Users, User Roles, and Access Management

Team members' user roles and privileges are managed in the User Management section of Leapwork’s settings. 

After installing the Controller, the first thing you need to do is to create user accounts for everyone who require access to Leapwork. You can do this by creating the individual users in Leapwork or configuring access based on Active Directory (AD).

One user account is by default already created on the platform – the admin user. The password for this account was provided during installation. Do not lose this password as Leapwork cannot assist you in retrieving it.

Note: User management settings would be available if you are logged in as an administrator.

Adding users directly in Leapwork

To add a user, simply click on the Add user button. The following pop-up then appears:


As you will see, you only need to enter basic information in order to create a user account on Leapwork:

The Full name is used as the display name of a user. It is also the name used by Leapwork to identify the user in various logs and reporting, etc.

The Username is used when logging into the Leapwork Studio. The selection made in the Access drop-down menu decides which privileges the user has.

There are four access levels:

  • Administrator: Has full access to everything, including creating and maintaining users, assets, settings and viewing the audit log. Administrators can also access the encryption key for the database.
  • Contributor: Can create and edit all assets and execute flows but can’t edit some settings and can’t view the audit log.
  • Reader: Can open all assets in read-only mode, run flows but can’t edit anything. This is basically look-but-don’t-touch access.
  • No Access: Can’t view or edit anything. This access level is used to quickly remove access for users without deleting them.

The roles apply across all folders and flows in Leapwork, so a user with, e.g., the Reader role is only allowed to read information in any folder, flow, sub-flow, etc.

The next step is to set a password for the new user. You can define one manually or have Leapwork generate one for you.

The final step is to map a new user to an existing team.

Please note, that once you have set up user credentials, these will need to be shared with the user. 

Note: The team's collaboration and management features are only available in the Leapwork Enterprise Edition. The Administrator will not be able to see this option in Platform edition.

Using Active Directory (AD) to control access

Leapwork supports a mixed user setup, where some users are created directly as users (with a username and password) in Leapwork, and some users get the access via AD.

In order to use AD to control access to Leapwork, both the computer where the user's Studio is installed, and the Controller need to belong to the same AD. Otherwise the options shown below will not be available.

In the User Management section, the option Add AD/SSO User is visible if Leapwork supports AD access control. To add an access level for either a user or a group from AD, click on Add AD/SSO User button:

In the Select Users and Groups dialog, specify the AD name of a user and/or a group then click OK.


With the AD entity now selected, specify the access level for the selected entities. In the example below an AD group named EXTERNAL\test has been selected in the Select Users and Groups dialog:


Once the access level is set, click Save. The new configuration is shown in the list of access configurations.


Add AD (LDAP) User 

LDAP integration with Leapwork is a newly added feature. For more information about LDAP and Connection tab. Connection tab lets you set up a connection to the LDAP server.

To add an LDAP user or group, from Settings, go to User Management.Click on Add AD/SSO User and a new window opens:

Enter the User or Group name which should be used to authorize the user or group in the LDAP directory.

Select Access from the drop-down menu.

Check the Team checkbox based on your requirements. (Note: The Team checkbox is only available for Leapwork Enterprise Edition users).

Click Save to save the User or Group.

To the right of the Add AD/SSO User button, use the buttons Edit, Delete and Export to change or remove user profiles or to export them in an Excel format.

Add SSO User 

The Azure Active Directory (AAD) integration with Leapwork is a newly added feature. 

To add AD/SSO user or group, from Settings, go to User Management.

Click on Add AD/SSO User and a new window opens:

Enter the User or Group name that is existing in the AZURE ACTIVE DIRECTORY of the added connection.

Select Access from the drop-down menu.

Check the Team checkbox based on your requirements. (Note: The Team checkbox is only available for Leapwork Enterprise Edition users).

Click Save to save the User or Group.

To the right of the Add AD/SSO User button, use the buttons EditDelete and Export to change or remove user profiles or to export them in an Excel format.

Login options

When a user accesses the Studio the first time, they can choose how to log in - using a username and password or using the AD/SSO.


If Leapwork user is selected, the user will have to enter the username and password - typically provided by the administrator in an email or similar:


In case the user selects Active Directory user, the current Windows user is evaluated against the AD configurations in the user management section:


If a Windows user is member of more than one AD group, and the different AD groups allow different access levels in Leapwork, then the user will be given the highest privileges.

In case the user selects SSO user, the current Windows user is evaluated against the SSO configurations in the user management section:

For all the three types of login, the user will only be prompted to login once. After the first successful login, Leapwork will remember the login.