Versions Compared

Version Old Version 27 New Version Current
Changes made by

Julie Isebaert

Sergio Karijodinomo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Difficulty: novice

Content

Table of Contents

...

minLevel1
maxLevel1

Learning Objectives

After reading this article, you’ll be able to:

  • Manually create Workplace users

  • Enable Workplace users

  • Batch modify Workplace users

A Workplace user is needed to access any Workplace touch point. Based on the assigned Workplace role(s), features are made available to the user (for example you need Admin role to access data export functionality in GO or to have access to the Workplace back-end Studio).

A Workplace user in itself can check live floorplans and dashboards, and/or manage users and devices. Yet when it comes to any functionality that leans on the underlying IWMS (for example making a reservation), also an IWMS user is needed.

Tip

It’s mandatory to link a Workplace user to an IWMS user. Make sure the users exist in IWMS first, this way you can link them during the creation.

Users can log in to Workplace touch points (Go, applications, Studio) using

  • UID (Unique ID within Workplace)

  • e-mail address

How to access Workplace User management:

...

  • Users & Roles > Users

Info

Easily track user activity and engagement, and identify inactive users by looking at the Last Login column in the User Overview

  • For all Workplace Experience touch points: GO, Studio and mobile apps (Workplace App & Kiosk App)

  • Timestamp is created upon user login and not based on actual activity once logged in

  • Remember me sessions, where you are automatically logged in without entering your authentication details again, are also considered to be an actual login

Spacewell started keeping track of Last Login dates from 19/03/2024.

Manually create Workplace users

Add new users in Workplace back-end Studio by using the button "

...

Add new"

image-20240314-170218.pngImage Added

image-20240116-173552.pngImage Added

Mandatory fields

  • UID (Unique ID within Workplace) always starts with (short) tenant name (so the Workplace tool knows which environment to connect to upon log-in)

    • allowed characters:

      • letters (small caps and large caps): a-z, A-Z

      • numbers: 0-9

      • special characters: . _ -

  • First Name

  • Last Name

Optional fields

  • E-mail

    • can be used as login ID

    • can be used to send messages to the user (for example automatic mails based on Brain rules repository)

  • IWMS ID: Workplace user needs to be linked to an IWMS user in order to have certain rights (

...

  • for example to make a reservation

...

  • ). So make sure the users exist in IWMS first, this way you can link them during the

...

  • creation.

 

UID (Unique ID within Studio) and sumorea e-mail address will be created using

  • (short) tenant
  • first name
  • last name

 

Login to Cobundu (Studio, Go, touchpoints) is possible via either

  • UID
  • sumorea e-mail address
  • e-mail address

 

...

    • to link from Workplace Management, refer to the “username” mentioned for the User object

  • Password: set a standard/default password

  • Active enable/disable toggle: upon user creation, it makes sene to keep this enabled.

  • Must change password toggle: upon user creation, it makes sense to keep this enabled.

  • Roles, see Roles & Profiles

Batch import/modify Workplace users

Info

Best practice is to take an export of the users in your environment and use that as the import file.

Upload or modification of multiple users at once (batch upload) is possible using the import-functionality

...

:

  • all fields are mandatory (

...

  • including the default password to start with)

  • document may not contain hyperlinks (so better to set e-mail address as text)

...

Image Removed

...

View file
nameimport_workplace_users.xls

Info

It’s possible to assign multiple roles to a user through excel import, which makes it easier and more efficient for admins to manage user configurations.

Automatic creation of

...

Workplace users

...

After configuration of Workplace SSO: for every (new)

...

Workplace user signing in, upon first login,

...

Workplace creates an account on-the-fly and the user can start using

...

A user logging in with Cobundu ID (tenant.ID) is recognized as being part of a tenant where SSO has been setup and Cobundu will automatically create a Cobundu account.

Prerequisites for Automatic creation of Cobundu users, see section "Cobundu SSO".

Image Removed

Cobundu SSO

Cobundu SSO is available for Go.cobundu.comStudio.cobundu.com and Workplace App.

