2022 June Release

Organization MembersPermanent link for this heading

To allow users to access the Fabasoft Private Cloud, they have to be added as organization members to the organization.

The administration of members, external members, teams, organizational units and external organizations follows a uniform scheme. This allows you to quickly find your way around all areas of membership administration.

Lists in the Membership Administration

  • Lists provide an easy way to perform operations on multiple users simultaneously.
  • You can cut, copy or paste users and thus efficiently define the organizational structures. For example, you can use Ctrl + X to remove the selected users from a team.
  • The properties of users, organizational units, external organizations or teams can also be changed efficiently using column editing (F2 key or Ctrl + C and Ctrl + V).

Determining the Main Organization

If a user is a member of multiple organizations, the main organization is determined as follows:

  1. The user is a member of the organization and the organization's e-mail domain matches the user's email domain.
  2. The user is a member of the organization.
  3. The user is an external member of the organization.
  4. The user is a member of the trial organization and the e-mail domain of the trial organization matches the e-mail domain of the user.
  5. The user is a member of the trial organization.
  6. The user is an external member of the trial organization.

Import MembersPermanent link for this heading

Via the CSV import also many members can be created comfortably.

  1. In the dashboard of the organization click Membership, to open the membership administration.
  2. Click the “Import Members” action.
  3. Enter the path to the CSV file in the Content field.
    Note: Click the “Download CSV Template” button to retrieve a template that describes the necessary data structure.
  4. Click “Start Import”.
  5. After the import has finished, click “Next”.

The imported members are stored in the members list. In case of a re-import existing members are updated. The unique identification of the members is carried out via the e-mail address.

The “Invite Members to the Organization” action can be used to send an invitation e-mail to the imported members (see chapter “Invite Members”).

Data structure of the CSV file

CSV Column

Description

EMail

Log-in E-Mail Address (unique; required)

Note: Used as key if objexternalkey does not contain a value.

CN

Common Name (is necessary for the log-in with client certificates and has to correspond with the CN of the client certificate of the particular user)

PinPhone

Phone Number the SMS PIN Is Sent to (if not defined, the log-in e-mail address is used)

PinEMail

E-Mail Address the E-Mail PIN Is Sent to (if not defined, the log-in e-mail address is used)

PinRadiusID

RADIUS Server User Identification (if RADIUS is used, the user identification corresponding to your server configuration can be defined here)

PinOrder

Dispatch Type for Two-Factor Authentication

  • MPO_SMSFIRST (SMS)
  • MPO_EMAILFIRST (E-Mail)
  • MPO_RADIUSFIRST (Use RADIUS Server)

samlemail

E-Mail Address for Active Directory / SAML 2.0

FirstName

First Name (required)

MiddleInitial

Middle Initial

Surname

Surname (required)

Title

Title

PostTitle

Post Title

Sex

Sex (possible values: SEX_FEMALE, SEX_MALE, SEX_DIVERSE)

Salutation

Salutation

Birthday

Birthday (format: yyyy-mm-dd)

Street

Addresses (Street)

PostOfficeBox

Addresses (Post Office Box)

ZipCode

Addresses (ZIP Code)

City

Addresses (City)

State

Addresses (State)

Country

Addresses (Country)

Phone

Telephone Numbers (Business)

Fax

Telephone Numbers (Fax)

Mobile

Telephone Numbers (Mobile)

PrivatePhone

Telephone Numbers (Private)

Function

Function in the Organization

TeamKey

Import ID (of the team; if no team with the import ID is found a new one is created, otherwise the name is updated if applicable)

TeamName

Name (of the team)

AdminTeamKey

Team Administrator (possible values: Import IDs of the teams to be administrated separated by „|“)

Website

Website

Language

Language (spelling corresponding to the language e.g. Español; the possible values can be found in the CSV template or in the „Basic Settings” under Language; alternatively language identifiers according to ISO 639-1 can be used)

Edition

Edition (possible values: Fabasoft Cloud ID or reference of the edition)

