Axure Cloud for Business Accounts and Permissions
This document is a guide for managing Axure Cloud for Business user accounts. The information presented covers private instances hosted on Axure servers as well as on-premises installations.
Log in to an administrator account to access the controls described below.
Managing User Accounts
To manage your users' accounts, click on your avatar icon at the top-right of the Axure Cloud for Business web interface, and then select Admin Settings from the dropdown menu.
Adding Accounts
Before your teammates can access your Axure Cloud for Business private instance or on-premises server, you'll need to create user accounts for them. Users will still need to create a public Axure Cloud account, which is separate from their Axure Cloud for Business account, in order to activate their subscription in Axure RP.
Note
Adding new accounts on Axure Cloud for Business will add users on a publishing trial basis. During a publishing trial, users can publish projects without requiring an Axure RP Enterprise subscription or an Axure Cloud for Business seat.
Click Add Account at the top-right of the Manage Accounts page to open the Add Accounts dialog.
Enter the email addresses of one or more teammates you want to create user accounts for.
If you have configured Single Sign On (SAML), you can check the box for Use SSO to make the new user accounts sign in with their SAML credentials. (This can be enabled or disabled later.)
If you leave this box unchecked:
Private instance users will receive emails prompting them to create passwords to log in to their accounts.
On-premises users' passwords are set by the administrator in the Password field of the Add Accounts dialog.
You can optionally require users to choose new passwords upon login by checking the box for Require password reset on next login.
Finally, select the user access level you want to grant to the new accounts. (You can change a user's access level later.)
Note
Only the super administrator and technical admins can create other admin accounts.
Disabling Accounts
Disabling an account prevents the user from logging in or publishing to the Axure Cloud for Business server.
Locate the account you want to disable in the table on the Manage Accounts page.
Click the ellipsis menu in the far right column and select Disable.
In the dialog that appears, click DISABLE to confirm the action.
Note
You can reactivate disabled accounts by selecting Activate in the ellipsis menu.
User Access Levels
Note
If you are using Axure Cloud for Business On-Premises and are still using version 2.0.0.426 or lower, view this page to see the former user access levels.
Axure RP Role
Viewer | Publisher | |
---|---|---|
View, inspect, and comment on projects | ||
Create, publish, and edit projects |
Viewer
Viewers can:
- view, inspect, and comment on Axure RP projects and Axure Cloud artboard projects
Publisher
Publishers must occupy an Axure Cloud for Business seat or have an Axure RP Enterprise subscription.
Publishers can:
- view, inspect, and comment on Axure RP projects and Axure Cloud artboard projects
- create, publish, and edit Axure RP projects and Axure Cloud artboard projects
System Role
Guest | Member | Admin | Technical Admin | Super Admin | |
---|---|---|---|---|---|
Access workspaces they are invited to | |||||
Create workspaces and invite collaborators | |||||
Access all workspaces | |||||
Create guest and member accounts | |||||
Create admin accounts | |||||
Create technical admin accounts |
Guest
Guest accounts can:
- be added to workspaces
- participate in project discussions
Member
Member accounts can do everything guests can do. In addition, they can:
- create new workspaces and invite other users to join them
- be the owner of a workspace
- import workspaces
Note
Member and guest accounts can both be set to View only or Can edit for workspaces that they are invited to join.
Admin
Administrator accounts can do everything members can do. In addition, they can:
- create and manage guest, member, and other admin accounts
- add SAML/SSO to user accounts
- activate and disable user accounts
- view and self-invite to any workspace
Technical Admin
Technical administrator accounts are created for the purpose of handling the technical aspects of setting up and configuring the Axure Cloud for Business private instance or on-premises server.
Technical admins can:
- create and manage guest, member, admin, and other technical admin accounts
- activate and disable user accounts
- set up SAML/SSO
- add SAML/SSO to user accounts
- set up Active Directory and LDAP
Super Admin
The super administrator account is created during the Axure Cloud for Business setup process, and it manages all other user accounts on your private instance or on-premises server. There is only one super admin account per server.
