You are here
You are here
User Management Overview
The management of users and what they are authorized to do in an account is an important consideration of any SpringCM implementation.
Regular maintenance of a SpringCM customer account includes periodically adding, deleting, and updating users and groups within the account. Other user management related tasks include password maintenance, user profile updates, and group membership assignment. This document provides an overview of user management within a SpringCM account, outlines best practices for synchronizing an existing customer user repository with a SpringCM account, and provides a methodology for implementing authentication via Single Sign-On (SSO) between the customer's environment and SpringCM.
SpringCM Address Book
In SpringCM, the Address Book is the primary interface for managing user creation and deletion, password management, group membership, roles, user profile information, and distribution groups. As SpringCM is a cloud based vendor, the Address Book provides everything a customer implementation needs to provide secure content to its end users without requiring any additional infrastructure in the customer's environment. When a customer chooses to do all of their user management directly in SpringCM, the management of users, groups, passwords, and profiles is done directly in the SpringCM Address Book user interface by an account administrator.
Synchronization and SSO
In many cases, SpringCM customers have already made a significant investment in creating and managing an enterprise user store as part of their local intranet, commonly an instance of Active Directory, an LDAP compliant directory, or custom database. Often times, when customers first implement SpringCM, the community of users granted access to the account may be comprised of a subset of the users in the enterprise repository as well as users that are not part of the enterprise repository such as contractors and partners. In this scenario, customers often will opt to maintain users in two places, managing authentication and authorization for applications hosted in the local intranet through the enterprise user store and manage SpringCM users through the SpringCM administrative user interface.
In other cases however, customers do not want to manage users, group membership, and passwords in two different places and find it advantageous to leverage their existing enterprise user repository as part of their SpringCM implementation. In this scenario, SpringCM offers multiple integration methods for synchronizing users, groups, and profile information from a customer enterprise user repository to the SpringCM Address Book. Additionally, a SpringCM account can optionally enable Single Sign-On (SSO) so that users will not have to keep a separate password to log into their SpringCM account. With SSO in place, authentication and password management is always delegated to infrastructure managed by the customer or a cloud based identity provider.