Apps

Apps (possible values: Fabasoft Cloud ID or full reference of apps separated by „|“)

InvalidAuthMethods

Deactivated Authentication Methods (possible value: AuthenticationMethodUsernamePassword)

MainLocation

Default Data Location (possible values: at, de, ch; not available in the Fabasoft Private Cloud)

InvitationSent

Invited (possible values: true, false)

ManageHome

Manage Home (possible values: true, false)

CreateTeamrooms

Create Teamrooms – All Data Locations (possible values: true, false)

CreateTeamrooms-LocationAustria

Create Teamrooms – Data Location Austria (possible values: true, false; not available in the Fabasoft Private Cloud)

CreateTeamrooms-LocationGermany

Create Teamrooms – Data Location Germany (possible values: true, false; not available in the Fabasoft Private Cloud)

CreateTeamrooms-LocationSwitzerland

Create Teamrooms – Data Location Switzerland (possible values: true, false; not available in the Fabasoft Private Cloud)

TransferTeamrooms

Transfer Teamrooms (possible values: true, false)

grpolicysearchaudit

Use Search Folders for Audit Logs (possible values: true, false)

grpolicyaddmembers

Add Members to the Organization (possible values: true, false)

grpolicyremovemembers

Remove Members From the Organization (possible values: true, false)

grorgstructmanagers

Manage Organizational Structure (possible values: true, false)

grorgunitmanagers

Manage Teams (possible values: true, false)

grpolicyaddexternal

Add External Members to the Organization (possible values: true, false)

grextorgmanagers

Manage External Organizations (possible values: true, false)

grpolicyopenonlineex

Edit Office Documents in Microsoft Office Online (possible values: true, false)

grpolicyreadonworkspace

Open or Download Content on the Device (possible values: true, false)

ImageName

Photo (name of the image that should be assigned)

ImageTeamrooms

Fabasoft Cloud ID of the Teamroom that contains the images

objexternalkey

Unique ID

Note: Used as key if a value is present (thus allowing you to update the e-mail address that is otherwise used as key).

OverrideKeys

CSV columns of properties to be overwritten separated by commas (otherwise empty values are ignored and values are added in list properties)

For addresses, telephone numbers and organization policies following keys must be used for the related CSV columns: address, telephone, policies (for addresses, telephone numbers the following applies: overwriting is carried out within the corresponding type, e.g. Fax; for policies the following applies: empty cell is equivalent to false)

Note: To add several addresses or assign members to several teams, more lines with the same e-mail address (EMail) can be specified.

Add MembersPermanent link for this heading

In addition to the CSV import, members can also be created and managed individually.

  1. In the dashboard of the organization, click Membership to open the membership administration.
  2. Click the “Add Members” action.
  3. In the Users field, enter the e-mail address of the user.
  4. In the drop-down menu, click an existing user to add the user as a member. If no user with the entered e-mail address exists, click “Invite new user” to create a new user.
  5. To add additional members repeat step 3 and 4.
  6. If applicable, select the teams or organizational units to which the users should be assigned.
  7. Click the “Add” button.
  8. Assign an edition and apps to users without an edition and click “Assign”. This step is omitted, if all specified users already have an edition.
  9. Click “Invite” to send each member an e-mail with a link to the initial setting of the password. Click “Invite Later” to send the invitation later (see chapter “Invite Members”).

The added members can be further processed via the “Properties” context menu command.

Invite MembersPermanent link for this heading

If you have performed a CSV import or manually added users who have not yet been invited, you can send an invitation via the “Invite Members to the Organization” action.

To invite members, perform the following steps:

  1. In the organization, click the “Invite Members to the Organization” action. The action is only available if members are present who have to be invited.
  2. Define the recipients. For easy selection of recipients, the following recipient groups can be selected: not invited members, not registered members and members with open confirmation.
  3. The fields Subject and Message are prefilled. Take any necessary adjustments.
  4. Click “Invite”.

An e-mail with a link to the initial setting of the password is sent to the members.

