Steps in Preparation for Transformation – enaio®

enaio® 11.0

You will need the following data from enaio® to configure the transformation:

Administrative Users

Administrative users in enaio® and other users who are only managed in enaio® must be excluded from the synchronization. To do this, you will need their user names.

Users in enaio® who are not excluded or synchronized are deactivated.

System Roles

Users need to have system roles for accessing applications and functions within the applications in enaio®. These system roles are assigned during synchronization via their ID.

Groups with Access Rights to Archive Objects

In enaio® users are allocated access rights to object types via their membership in groups. Groups created during synchronization do not have access rights in enaio®. You can configure access rights for these groups at a later time or assign users to existing groups with access rights.

Profile Templates

Users can be assigned to an existing enaio® user as the profile. As a result, they receive system roles, group memberships, and a number of user-specific settings for working in enaio® from the existing users.

Workflow Organization and Roles

Users can also be entered in the workflow organization and assigned roles there.

You compile this data in enaio® and enter it in the config.xml configuration file.

You can also assign user passwords via the configuration file.

You will find an overview of the parameters of the config.xml configuration file here.

Administrative Users

In enaio®, at least one user with the 'DMS: Supervisor' system role is required. The user names of the DMS supervisors to be excluded and other administrative and technical users can be identified by the enaio® administrator security system and entered in the config.xml configuration file:

Example:

<setting name="NonADUsers">
        <user name="SUPERVISOR"/>
        <user name="ADMINISTRATOR"/>
    </setting>
                                                            

Users in enaio® who are not excluded or synchronized are deactivated. AD users who have been deleted, locked, or removed from all prefix groups following a synchronization in AD are deactivated during a second synchronization.

System Roles

New users receive system roles for accessing applications and functions within the applications in enaio®. System roles can be assigned to all new users or to new users based on their prefix group.

The roles are assigned via the system role ID. You can find these in enaio® administrator.

In enaio® administrator, activate the system role ID view via the 'Extras' menu. In the security system, system roles with IDs are then displayed in all corresponding dialogs.

Example:

<setting name="NewUserSettings">
  <default>
    <system-role id="17"/>
    <system-role id="19"/>
  </default>
  <group name="ADMIN">
    <system-role id="1"/>
    <system-role id="2"/>
  </group>
</setting>
                                                            

In this example, new users for the 'ADMIN' group (AD group 'Prefix admin') are assigned the system roles 1 and 2 and all other users for whom there is no group configuration are assigned the system roles 17 and 19.

Groups with Access Rights to Archive Objects

Groups created during synchronization do not have access rights to enaio® object types yet. You can assign new users to existing enaio® groups with access rights. You configure groups via enaio® administrator.

Example:

<setting name="NewUserSettings">
  <default>
    <group name="STANDARD"/>
  </default>
  <group name="ADMIN">
    <group name="ADMINISTRATION"/>
  </group>
</setting>

                                                            

In this example, new users in the 'ADMIN' group (AD group 'Prefix admin') are members of the enaio® 'ADMINISTRATION' group, while all other new users for whom there is no group configuration are members of the 'STANDARD' group.

Each time a synchronization is performed, the group memberships are reassigned for all users concerned.

Groups and users are created but never deleted during synchronization in enaio®. Users in enaio® who are not excluded from synchronization (see 'Administrative Users') and are not synchronized are deactivated. AD users who have been deleted, locked, or removed from all prefix groups following a synchronization in AD are deactivated during a second synchronization in enaio®.

Profile Templates

Users can be created as profile templates in enaio®. When a profile is allocated, other users receive user-specific settings for working in enaio® client from the profile template. You configure profile templates via enaio® administrator.

Profile templates can be allocated via synchronization.

Example:

<setting name="NewUserSettings">
  <default>
    <userprofile>BENUTZERPROFIL</userprofile>
  </default>
  <group name="ADMIN">
    <userprofile>ADMINPROFIL</userprofile>
  </group>
</setting>
                                                            

In this example, new users in the 'ADMIN' group (AD group 'Prefix admin') are assigned the 'ADMINPROFILE' profile template, while all other new users for whom there is no group configuration are assigned the 'USERPROFILE' profile template.

Users can only be assigned one profile template. If more than one template is allocated during synchronization, only the first profile allocated is used.

The profile templates themselves will not be updated during synchronization. Groups assigned to users via profile templates will not be removed during synchronization.

Workflow Organization and Roles

Users can additionally be assigned roles to run workflows in a workflow organization. Workflow organizations, roles, and workflows are created in enaio® editor-for-workflow.

New users can be created as members of a workflow organization and given roles to run workflows via synchronization.

The roles are assigned via the role names.

Example:

<setting name="NewUserSettings">
  <default>
    <wf-role name="Adhoc" />
  </default>
  <group name="ADMIN">
    <wf-role name="WFADMIN"
  </group>
</setting>
                                                            

In this example, new users in the 'ADMIN' group (AD group 'Prefix admin') are assigned the 'WFADMIN' role.

All other new users for whom there is no group configuration are assigned the 'Adhoc' role.

Each time a synchronization is performed, the organization and roles are reassigned for all users concerned.

Passwords for Users

New users must be assigned a password in the enaio® user administration. Passwords are not imported from Active Directory and must be specified via the configuration file.

XSLT directory synchronization is the basis for configured directory authentication. Users do not require the enaio® password and cannot use the enaio® password to log in. In spite of this, use complex passwords, for example the password of a profile user from the enaio® database.

Passwords are always group-specific and entered in the Passwords configuration file.

Example:

<setting name="NewUserSettings">
  <default>
    <password>benutzerpw</password>
  </default>
  <group name="ADMIN">
    <password>adminpw</password>
  </group>
</setting>
                                                            

In this example, new users in the 'ADMIN' group (AD group 'Prefix admin') are created with the password 'adminpw', while all other new users for whom there is no group configuration are generated with the password 'userpw'.