User Management Summary
  • 11 Minutes to read
  • Dark
    Light
  • PDF

User Management Summary

  • Dark
    Light
  • PDF

Article summary

Loading Users to Planful

Your first task will be to load users to Planful. Here are a few options:

  • Data Load Rules - User friendly and most frequently used

  • Web Services - APIs, which require a more technically savvy Admin

  • User Page - Not realistic when loading many users as you have to load one at a time

Steps to Manually Add Users via the User Application Page

  1. Access the User page by navigating to Maintenance > Admin > User Management.
  1. Click Add.
  1. Enter a valid email address in the User Name field, which will serve as the user's login ID.
  1. Select a User Authentication Mode

    • Native—Login to Planful using the Login page.

    • SSO Provider—Login to Planful via Single Sign On. (Planful supports all providers who support the SAML 2.0 standard.)

  1. Enter the user’s first and last name.
  1. Select the user’s status, Active or Inactive. Users must be Active to access Planful.
  1. Assign a navigation role to the user. .
  1. Select Regular User or Reporting Administrator for the Reporting Role.
  1. Select User or Administrator for Support Role. The number of available Administrator roles is based on your Service Level Agreement (SLA). Select whether the user you are adding needs an Administrator support role or a User support role.
  1. Support ID is read-only field updated based on your system setup.
  1. Select Background Administrator to disable the user from logging into all Planful applications other than through Web Services. This is useful for a typical user account which is created to perform back-end tasks, such as DLR loads, Cloud Scheduler jobs, etc.
  1. Select Disable Password Expiry Check so that normal password expiry policy is not applicable for this user. This is useful for a user account created to perform back-end tasks, such as Data Load Rule loads, Cloud Scheduler jobs, etc.
  1. Select Enable Two Step Verification to prompt users to select a method for receiving a verification code (SMS, email, or phone app) which they will then use as part of their login process.
  1. Select Enable Webservice Access to enable web services access for the user.
  1. Click Save.

Security Cheat Sheet

User Access/Security Cheat Sheet

The table below provides high-level information on all the types of user security / access available, what the purpose of each is, and additional information.

Security/Access Type


Purpose

Additional Information


User (Individual) Security/Access

There are two types of users you can set up:

  • Business—Can perform all user tasks except for editing an External user, or locking or deleting the user.
  • External—Users external to your organization with access to your application. For example, a Planful partner. External user details cannot be edited; however, Business users can change the navigation access for an External user.

 

User Group Security/Access

Set up User Groups so that you can place multiple users into a group with the same security privileges.

 

Navigation Role

Navigation roles allow users to access specific navigation paths, which provides them with access to certain application pages and associated functionality. For example, a regular planning user might have Budget Input and Reporting access permissions, while a Planning Administrator might have access to Maintenance pages, Budget Input, and Reporting.

Required to be created prior to adding users. Applies to entire application.

Navigation Access

Goes hand-in-hand with Navigation Role. Select applications pages you want the navigation role defined to access. You'll assign users/user groups with a navigation role, which has navigation access defined.

Required to be defined. Applies to entire application.

Dimension Security

Secure dimension members (financial segments) based on reporting area. You must first configure your dimension security before you can add and configure users.

Once dimension security is configured, you can assign users to selected reporting areas and dimensions.

Approval Role

Specifies actions users can perform during budgeting process.

Required for the Structured Planning module.

Scenario Access

Users must have access to the scenarios so that they can enter template data for a scenarios budget entity, for example.

Required for the Structured Planning module.

Data Integration Security

Provide users with access to Data Load processes, select to allow users to edit or view processes.

 

Report Access

Provide users and user groups with access to generated reports.

 

Workforce Reporting

Provide users with access to Workforce Reporting.

Applicable to Workforce Planning.

Consolidation Security

Assign centralized and decentralized security, which basically means you can provide a user with access to a company and all related members or to a specific member or members within the hierarchy.

Applicable to Consolidation

Add-In Security

Provide users with access to Planful Add-Ins; for example, Offline Planning.

