WEBCON users and BPS Auth

Applies to version 2017.1.x; Author: Paweł Snoch

WEBCON BPS is a system responsible for handling business processes, therefore it is also invariably tied to the people who carry out their assigned tasks and contribute to the business process. The Active Directory is the main source of information about a business’ employees (i.e. process participants).

In BPS version 2017 it is now possible to sign in to the system without being registered in the AD by using the External Users Module. Users from outside the company AD can instead use their LinkedIn or Microsoft accounts to access WEBCON BPS applications.

Component installation

For new installations of WEBCON BPS, simply run the advanced installation. At the bottom of the Component selection page you will find the Other Components section. Make sure to select Installation from the dropdown next to WEBCON BPS External Users Module and then continue with the installation process normally.

1. Advanced WEBCON BPS Installation – Component selection step


If the system is already implemented, choose the Upgrade option instead.  Similarly to a fresh installation, the WEBCON BPS External Users Module should appear in the bottom section of the component selection screen. Select Installation and complete the remaining steps of the upgrade process.

2. Upgrade WEBCON BPS system


NOTE: In both cases, make sure that the correct Web application is selected – the same one which cooperates with the rest of the WEBCON BPS system.

3. Web application selection for External Users

SharePoint log-in method selection

Once the module is installed, it is time to define what view the SharePoint user will have.

  • Go to the SharePoint Central Administration
  • From the Application management section, select Manage web applications
  • Select the relevant application
  • With the application selected, the Authentication Providers button on action panel should become active – click it.
  • In the authentication section, the most important thing to do is marking WEBCON BPS Auth as a Trusted Identity Provider as well as entering the URL of the Sign In Page.


4. Configuring BPS Auth in the Central SharePoint Administration


If we would like the BPS Auth to be the default site, enter the following into the URL address field (pic. 4):

  • /_trust/default.aspx?trust=WEBCON%20BPS%20Auth

This is the best option for making sure that local AD users have no trouble signing in. All you have to do is mark the Redirection to default Windows authentication option in the Authentication providers section (pic. 5).

NOTE: The configured options will be visible after deleting cookies.


Registering authentication providers

The next step is filling out the form on https://auth.webconbps.com and selecting your desired authentication providers. Https://auth.webconbps.com may be referred to as the authentication broker.

It allows the company to use external log-in providers without registering your system with all the individual providers separately.

The registration form will appear for companies that aren’t already registered on https://auth.webconbps.com. To begin, click on the “Register” button and fill out the form.

5. Choosing authentication providers


After filling out the form, the Sign In page will include the selected providers.

6. SharePoint Sign In Page

Tips for managing external users

Just like with Active Directory users, external users will need certain SharePoint permissions to sign in to the site. Now is the time to think about how you will handle assigning privileges and managing these external users.

One idea is to create SharePoint groups, to which external users can be added one by one. We have two courses of action:

  • Exact e-mail address which will be the user’s identifier.
  • Wildcard describing a group of addresses belonging to a specific domain.


7. Adding an entire domain to a SharePoint group


Regardless of how we manage access to SharePoint sites, managing access to WEBCON BPS application elements has to be defined separately.

By using the SharePoint group we created, we can conveniently assign privileges to it from within Designer Studio.

8. The entire “External users” SharePoint group is assigned modification privileges.


When assigning privileges to individual user accounts, we need to keep in mind that such an account will appear in the WEBCON system after it is used to sign in onto the SharePoint site at least once.

If we would like to accelerate this step, we need to do the following:

  • In Designer Studio go to System settings
  • In the Global parameters node, select BPS users list
  • Switch to the External provider users tab (middle tab)
  • Click on the “plus” icon on the right-hand side to add a user

9. Adding an individual external user to the BPS users list


From this point onward, the user login we added can be used at will, and once our applications are configured, the owners of the external accounts will be able to freely access and participate in the WEBCON BPS system.

10. Site preview for an authenticated account from outside the AD

Leave a Reply

Your email address will not be published. Required fields are marked *