Prerequisites for Cobundu SSO

  • IWMS account for user must exist
    • Ideally, an HR interface takes care of automatic creation of IWMS users
    • In case the logged in user doesn’t exist in IWMS, the user will not be able to use any IWMS-dependant features like making reservations.
  • Identity Provider Mapping (receiving following attributes from the identity provider: "IWMS login ID", "First Name", "Last Name" and "E-Mail“)
    • In case the “IWMS login ID” attribute is not correctly mapped, the user will not be able to use any IWMS-dependant features like making reservations.
  • (optional) Mapping between Active Directory account groups with Cobundu roles

How is it set up?

Cobundu supports SAML 2.0 protocol which is the industry standard among all up-to-date integrations. See SSO SAML 2.0 for a general understanding of how SSO works.
The SSO configuration from IWMS cannot be re-used on Cobundu. These are 2 separated apps from the Identity Provider perspective, and each requires an independent SSO federation setup.

Development takes 2 MDs (incl PM).  The estimate depends on configuration and regulations on the Identity Provider in terms of supported SAML 2.0 options and features, as well as on the maturity of IT staff that is responsible for configuring federation on the customer side. The estimate does not cover HR interface setup on IWMS (user accounts sync), which is a prerequisite for SSO to work on Cobundu.

Contact applicationintegration@spacewell.com for a more detailed quote or to plan your next project.

How does it work?

A user logging in with Cobundu ID (tenant.ID) is recognized as being part of a tenant where SSO has been setup and Cobundu will automatically create a Cobundu account. The user can proceed to login.

A user logging in with e-mail address is now also supported: It uses a whitelist of e-mail providers (eg @spacewell.com or @mcs.be) to check the tenant. To whitelist an e-mail domain, add it to Settings > SAML SSO > "Allowed email domains (comma separated)" (underneath "Auto-Create user").

On GO and Studio, if your customer has SSO installed and you want to bypass (and login using your Cobundu ID), go to https://go.cobundu.com/no-sso or https://studio.cobundu.com/no-sso; select "Log in with your Cobundu credentials"; then log in with your Cobundu ID and password.

Role Mapping (see Roles & Profiles)

Initially, SSO was creating users, but that's as far as the user management went. There is no update done, no deletion or deactivation. If a user is set to disabled in the IWMS, the consequence will be that the Cobundu user is still active, but does not have any IWMS rights anymore: the user can login to Cobundu touchpoints and browse reservable rooms, floorplans etc, but as soon as they want to make a reservation or book a ticket, this will not be possible (because they don't have the correct IWMSrights anymore).

We have now added a way to overcome this by providing a mapping table in Studio, where one can map the Active Directory account groups with Cobundu roles:

  • If a user logs in using SSO and has no Cobundu account yet
      • The user will be automatically created
      • Based upon the AD Account Group ID passed via metadata, the user will be created and assigned a Cobundu role as defined in the role mapping 
  • If a user logs in using SSO and already has a Cobundu account
      • Based upon the AD Account Group ID passed via metadata, the user will be assigned a Cobundu role as defined in the role mapping

This Feature can be turned on or off.

 

More information on Cobundu SSO can be found in this presentation (keep in mind: Cobundu SSO available for Go, Workplace app and Studio)

View file
nameCobundu MCS User Management - Cobundu SSO.pptx
pageCobundu User Management
spaceSUM
height250

 

Presentation in French (2020):

View file
nameCobundu MCS User Management - Cobundu SSO_FR.pdf
pageCobundu User Management
spaceSUM
height150

 

...

Workplace.

For more information on Automatic creation of Workplace users, see How to set up Workplace SSO.

Good to know

  1. In the Workplace platform, users are automatically disabled after 3 wrong login attempts.
    For more details on possible password security settings, see Security settings.

  2. In Workplace Analytics & Experience, users can log on to multiple touch points at the same time. For example a user can be logged in to GO webportal and into the Workplace app. Being logged in to GO even makes it easier to log in to the Workplace app, see https://spacewell.atlassian.net/wiki/spaces/KB/pages/160104537/GO+-+Profile+Settings#Connected-Devices.

Search

Live Search