Using these add-ins is optional.

User Groups

User Groups Overview

The User Group page is used to add and edit groups of categorized users. If you need to provide a group of users with the same access privileges, it is easier to create a user group and assign group privileges rather than assign privileges to each user one-by-one.

How to Add a User Group

To create a User Group: 

  1. Navigate to Maintenance > Admin > User Management > User Group.
  1. Click Add.
  1. Enter a code and descriptive name for the user group.
  1. Select the users you want to associate with the user group.
  1. Click the users in the Unmapped Users pane that you want to add to the group, and use the right arrow to add them to the Mapped Users pane.
  1. Click Save.

Navigation Role and Access

Navigate Role and Access Overview

Navigation roles allow users to access specific navigation paths, which provides them with access to certain application pages and associated functionality.

How to Create a Navigation Role

  1. Navigate to Maintenance > Admin > User Management, then select Navigation Role.
  1. Click Add.
  1. Enter a code and name for the navigation role.
  1. Click Save.

Two Step Verification

What is Two Step Verification, How Does It Work, and How Do I Enable It

In order to enhance login security for your applications, enable optional two step verification for users.

When enabled, users will be prompted to select a method for receiving a verification code (SMS, email, or phone app) which they will then use as part of their login process.

You can always change your verification mode, if desired. For example, if you configure verification through Google Authenticator App and then lose your phone, you can change to Contact Number (SMS) or Email; or, if you configure verification through Email, you can change to Google Authenticator App; and so forth.

Note:
Two step verification is applicable only for login through the application web page, for both Native and SSO user accounts. It does not apply to login authentication via thick clients (Excel Add-in, Offline Planning) or Webservices requests.

To enable two step verification for a user:

  1. Navigate to Maintenance >  Admin > User Management
  1. Select a user from the list then click Edit, or click Add to create a new user. The Edit User screen appears.
  1. Select Enable Two Step Verification.
  1. Click Save. The user will now be required to perform the two step verification process the next time they log in.

To select a two step verification method: 

  1. Navigate to My Settings >  User Information > Two Step Verification.
  1. Select Enable Two Step Verification then select a verification method: 

    1. Contact Number (i.e., SMS) — Click Add Number to add a (mobile) phone device. The system sends a verification code to your phone. Enter your Verification Code then click Verify & Add.

    2. Email — Select and click the save icon. A verification code will be emailed to you, and the next time you login you must enter the code. 

    3. Authenticator App (i.e., phone app) — Select and then click Configure. Follow the instructions on the Configure Authenticator App screen that appears, for your Android, iOS, or Windows phone device, and then enter your Verification Code when complete.

  1. Click the save icon.
Note:
If you select step 2c, above, you must download the Google Authenticator App from either the Play store (Android), App store (Apple iOS), or Windows ( Windows phone). If you are unable to use any of the three methods listed in step 2, contact your system administrator so they can disable your verification requirement.

SSO Users

How to Reset an SSO User's Password

This information is applicable to Single Sign On (SSO) users for Offline Planning and Web Services configuration.

SSO users will have a Reset option available on the My Settings, User Information tab, accessed by navigating to Maintenance > My Settings > User Information. Click Change Password and follow the instructions to reset your password.

The first time an SSO user sets their password, Planful will not check for a current password. Subsequently, SSO users will be asked for a current password. You can change your password only if you enter the correct current password. You will be notified if the password entered does not match your current password.

Use password reset when you do not remember your current password. Click the link (Click Here to reset your password). An email will be sent and you will be guided through a process to reset your password.

Locking Users Out of Planful

How to Lock a User to Prevent Sign On 

  1. Navigate to Maintenance > Admin > User Management > User.
  1. Select a user.
  1. Select the three vertical dots, Lock or Unlock.
  1. Click OK.

Copying Users

How to Copy An Existing User to a New or Active User

You can copy an existing (i.e., source) user, along with all associated permissions and roles, to a target user. This is an easy way to give a new user the same permissions as an existing user.

