Users and groups

Permissions in Kadanza are managed based on user groups. A user needs to be part of at least one user group but can be assigned to as many user groups as you like. For each user group, you can control what the users in this group may see and do. We call this concept permissions. You can create different variations based on your use case and needs.

What are user groups?

User groups are... groups of users! These are important, as permissions in Kadanza are not assigned to individual users, but to user groups. With these groups you can create a permission scheme that aligns with your specific needs. Every user should be a member of at least one user group to access the platform. For this purpose, we have created the "All users" group. Every user is always a member of this group.

The main purpose of user groups is to organize users and control their permissions. In this section, you’ll learn how to create new user groups, assign users to user groups, and apply specific rights to a user group.

Via the context menu next to each group, or after clicking the user group name in the list, a detailed overview page of that specific user group will open. Here you can

Manage members: Add/remove members from the selected user group by (un)checking the checkboxes preceding their names.
- Search bar: search for specific users in the list
- Status: the status of a user (active or suspended)
- Cancel: click to discard your changes
- Save: click to save your changes
Edit: Allows you to change some group details:
- Group name: the name of your group (this name will only be visible to admins).
- Description: an optional description that can be used to describe the groups' purpose. This helps admins to understand why each group was created.
- Redirect on login: add a page where users are redirected to on login. If a user is in multiple groups with redirect settings, no redirect will occur.
Delete: This allows you to permanently delete the entire user group.

All users

This is the place where you find an overview of all your users. You can add new users here, and edit or delete existing ones.

What logged in users can access, see and do is based on the permissions granted to the user groups the user is member of.

Inviting users

Users that are not managed via SSO can be invited to access your Kadanza installation.

Click the 'Add new user' button to invite up to 100 users in one go. The invitation is done in 3 steps

Email: Enter the email address to which you would like to send the invitation. The email address will be the users' username.
- You can add up to 100 comma-separated email addresses in the modal to invite more users in one go.
- When a user is already active or invited, the email address will be highlighted so you can remove it from the list.
Select a role: Define the role of the invited user(s).
- Account owner: As admin, the account owner has full access to the admin console and editor. Content access is based on user groups.
- Admin: Also has access to the admin console, except for plan & billing, and editor. Content access based on user groups.
- User: No admin rights, can only view the pages based on the user groups
Add groups: Add usergroups to the user(s). The combination of these groups determine what the user(s) can see and do in the installation.

When ready, click 'Send invite' to send the invitations to the selected users.

During invitation, you can only select the role 'User' for now.

You can update a users' settings (role and groups) by editing the user from the All Users list once the invitation is accepted.

User details

You can open the user details page by either clicking the username in the list, or by selecting 'Edit' fdrom the context menu next to the user.

In this detail page you can

Change user status (enabled, suspended)
Delete a user from your installation
Manage the users' role
Manage the users' groups
See the SAML attributes assigned to the user on login via Single Sign-On (SSO)

Export user list

An overview of all users in your installation, including their user groups etc, can be downloaded via the context menu next to the "Add new user" button.

The file provides information such as username, first and last name, email address, last seen on, and all assigned user groups.

Organizing your team

Setting up the correct user groups to cover your use-case is essential in the configuration of your Kadanza installation. There are multiple ways in which you can decide on user groups. The two most common ways are based on function in the company, or based on permissions needed in an application.

Based on function in the company

Most companies are structured in multiple departments or teams. Users from these departments or teams often have the same permissions. So as an example, let’s assume we set up Kadanza for a packaging company specialized in creating cardboard boxes.

The departements in this company are:

Management: people focussed on the day-to-day management, finances,… of the company
Marketing: everybody working on marketing, communication, sales,…
Design: the people that design the new cardboard boxes and communication materials for the marketing team
Production: everybody in the factory who make sure all boxes are created, packaged,…

You could decide to create a user group for each team listed above. This provides a clear structure that is linked with your company's structure. The user groups created for this company could then be:

Management
Marketing
Design
Production

As a marketing employee, I am in the user group “Marketing”, as a production employee I am in the user group “Production” and so on. And based on which user group I am member of, I can see certain pages, access and download assets.

The Design group can have access to all design assets, while the Management group can only download optimized images for presentations. And the Marketing group is the only group that can use the smart templates to create marketing material.

If your company has an Active Directory (AD) in which all user accounts are managed, chances are high that a structure like the above is set up to handle all users. If you have SSO included in your license, these groups can be used on use login. But more on that in the “Access to Kadanza” section.

Based on permissions (in Kadanza)

Another way of creating user groups is by permission. This makes it more clear which user has specific permissions, and it allows people from different teams other permissions without adding them to another team group. Keep in mind that this approach might not match most AD setups, so your IT department will have to add some specific groups. Although this usually isn’t an issue, it’s something you can best discuss with your IT department.

As an example, let’s use the same packaging company, with the same teams.

The user groups created for this company could be:

Basic user: has access to a limited set of pages and asset categories.
Advanced user: has access to all pages and categories.
Upload: can upload, edit and delete assets.
Download: can download assets.
Create: can use the smart templates to create marketing material.

Marketing employees can be in the groups “Advanced user”, “Upload”, “Download” and “Create”, while managers are in the groups “Basic User” and “Download”. But if one specific manager should be able to upload assets, he can easily be added to the “Upload” group.

Both examples are fairly straightforward, but a lot more possibilities and combinations are possible. Important to remember from the above is that

Permissions are based on user groups
Users are member of one or more groups
What a user can do is based on the permissions granted to each group a user is member of.

From our experience, a combination of both function and permission-based configurations works best for most of our customers and ensures every possible scenario is covered.

When using Single Sign-On (SSO) to access Kadanza, the user groups are determined by your IT department. So be sure to discuss the options with your IT when SSO is required during the setup.