Note:

  • Members can also be invited to organizational units, teams and external organizations.
  • The e-mail standard text can be defined in the properties of the organization (“E-Mail Invitations” tab).

State InformationPermanent link for this heading

To check the state information of users, navigate in the organization in the membership administration. The state information is shown as columns by default.

  • State
    Users can be the owner, member or external member of the organization. If the state must be confirmed by the user and the confirmation is still pending, the “Confirmation Required” state is displayed.
  • Invited
    Shows whether the user has been invited by e-mail. The value can also be manually changed to “Yes”, if the user should no longer to be considered in the “Invite Members” dialog, for example.
  • Registered
    Shows whether the user is registered and can therefore log into the Fabasoft Cloud.

Note: Users who rejected an invitation or have been excluded from the organization are displayed in the membership administration under “Exclusions”.

Change MembershipPermanent link for this heading

External members can be converted to members and vice versa.

To change the membership, perform the following steps:

  1. In the dashboard of the organization, click Membership.
  2. Navigate to the desired member or external member.
  3. In the context menu of the member or external member, click “Change Membership”.
  4. If applicable, select external organizations, teams or organizational units to which the user should be assigned to and click the “Change Membership” button.
  5. If a member has administrative rights in the organization, you must confirm the loss of the rights.

Changing a membership removes a member from all teams and organizational units and removes an external member from all external organizations.

Exclude MembersPermanent link for this heading

Members who have been excluded from an organization are also removed from all positions, teams and Teamrooms. When excluding a member, a successor can be defined. This successor is entered in the positions, teams and Teamrooms that the user has been excluded from.

To exclude a member from an organization, perform the following steps:

  1. Navigate to the desired member.
  2. In the context menu of the member, click “Exclude Member”.
  3. Define whether the member is to be informed by e-mail and the user is to be deactivated. If necessary, specify a successor.
    • The user can only be deactivated, if the user is managed by your organization. If the user is not a member of any other organization, the user is always deactivated.
    • Only members can be selected as successors of members. Members and external members can be selected as successors of external members.
  4. Click “Exclude Member” to confirm the exclusion.

Excluded members are displayed in the organization in the membership administration under “Exclusions”. Here you can also view the processing state of the exclusion.

Processing State:

  • In Progress
    The exclusion is processed using a background task. If an error occurs, this process is repeated up to five times. If the fifth attempt is also unsuccessful, the processing state is changed to “Manual” and the organization administrators receive an e-mail with the option to manually handle the unhandled Teamrooms and revoke access rights.
  • Finished
    The exclusion was successfully carried out.
  • Manual
    The exclusion could not be carried out completely automatically. The organization administrators will receive an e-mail with the option to manually handle the unhandled Teamrooms and revoke access rights.

Note:

  • Users who have full control in the organization’s Teamrooms and are members of this organization will be notified by e-mail. If the excluded user is the last user with „Full Control” in a Teamroom and no successor has been defined, the owner of the organization becomes the user with “Full Control” of the Teamroom.
  • Activities in the member's worklist are automatically assigned to the successor.
  • If a successor is defined when terminating the membership of a user with special organizational roles (e.g. co-owner), the successor is not entered in the organizational roles.
  • The removal of the user from the Teamroom and the adding of the successor to the Teamroom may take some time.
  • When terminating a membership in external organizations, organizational units or teams, those with full control in the Teamroom are also informed by e-mail, if the Teamroom is restricted to the affected external organization, organizational unit or team.
  • For Teamrooms of other organizations the following applies:
    • If the user's membership in his or her main organization is terminated, users with full control in Teamrooms of other organizations will also be informed about the exclusion and, if applicable, about the successor. The access rights can be manually adjusted by a user with full control.
    • If the user's membership in one of his or her non-main organizations is terminated, only Teamrooms that are restricted to the affected organization are handled.

Manage TeamsPermanent link for this heading

Teams are used for the informal structuring of organization members, external members and members of other organizations. For example, they can be used in Teamrooms to authorize the entire team.