Changing a User's Permissions
Admins can change a user’s system role or Axure RP role in the Manage Accounts page in Axure Cloud. To get to that page, click on your avatar and select Admin Settings from the dropdown menu.
Locate the account you want to edit in the table on the Manage Accounts page.
Under the System Role column, you can change a user’s system role to Guest, Member, or Admin. Technical admins and super admins can also change a user’s access to technical admin.
Under the Axure RP Role column, you can change a user’s Axure RP role to publisher or viewer.
Additionally, you can set the access levels for multiple accounts at once by checking them and clicking Set System Role or Set Axure RP Role at the top of the page.
Workspace Organization Access
Workspace owners and admins can designate workspaces in your organization to be invite-only. To do so:
Click the Invite button at the top of the workspace page to open the Share this Workspace dialog
Select Invite-only from the dropdown menu under the Organization Access section.
When a workspace is invite-only, users in your organization will see a lock icon next to the workspace name, indicating that they must be invited to join.
User Sign-In Options
Axure Cloud Password
By default, users can sign in to your Axure Cloud for Business private instance or on-premises server with the password they choose at account creation.
Users can reset their passwords at any time by clicking their email address at the top-right of the UI and selecting Manage Account.
Administrators can change users' passwords by following these steps:
Locate the account you want to edit in the table on the Manage Accounts page.
Click the ellipsis menu in the far right column and select Change Password.
Enter a new password in the dialog that appears, and click Change.
You can optionally require the user to choose a new password upon login by checking the box for Require password reset on next login.
SAML
Note
Axure Cloud for Business uses SAML 2.0.
If the user accounts will use SAML authentication, you'll first need to configure your Axure Cloud for Business private instance or on-premises server to use your identity provider. This must be done by the system administrator.
In the admin settings, switch to the Single Sign On (SAML) tab and provide the requested information.
Sign On URL: This is the URL your users will be redirected to in order to sign in to your SAML identity provider. You can get the Sign On URL from your identity provider.
Logout URL: This is the URL your users will be redirected to after logging out of Axure Cloud for Business. It can be any URL you like, including the Sign On URL.
Security Certificate (X.509): This file contains information Axure Cloud for Business needs to process authentication responses from your SAML identity provider. You can generate the Security Certificate through your identity provider, and you will need the following information to do so:
Service Provider Entity ID:
If you have a private instance of Axure Cloud for Business hosted on Axure servers, the Entity ID is your instance's subdomain.
https://[domain].axure.cloud
If you have an on-premises installation of Axure Cloud for Business, the Entity ID is the IP address or hostname of your Axure Cloud for Business server.
Assertion Consumer Service (ACS) URL: This is the Entity ID followed by /identity/consume.
https://[domain].axure.cloud/identity/consume
SSO with Microsoft Active Directory Federation Service
For information on setting up single sign-on with Microsoft's Active Directory Federation Service (ADFS), click the link below:
Axure Cloud On-Premises SSO with ADFS (PDF download)
Adding and Removing SAML from User Accounts
If you originally set up a user account with an Axure Cloud password but want to convert it to use SAML authentication, you can do so by going to the Manage Accounts page.
Locate the account you want to want to add SAML to in the table of accounts.
Click the ellipsis menu in the far right column and select Add to SSO. (This option will only appear if your system administrator has already configured SAML on the Single Sign On (SAML) tab.)
Alternatively, you can add SAML authentication to multiple accounts at once by checking them and clicking Add to SAML at the top-right of the page.
To remove SAML from an account, use the Remove from SSO option in the ellipsis menu.
Active Directory and LDAP
Note
Active Directory and LDAP only work with Axure Cloud for Business on-premises servers.
If the user accounts will use Active Directory or LDAP authentication, you'll first need to configure your on-premises server to use your Active Directory or LDAP server. This must be done by the super administrator or a technical administrator.
In the admin settings, switch to the Active Directory / LDAP tab. Select the radio button for Built In, Active Directory, or LDAP, and complete the form below.
Note
If Active Directory or LDAP authentication is enabled, SAML settings will be ignored.