Applies to version 2017.1.x; Author: Paweł Snoch
WEBCON BPS is a system responsible for handling business processes, therefore it is also invariably tied to the people who carry out their assigned tasks and contribute to the business process. The Active Directory is the main source of information about a business’ employees (i.e. process participants).
In BPS version 2017 it is now possible to sign in to the system without being registered in the AD by using the External Users Module. Users from outside the company AD can instead use their LinkedIn or Microsoft accounts to access WEBCON BPS applications.
For new installations of WEBCON BPS, simply run the advanced installation. At the bottom of the Component selection page you will find the Other Components section. Make sure to select Installation from the dropdown next to WEBCON BPS External Users Module and then continue with the installation process normally.
1. Advanced WEBCON BPS Installation – Component selection step
If the system is already implemented, choose the Upgrade option instead. Similarly to a fresh installation, the WEBCON BPS External Users Module should appear in the bottom section of the component selection screen. Select Installation and complete the remaining steps of the upgrade process.
2. Upgrade WEBCON BPS system
NOTE: In both cases, make sure that the correct Web application is selected – the same one which cooperates with the rest of the WEBCON BPS system.
3. Web application selection for External Users
SharePoint log-in method selection
Once the module is installed, it is time to define what view the SharePoint user will have.
- Go to the SharePoint Central Administration
- From the Application management section, select Manage web applications
- Select the relevant application
- With the application selected, the Authentication Providers button on action panel should become active – click it.
- In the authentication section, the most important thing to do is marking WEBCON BPS Auth as a Trusted Identity Provider as well as entering the URL of the Sign In Page.
4. Configuring BPS Auth in the Central SharePoint Administration
If we would like the BPS Auth to be the default site, enter the following into the URL address field (pic. 4):
This is the best option for making sure that local AD users have no trouble signing in. All you have to do is mark the Redirection to default Windows authentication option in the Authentication providers section (pic. 5).
NOTE: The configured options will be visible after deleting cookies.
Registering authentication providers
It allows the company to use external log-in providers without registering your system with all the individual providers separately.
The registration form will appear for companies that aren’t already registered on https://auth.webconbps.com. To begin, click on the “Register” button and fill out the form.
5. Choosing authentication providers
After filling out the form, the Sign In page will include the selected providers.
6. SharePoint Sign In Page
Tips for managing external users
Just like with Active Directory users, external users will need certain SharePoint permissions to sign in to the site. Now is the time to think about how you will handle assigning privileges and managing these external users.
One idea is to create SharePoint groups, to which external users can be added one by one. We have two courses of action:
- Exact e-mail address which will be the user’s identifier.
- Wildcard describing a group of addresses belonging to a specific domain.
7. Adding an entire domain to a SharePoint group
Regardless of how we manage access to SharePoint sites, managing access to WEBCON BPS application elements has to be defined separately.
By using the SharePoint group we created, we can conveniently assign privileges to it from within Designer Studio.
8. The entire “External users” SharePoint group is assigned modification privileges.
When assigning privileges to individual user accounts, we need to keep in mind that such an account will appear in the WEBCON system after it is used to sign in onto the SharePoint site at least once.
If we would like to accelerate this step, we need to do the following:
- In Designer Studio go to System settings
- In the Global parameters node, select BPS users list
- Switch to the External provider users tab (middle tab)
- Click on the “plus” icon on the right-hand side to add a user
9. Adding an individual external user to the BPS users list
From this point onward, the user login we added can be used at will, and once our applications are configured, the owners of the external accounts will be able to freely access and participate in the WEBCON BPS system.
10. Site preview for an authenticated account from outside the AD