To create a team, perform the following steps:

  1. In the dashboard of the organization click Membership and then click Teams.
  2. Click the “Create Team” action.
  3. Define a name. In the Define Team Members field, you can add users to the team.
  4. Click “Create”.

Note:

  • There are predefined teams per license type that are updated automatically. These can be used in app configurations, for example, as the app roles often correspond to the license types.
  • For teams you can define standard Teamrooms (see chapter “Standard Teamrooms”).
  • Organization administrators can define members who are entitled to manage all teams (organization dashboard > “Advanced Settings” > “Define Policies” > “Actions” tab > Manage Teams).
  • Organization administrators can define team administrators for individual teams (via the “Define Administrators” action in the respective team). The corresponding teams are placed on “Home” of the team administrators. Team administrators can perform the following actions:
    • add, invite and remove members
    • edit properties of the team
  • For teams, the “Notification Settings” tab can be used to define the workflow event settings. The notifications will be sent to the first e-mail address specified in the E-Mail Addresses field on the “Address” tab. Thus, not all members of the team are notified anymore, but only the defined e-mail address.

Define Authentication and Two-Factor AuthenticationPermanent link for this heading

The log-in can be carried out with username and password or client certificates.

For the two-factor authentication mobile PIN (SMS), e-mail PIN and one-time password via a RADIUS server are provided. Mobile PIN has to be purchased separately.

To change the settings for a user, perform the following steps:

  1. Navigate in the desired member and click the “Properties” action.
  2. On the “Account” tab, you can define the settings regarding the authentication and second factor.
    • Primary E-Mail Address
      The user can log in with this e-mail address. Notifications are also sent to this e-mail address.
    • Alternate E-Mail Address for Authentication
      The user can use this e-mail address to log in via username/password, Active Directory or SAML 2.0 (a login server has to be configured in the organization). The e-mail address is only required if it is not the same as the primary e-mail address. Thus, for example, the primary e-mail address can be used for receiving notifications and the alternate e-mail address can be used for the login server.
    • Common Name (CN)
      Defines the common name of the corresponding user certificate (certificate authorities have to be defined in the organization).
    • Mode of Dispatch for Mobile PIN
      Defines the primary second factor. Depending on the selected factor a phone number, a RADIUS user identification or an e-mail address has to be provided in the following fields. If several fields are filled, the user can select an alternative method when logging in.
    • Mobile Phone Number for Mobile PIN
      The PIN is sent to this phone number.
    • E-Mail Address for Mobile PIN
      The PIN is sent to this e-mail address.
    • User ID Used for RADIUS Server
      Defines the link between the user and the RADIUS server (a RADIUS server has to be configured in the organization).
    • Deactivated Authentication Methods
      To prevent the user from logging in using certain authentication methods, the not allowed authentication methods can be defined here. Before disabling authentication methods, make sure you do not lock out the user.
    • Login Options Acquired From
      Shows the login options that apply to the user (Active Directory/SAML 2.0, certificate, RADIUS; if available). Login options are determined for external members based on the following evaluation hierarchy (if no settings are available, the next level is considered): primary external organization, "All external members of <cloud organization>" and cloud organization.
  3. Click “Next” to save the changes.

Note:

  • Only administrators and owners of the primary organization of the user can change the user data. You find the primary organization in the properties of the user on the “User” tab in the Organization field.
  • The settings can also be defined via the CSV import.

Show Account Activities of MembersPermanent link for this heading

To view the account activities of members, perform the following steps:

  1. Navigate to the desired organization, team, external organization or (external) member.
  2. Run the “Show Account Activities” or “Advanced” > “Show Account Activities” context menu command.
  3. The account activities of the member are displayed and can be downloaded via the “Export Account Activities as CSV File” button.
  4. Click “Close”.

Note:

  • Only members who are managed by you are displayed.
  • If a member has never logged in, the columns in the CSV file are filled with “N/A”.

Manage External MembersPermanent link for this heading

Employees of suppliers, partner companies or customers can be added as external members to your organization. To simplify the cross-organizational cooperation even further, external organizations are available to combine and manage external members based on their company affiliation.

