example of a process that uses an LDAP directory as a source of authorities.