Permissions and roles that can be copied: 

  • Dimension security

  • Navigation Role

  • Scenario Access

  • Data Integration Security

  • Analytics Security

  • Approval Role

  • Report Access

  • Excel Add-In security

  • All Consolidation related security permissions

  • User Groups, whereby all user groups the source user belongs to will be copied to the target user

Note:
Copying user permissions and roles overwrites all existing permissions for the target user, so proceed with caution.

How to Copy User Permissions From a Source to Target User 

  1. Navigate to Maintenance > Admin >User Management >User.
  1. Select the user whose permissions you want to use as the source user.
  1. Select the three verticle dots > Copy User Permissions. Note that the user you selected is listed in the Source user field.
  1. Select a target user from the User list left pane, then click the right arrow to add them to the Target users right pane.
  1. Click Save. The source users permissions and roles are copied to the target user.

Scenario Access

How to Provide Scenario Access to a User

Users must have access to scenarios to perform budget input on a selected scenario entity.

  1. Navigate to Maintenance > Admin > User,
  1. Select a user from the list, then click the three verticle dots > Scenario Access.
  1. Select the scenarios you wish to give the user access to.
  1. Provide users with access to all scenarios by checking or unchecking the scenario checkboxes.
  1. Click Save. To setup or edit more users, select them from the User pull-down menu and repeat the appropriate above steps.

Data Integration Security

Data Integration Security Overview

Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load.

You can assign users and user groups with data integration security options, which allows users and user groups to access specific Data Load Rule (DLR) processes. You can create data load rules to load files, copy and paste data, and use web services to load segment hierarchies, attributes, attribute hierarchies, entity hierarchies, users, HR data, currency exchanges rate, and other data.

How to Setup Data Integration Security for Users and User Groups

  1. Access the User page by navigating to Maintenance>  Admin > User Management.
  1. Select a user or user group.
  1. Select the three verticle dots then click Data Integration Security.
  1. Select one of the following options to assign to the user or user group, otherwise, all data integration information will be disabled for that user or user group.
    • Access to Data Load Process Setup and all Data Load Process—For Super Users and Admins who have access to all functionality within the Data Integration module. Allows the user or user group to create new data load processes or update existing ones. Select one of the following options: 
      • Allow the user to edit Data Load Rules—The selected user or user group will have edit privileges for all data load rules.

      • Do not allow the user to edit Data Load Rules—Selecting this option affects the Data Load Rules page and the functionality presented there. An alert is displayed when a user without edit permission tries to edit a data load rule. (See "Important Notes,"  below.)

    • Access to selected Data Load Processes—This option is for regular users. Allows users or user groups to access restricted data load processes and corresponding translations. Unmapped and mapped data integration process information is displayed when selected (see Step 5, below).
      • Allow the user to edit Data Load Rules—User or user group may edit the mapped or selected data load rules.

      • Do not allow the user to edit Data Load Rules - Select specific data load rules you do not want the selected user or user group to edit.

  1. If you selected Access to selected Data Load Processes in the above step, select the Unmapped ETL Processes and click the forward arrow to move the process to the Mapped ETL Processes pane, which provides the selected user or user group with access. (See Note, below.) 
  1. Click Save. To setup or edit more users or user groups, select them from the User or User Group pull-down menu and repeat the appropriate above steps.
Note:
ETL = Extract, Transform, and Load data from a database, as one process.

Important Notes

  • User without edit permission may still upload files, modify the grid on the Select Sample Input File page, and modify all Load Data page selections.

  • All functionality on the Select Sample Input File page will be disabled for users without edit privileges. The Next button on the Select Sample Input File page takes the user to the Load Data page, bypassing all other pages and selections.

  • For Web Services, users without edit privileges will have access to the Load Data page only.

  • For Actual Data Templates, there is change in behavior, regardless of the option chosen.

  • Users without edit privileges may not change the scenario on the Load Data page.

  • Access to the Define Data Mapping page will be disabled. This impacts the option of performing a partial data load using the across columns option. A user without edit access will not be able to map additional columns.


Was this article helpful?

What's Next