User Management & Permissions
On this page
Overview
Ademero provides comprehensive user management and permission controls to ensure secure access to your documents and workflows.
Key Concepts
Understanding users, groups, roles, and permissions is essential for proper system administration.
Security Model
Ademero uses role-based access control (RBAC) with granular permissions at the folder, document, and field levels.
Managing Users
Add, edit, and manage user accounts in your organization.
- Navigate to Settings > User Management
- Click "Add New User" button
- Enter user details (name, email, department)
- Assign initial role and permissions
- Send invitation email to user
User Profiles
Each user profile contains contact information, role assignments, group memberships, and activity history.
// User profile structure
{
"userId": "USR-12345","email": "user@company.com","name": "John Doe","role": "Manager","groups": ["Finance", "Approvers"],"permissions": ["read", "write", "approve"],"lastLogin": "2024-01-15T10:30:00Z"
}Bulk User Import
Import multiple users via CSV file or sync with Active Directory/LDAP for enterprise deployments.
Roles and Permissions
Configure roles with specific permission sets for different user types.
Default Roles
Ademero includes pre-configured roles: Administrator, Manager, User, and Viewer. Each can be customized.
| Role | Permissions | Use Case |
|---|---|---|
| Administrator | Full system access | IT admins, system managers |
| Manager | Read, write, approve, delegate | Department heads, supervisors |
| User | Read, write, upload | Regular employees |
| Viewer | Read only | Auditors, external users |
Custom Roles
Create custom roles tailored to your organization's specific needs with granular permission controls.
Permission Types
Available permissions include: View, Download, Upload, Edit, Delete, Share, Approve, and Administer.
Groups Management
Organize users into groups for easier permission management.
Creating Groups
Groups allow you to manage permissions for multiple users simultaneously. Common groups include departments, project teams, and approval committees.
Group Hierarchy
Groups can be nested to create hierarchical permission structures that mirror your organization.
Security Best Practices
Follow these guidelines to maintain system security:
- Implement principle of least privilege
- Regular permission audits
- Enable two-factor authentication
- Set password complexity requirements
- Configure session timeouts
- Monitor user activity logs
- Remove inactive users promptly
Single Sign-On (SSO)
Configure SSO integration for seamless authentication.
Supported Providers
Ademero supports SAML 2.0, OAuth 2.0, and OpenID Connect protocols. Compatible with Azure AD, Google Workspace, Okta, OneLogin, Ping Identity, and ADFS. Our SSO implementation follows industry standards for security and reliability, with automatic session management and token refresh capabilities.
Configuration Steps
Set up SSO by configuring identity provider settings, mapping user attributes, and testing the connection. Navigate to Settings > Authentication > SSO Configuration, enter your identity provider metadata URL or upload the XML file, map required attributes (email, name, groups), configure user provisioning options, and perform test authentication before enabling for all users.
Just-in-Time Provisioning
Enable JIT provisioning to automatically create user accounts during first login via SSO. User attributes from the identity provider are mapped to Ademero profile fields, and default roles can be assigned based on group membership. This eliminates manual user creation for large organizations and ensures immediate access for new employees.
Two-Factor Authentication (2FA)
Enhance security with multi-factor authentication options.
Supported 2FA Methods
Ademero supports multiple 2FA methods: authenticator apps (Google Authenticator, Microsoft Authenticator, Authy), SMS verification codes, email verification, hardware security keys (FIDO2/WebAuthn), and backup recovery codes. Organizations can enforce 2FA for all users or specific roles.
Enabling 2FA
Users can enable 2FA from their profile settings. Administrators can enforce 2FA organization-wide through Settings > Security > Authentication Requirements. Configure grace periods for compliance, backup contact methods, and recovery procedures for lost devices.
Audit Logs and Compliance
Monitor user activity and maintain compliance with comprehensive audit trails.
Activity Monitoring
Ademero logs all user actions including logins, document access, permission changes, configuration modifications, and administrative actions. Logs include timestamps, IP addresses, user agents, and detailed action descriptions. Export logs for external SIEM systems or compliance reporting.
Permission Audits
Regularly review user permissions to ensure compliance with security policies. The Permission Audit Report shows who has access to what, identifies over-privileged users, finds orphaned accounts, and highlights permission anomalies. Schedule automated audits to run monthly or quarterly with email notifications.
Compliance Reports
Generate compliance reports for SOC 2, ISO 27001, HIPAA, and GDPR requirements. Reports document access controls, permission changes, user activity, data retention policies, and security incidents. Export in PDF or CSV format for auditors and regulatory submissions.
Troubleshooting Common Issues
Solutions to frequently encountered user management problems.
Users Cannot Log In
Common causes: account not activated, password expired, account locked due to failed attempts, SSO misconfiguration, or network connectivity issues. Check user status in Admin Panel, reset password if needed, unlock account, verify SSO configuration, and review authentication logs for specific error messages.
Permission Errors
If users see "Access Denied" errors, verify their assigned roles include required permissions, check group memberships are correct, ensure folder/document permissions aren't overriding role permissions, and review permission inheritance settings. Use the Permission Checker tool to simulate user access.
SSO Connection Problems
For SSO issues, verify identity provider metadata is current, check certificate expiration dates, confirm attribute mappings match identity provider configuration, test connection using SSO test tool, and review SSO error logs for detailed error messages. Common issues include clock skew, expired certificates, and incorrect entity IDs.