Users Management
Willba uses Keycloak for user management. Keycloak is an open source identity and access management solution for modern applications and services.
Willba uses role-based access control with pre-defined Willba roles managed by Willba development team. Each role grants access to a specific application functionality.
Keycloak groups are the way to define roles for certain groups of users. When new user joins company, enters a new role or leaves company, we only assign group or leave group. For example Housekeeping can be one group name. Housekeeping group contains all the Willba-roles that are granted to any user belonging to Housekeeping.
One user can belong to multiple groups. In this case the user will have all the roles assigned to all the groups of the user. Also, it is possible to assign Willba role directly into user, but it is not preferred. Use the suitable groups that defines the business role of the user.
Integrated Centralized User Management
If Willba customer organisation has already centralized identity management like Google Workspace or Microsoft Azure Active Directory, it is preferred to integrate into Willba to provide single-sign-on experience across company IT.
With integrated identity provider, customer company can manage the user groups in centralised manner. Groups are mapped into Keycloak groups at each user login time. This means the Willba group is added or removed at every login to match current state of the identity provider.
With integrated user management, it is still possible to review the users and groups in the Keycloak. Also, it is possible to add individual users manually with email and Willba password authentication. This allows managing access for visitors or persons who are not part of the centralized system.
Read more about instructions how to set up the integrated identity provider.
User Management in the Keycloak
User management in Keycloak can be enabled for specific admin users. When user has the admin rights for user management, the Users menu will appear in the Willba main navigation.
Keycloak main navigation contains three main sections: Users, Groups, and Roles. The operations of manual user management contains following main actions.
- Create and manage users
- Manage user's groups
- Create and manage groups and their roles
Each Willba role is named as descriptively as possible, and the description field provides a more detailed explanation of what the role specifically authorizes the user to do.
Create User
If you to add a bulk of initial users, ask Willba contact person to load users from Excel-like format into Willba. Your Excel should contain First Name, Last Name, Email address, and Groups (optional).
For smaller amount of the users, open Users from the menu. Press Add user, then fill only the following fields
- Username: new user email address
- Email: same email address here. Note: this email can be used with forgot password functionality later on so it must be correct and verified
- Email verified: Yes
- First name: User's first name
- Last name: User's last name
- Groups: the Willba groups this user should belong to. Groups gives the access levels to the user
Press Create and then open new user's Credentials tab. Set initial password with Set password -button and send it
securely to the new user. Remember to keep option Temporary: On
to force user to change it with the first login.
The same process can be used to reset a password if forgot password functionality is not activated.
Manage User
User management includes normally assigning a group or leaving from a group. It can be done from menu Users/User Details/Groups. By default, all the direct membership groups are visible and there is action Leave in each group row.
There is also Join Group button to assign new group or multiple groups. Just select all the groups you want to assign and press Join.
If user leaves the company, it can be disabled or even deleted. User deletion removes the user and access from the Keycloak but leaves the user core details visible in the Willba side. For example, Sales assignee in case of user had some closed Sales assigned.
Create and Manage Groups
Navigate to Groups and you have menu to Create new group. Just give the name and Create.
One group management contains mainly Members management and Roles mapping in tab menu. With Roles mapping, you can give access or remove access by assigning or removing the specific role.
For advanced use case, you can create hierarchy of groups where parent group will contain all the children groups roles.