Skip to Content
Technical Articles
Author's profile photo Franco Tornaghi
Franco Tornaghi
August 12, 2023 2 minute read

How to enable External Users

External users are the most restricted user type.

They are guests of your organization and they would be able to access to only the specific private external workspaces to which they have been invited to.

They also access to the dedicated home pages (for external users) and their user profile.

When “External Work Spaces” is enabled you will find the “External” permission option when creating a new Work Space (screenshot below).

Imagen de portada del artículo

This feature is not enabled by default, make this available could be a little tricky. Below a step by step to enable this feature.

Step by step to enable the Workspaces for external users

  • Go to you r Admin Console > Feature Enablement > Features,
  • Mark”Yes”.

Steps%20to%20enable%20external%20Workspace

Select External Workspace Creation

 

Immediately a Username and Password will be asked like shown below. This info could be extracted from the IAS panel.

 

The “Username” and “Password” could be obtained from the SAP Cloud Identity.

For this:

  • Loggin t your IAS Panel
  • Go to: “Applications & Resources”
  • Select your Work Zone Application in the left side panel. (1)
  • Go to: “Applications APIs” and select “Client Authentication”.(2)

 

 

A new window will appear in your right window, there you will find a section called “Secrets”.

If you have taken note of a secret already existing when you created it, you may use that “Username” and “password”.

If not, you may create a new one (recommended) by clicking on “Add” (1)

How%20to%20create%20a%20KEY

How to create a KEY

A number of options will appear.

  • Insert a “Description” you consider,
  • Expire in: “never”,
  • Scope: leave all the options flagged,
  • Press: Save.

The “Client ID” and the “client secret” will be provided, copy them since will be used in the next steps. This info could not be re-obtained.

 

 

Go back to your Wok Zone platform and fill the fields as:

Client ID > Username

Password: Client Secret.

If the info is correct the admin console will let you to save changes.

This will enable the “External Work Spaces” feature.

To let new external users access to this external workspaces it’s required to assign the BTP role collection “HR_Workzone_External_User”. This could be assign through a group usually called “Workzone_User_Type_public” in your IAS.

Hope this blog helps!

 

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Vianey Vargas
      Vianey Vargas

      Hello Franco!

       

      Excellente blog thank you very much! I have a question though.. if I want to assign automatically the group of “Workzone_User_Type_public” to every external user invited to WorkZone, is it possible? Because according to manual you need to create IAS as source system and Workzone as target and then filter through userType=Public but I am having a lot of errors when trying to send from source to target.. or is there any other way?

      Author's profile photo Franco Tornaghi
      Franco Tornaghi
      Blog Post Author

      HI Vianey.

      It seems to be an issue in the transformations.

      Check the transformations in the Identity provisioning to send "public" when matches your "Workzone_User_Type_public" group.

      Below an screenshot of source transformation.

      Below the target transformation

       

      And ensure to have active users into the "Workzone_User_Type_public" group.

      For sure it's possible to set the IAS different, but the above is what worked for me.

      If you like it give me a thumbs up!

      Regards

      Source Path