To manage external members, perform the following steps:

  1. In the dashboard of the organization click Membership, to open the membership administration.
  2. Within External Members you can import, add, invite or exclude external members.
  3. Within External Organizations you can create external organizations to be able to structure external members logically.

Note:

  • When importing external members (available CSV columns see chapter “Import Members”), the following two additional CSV columns are available in comparison to importing members: ExtOrganizationKey (import ID of an external organization) and ExtOrganizationName (name of the external organization). In addition, only the organization policies grpolicyopenonlineex and grpolicyreadonworkspace apply to external members. AdminTeamKey is also not available for external members.
  • External members consume licenses as members.
  • Editions and apps can be assigned to external members as to members.
  • External members cannot create Teamrooms that are assigned to the organization.
  • Only administrators and owners of the primary organization of the user can change the user data. You find the primary organization in the properties of the user on the “User” tab in the Organization field.
  • The by default created external organization “All external members” always includes all external members, regardless of whether the members are also assigned to other external organizations.
  • Organization administrators can define the primary external organization for an external member (“Organization Membership” tab, Primary External Organization field) if the user is a member of multiple external organizations. If the user is not a member of any external organization, the field is not displayed. When the user is initially added to an external organization, the field is filled automatically.
    The settings regarding login options are determined for the external member based on the following evaluation hierarchy (if no settings are available, the next level is considered): primary external organization, "All external members of <cloud organization>" and cloud organization.
    The administrators of the primary external organization are also authorized to terminate the user's external membership.
  • Organization administrators can define members who are entitled to manage all external organizations (Organization dashboard > “Advanced Settings” > “Define Policies” > “Actions” tab > Manage External Organizations).
  • Organization administrators can define members or external members as administrators for individual external organizations (via the “Define Administrators” action in the respective external organization). The corresponding external organizations are placed on “Home” of the administrators. Administrators can perform the following actions: add, invite and remove external members, terminate external memberships (only if the external organization is the primary external organization of the external member), define certificate and RADIUS settings, edit properties of the external organization.
  • For external organizations, on the “Advanced Settings” tab, trusted networks can be specified. For more information, see chapter “Define Trusted Networks”.
  • For external organizations, the “Notification Settings” tab can be used to define the workflow event settings. The notifications will be sent to the first e-mail address specified in the E-Mail Addresses field on the “Address” tab. Thus, not all members of the external organization are notified anymore, but only the defined e-mail address.

Manage the Organizational StructurePermanent link for this heading

The organizational structure is used for the hierarchical mapping of organizational units and positions of your organization. You can find the organizational structure in your organization under “Membership” > “Organizational Structure”.

  • Organizational Unit
    An organizational unit summarizes one or more positions and can contain subordinate organizational units. The hierarchy of organizational units is defined on the one hand by the tree structure of the organizational structure and on the other hand by the assigned hierarchy levels (e.g. business unit, division, team).
  • Position
    Positions are assigned to organizational units and are used to define the jobs in your organization. A concrete user can be assigned to a position.
    There are two types of positions: “Head” and “Staff Member”. This information can be used in the workflow for approvals (for example, the leave request for an employee is assigned to the head of the respective organizational unit).

Organizational administrators or users who are entitled via the “Manage Organizational Structure” policy are responsible for maintaining the organizational units and positions (for example, assigning a user to a position).

When you delete organizational units or positions, they are first placed in the wastebasket. There they can be permanently deleted or restored.

Define Hierarchy LevelsPermanent link for this heading

If you are in the organizational structure, you can use the “Settings” action to set the hierarchy levels. By default, the following hierarchy levels are predefined:

  • Management Board (Level 01)
  • Business Unit (Level 02)
  • Division (Level 03)
  • Team (Level 04)

You can use the “Properties” context menu command to adjust the name and level. You can obtain new hierarchy levels via the “New” background context menu command.

Note: Organizational units can only contain organizational units with a larger level value (for example, organizational units of level 02 can only contain organizational units from level 03).

