Users, user roles, and access management

Team members' user roles and privileges are managed in the User Management section of LEAPWORK’s settings. 

After installing the Controller, the first thing you need to do is to create user accounts for everyone who require access to LEAPWORK. You can do this by creating the individual users in LEAPWORK or configuring access based on Active Directory (AD).

One user account is by default already created on the platform – the admin user. The password for this account was provided during installation. Do not lose this password as LEAPWORK cannot assist you in retrieving it.

Adding users directly in LEAPWORK

To add a user, simply click on the Add user button. The following pop-up then appears:

As you will see, you only need to enter basic information in order to create a user account on LEAPWORK:

The Full name is used as the display name of a user. It is also the name used by LEAPWORK to identify the user in various logs and reporting, etc.

The Username is used when logging into the LEAPWORK Studio. The selection made in the Access drop-down menu decides which privileges the user has.

There are four access levels:

  • Administrator: Has full access to everything, including creating and maintaining users, assets, settings and viewing the audit log. Administrators can also access the encryption key for the database.
  • Contributor: Can create and edit all assets and execute flows but can’t edit some settings and can’t view the audit log.
  • Reader: Can open all assets in read-only mode, run flows but can’t edit anything. This is basically look-but-don’t-touch access.
  • No access: Can’t view or edit anything. This access level is used to quickly remove access for users without deleting them.

The roles apply across all folders and flows in LEAPWORK, so a user with, e.g. the Reader role is only allowed to read information in any folder, flow, sub-flow, etc.

The next step is to set a password for the new user. You can define one manually or have LEAPWORK generate one for you.

The final step is to map a new user to an existing team.

Please note, that once you have set up user credentials, these will need to be shared with the user. 

Please also note that the teams collaboration and management features are only available in the LEAPWORK Enterprise Edition. The Administrator will not be able to see this option in Platform edition.


Using Active Directory (AD) to control access

LEAPWORK supports a mixed user setup, where some users are created directly as users (with a user name and password) in LEAPWORK, and some users get the access via AD.

In order to use AD to control access to LEAPWORK, both the computer where the user's Studio is installed and the Controller need to belong to the same AD. Otherwise the options shown below will not be available.

In the User Management section, the option "Add AD User" is visible if LEAPWORK supports AD access control. To add an access level for either a user or a group from AD, click the highlighted button:

In the "Select Users and Groups" dialog, specify the AD name of a user and/or a group then click OK.

With the AD entity now selected, specify the access level for the selected entities. In the example below an AD group named "GroupA" has been selected in the "Select Users and Groups" dialog:

Once the access level is set, click Save. The new configuration is shown in the list of access configurations.

Login options

When a user accesses the Studio the first time, they can choose how to log in - using a username and password or using the AD.

If "LEAPWORK user" is selected, the user will have to enter the username and password - typically provided by the administrator in an email or similar:

In case the user selects "Active Directory user", the current Windows user is evaluated against the AD configurations in the user management section:

If a Windows user is member of more than one AD group, and the different AD groups allow different access levels in LEAPWORK, then the user will be given the highest privileges.

For both types of login, the user will only be prompted to login once. After the first successful login, LEAPWORK will remember the login.