Book demo
Start trial
Book demo
Start trial

 

Users, user roles, and access management

Team members' user roles and privileges are managed in the User Management section of LEAPWORK’s Settings. 

After having installed the Controller, the first thing you need to do is to create user accounts for all that needs to be able to use LEAPWORK. Either by creating the individual users or configuring access based on Active Directory (AD).

One user account is by default already created on the platform – the admin user. The password for this account was provided during installation. Do not lose this password as LEAPWORK cannot assist you in retrieving it.

Adding users directly in LEAPWORK

To add a user, simply click on the Add user button. A pop up appears:

add users

As you will see, you only need to enter basic information in order to create a user account on LEAPWORK:

The Full name is used as the display name of the users. It is also the name used by LEAPWORK to identify the user in various logs, reporting, etc.

The Username is used when logging into Studio. The selection made in the Access drop-down menu decides which privileges the user has on the Platform.

There are four Access levels:

  • Administrator: Has full access to everything, including creating and maintaining users, assets, settings and view the audit log. Administrators can also access the encryption key for the database.
  • Contributor: Can create and edit all assets and execute flows but can’t edit some settings and can’t view the audit log.
  • Reader: Can open all assets in read-only mode but can’t edit anything or run flows. It’s basically look-but-don’t-touch access.
  • No access: Can’t view or edit anything. This access level is used to quickly remove access for users without deleting them.

The roles apply across all folders and flows in LEAPWORK, so a user with, e.g. the Reader role is only allowed to read information in any folder, flow, sub-flow, etc.

Last step is to set a password for the new user. You can define one manually or have LEAPWORK generate one for you.

Please note, that you have to share the credentials with the users.

Using Active Directory (AD) to control access

LEAPWORK supports a mixed user setup, where some users are created directly as users (username / password) in LEAPWORK, and some users get the access via AD.

In order to use AD to control access to LEAPWORK both the computer where the user's Studio is installed and the Controller need to belong to the same AD. Otherwise the options shown in the following will not be available.

In the User Management section, the option "Add AD User" is visible, if the LEAPWORK supports AD access control. To add an access level for either a user or a group from AD click the button.

In the "Select Users and Groups" dialog, specify the AD name of a user and/or a group and click OK.

With the AD entity now selected, specify the access level for the selected entities. In the example below an AD group named "GroupA" has been selected in the "Select Users and Groups" dialog.

Once the access level is set, click Save. The new configuration is shown in the list of access configurations.

Login options

When a user accesses Studio the first time, the user can choose how to log in: using username and password or using the Active Directory.

If "LEAPWORK user" is selected, the user will have to enter the username and password - typically provided by the administrator on an email or similar.

In case the user selects "Active Directory user", the current Windows user is evaluated against the AD configurations in the user management section.

If a Windows user is member of more than one AD group, and the different AD groups allow different access levels in LEAPWORK, then the user will be given the highest privileges.

For both types of login, the user will only be prompted to login once. After the first successful login, LEAPWORK will remember the login.