Create Organizational UnitsPermanent link for this heading

If you are in the organizational structure, you can create organizational units using the “Create Organizational Unit” action. Navigate in organizational units that have already been created to create subordinate organizational units.

You can set the following values:

  • Name
    Defines the name of the organizational unit.
  • Staff Unit
    If an organizational unit is not part of the linear hierarchy, it can be marked as a staff unit.
  • Hierarchy Level
    Defines the hierarchy level of the organizational unit. Only levels with a higher value than the level defined in the superordinate organizational unit are displayed.
    Note: You can define the available levels in the settings of the organizational structure.
  • Description
    Defines the description of the organizational unit.
  • Import ID
    If the organizational structure is externally managed and imported, an import identifier for the organizational unit can be defined. This allows an update of the organizational unit.
  • Members with Role “Head”
    Defines the heads of the organizational unit.
  • Members with Role “Staff Member”
    Defines the staff members of the organizational unit.

Note:

  • You can use the “Move Organizational Unit” context menu command to move the organizational unit within the organizational structure.
  • To convert teams to organizational units, you can use the “Move to Organizational Structure” context menu command.
  • For organizational units, the “Notification Settings” tab can be used to define the workflow event settings. The notifications will be sent to the first e-mail address specified in the E-Mail Addresses field on the “Address” tab. Thus, not all members of the organizational unit are notified anymore, but only the defined e-mail address.

Create PositionsPermanent link for this heading

If you are in the organizational structure, in an organizational unit, you can use the “Create Position” action to create a position for the respective organizational unit.

You can set the following values:

  • Type
    Defines whether it is a staff member or a head position.
  • Staff Unit
    If a position is not part of the linear hierarchy, it can be marked as a staff unit.
  • Organizational Unit
    The position is assigned to the shown organizational unit.
  • User
    Defines the employee who is assigned to the position.
  • Primary Position
    If an employee is assigned to several positions, one position can be marked as primary. The primary position is used for evaluating the supervisor (e.g. in a workflow context).
  • Name
    Defines the name of the position.

Note:

  • You can use the “Move Position” context menu command to move the position within the organizational structure.
  • Additional fields are available when using the Fabasoft Personnel File.

Import the Organizational StructurePermanent link for this heading

If you are in the organizational structure, you can use the “Import Organizational Structure” action to import or update the organizational structure using a CSV file. The “Download CSV Template” button can be used to retrieve a template that describes the necessary data structure.

  • The Complete Organizational Structure Matching option allows you to define whether existing positions and organizational units that do not exist in the CSV file should be deleted.
  • The Only Update Organizational Structure option (only visible if Complete Organizational Structure Matching is disabled) allows you to define whether only existing positions and organizational units are updated. New organizational elements will not be created.

Alternatively, the import can also be carried out via an inbox (“Import Data” action, “Import Organizational Structure” import definition). For a complete structure matching, you must specify a user who will be informed via workflow, if there are organizational elements to be deleted. Deletion only takes place after manual confirmation.

The CSV columns are in general free-text fields of type string. The import ID can be used to update objects. Following CSV columns are available:

CSV Column

Field

Possible Value

Key

Import ID

string

Type

-

string (OrganizationalUnit, OrganizationalPosition)

ParentKey

-

string (import ID of the superordinate organizational unit; empty on top level)

Name

Name

string

Level

Hierarchy Level

string (import ID of the hierarchy level; only organizational units)

StaffUnit

Staff Unit

string (TRUE, FALSE; only organizational units)

UnitDescription

Description

string (only organizational units)

PositionType

Type

string (HeadPos, StaffPos; only positions)

PrimaryPosition

Primary Position

string (TRUE, FALSE)

User

User

string (import ID or if not defined the e-mail-address of the internal member; only positions)

Note:

  • If you change the entry for ParentKey or Level of an existing organizational element, the organizational element is moved accordingly.
  • If the Fabasoft Personnel File is licensed, additional metadata can be imported.