Aware 2.0 - Recommendations for Adding a New User

This article contains information on setting up new users in Aware, including assigning roles, managing data access sets, configuring SSO, and best practices for granting permissions to Signal Policies or Search Results.

Adding a New User 

Adding a new Aware user requires administrative permissions. With Role-Based Access Controls (RBAC), every new user must be assigned a Role. This Role is linked to a Data Access Set, which defines and limits the user’s visibility and permissions within the Aware Applications and collaboration data.

Considerations

• Identify which Aware Applications the user will have access to.
• Assign the appropriate Role(s) to the user.
• Confirm whether internal departments will assist in identifying the user's Role.
• Ensure Roles and Data Access Sets are established before adding any users.
• Determine if SSO setup is required.
• Verify if users need access to pre-existing Signal policies or Search results and refer to the best practices below for granting access.

Key Reminders: 

• Ensure the user creation workflow is completed before assigning any Roles. The user will not be created if you try to assign the role during the initial process.
• Aware Users can have multiple Roles. 
• For current customers, if you want to add new users to view certain Signal Policies or Search Results that were created before RBAC migration, you will need to do one of three steps:
  • Change the Data Access Set associated with the Signal Policies/Searches
  • Create a role, attach it to the Data Access Set associated with the Signal Policy/Search, and add the user to that role.
  • Assign the associated migrated Data Access Set to the Signal/Search & Discover Admin Role.

Adding a New SSO User 

Adding a new user who will use Single Sign On (SSO) is easy and can be handled entirely by your Aware Administrator and Identity Provider Administrator.

• When setting up a new SSO user, we recommend waiting to assign Roles until after they have signed into Aware with their SSO credentials. Assigning Roles before could result in permissions being removed upon the first user login.