User Management
Overview
The User Management section is where you can:
View lists of Service Agents, Robots and Self Service Users
Create, edit and delete Service Agents, Self Service Users and Robots.
Create, edit and delete User Groups to control permissions
Create and maintain User Roles
Reset user passwords and remove users and Robots.
You can access User Management from the toolbar link:
User Management is made up of the following sections:
Service Agents - this section is where you can create and manage the service agents in your system. Service agents are the people who in your service centres and deliver service to your clients, often using Work Manager to do this. Note that the Service Agents page will only appear if you have been given permission to access and edit users.
Robots - this section is where you can create and manage the robots in your system. Note that the Robots page will only appear if you have been given permission to access and edit users.
Self Service Users - this section is where you can create and manage the self service users in your system. Self Service users are the people who you are delivering service to and who are using Enate Self Service. Note that the Self Service Users page will only appear if you have been given permission to access and edit users and if a Self Service instance has been configured.
User Groups - this section is where you can create and manage the user groups in your system. this is a way of grouping together a number of service agents which, when used alongside the permissions feature, can be used to control access to parts of your business operations i.e. you can allow certain user groups to only work on items for a specific customer or contract or service, or even just to work on specific Case & Ticket processes.
User Roles - this section is where you can create and manage the user roles in your system. User roles determine which features service agents can access in Enate.
Application Credentials - this section is where you can create and manage the application credentials in your system. Application credentials allow smoother interaction with third-party systems by effectively granting the logged-in user's account's access levels to the Application Credential record to allow third-party systems using that record to act on this user's behalf.
Service Agents
Overview
The Service Agents page, accessed via the User Management section of Builder, is where you can add, edit and manage your service agents. Service agents are the people who in your service centers and deliver service to your clients, often using Work Manager to do this.
You can see a list of your existing service agents and information such as their first name, last name, username, email address, supplier company, when they last logged into Work Manager and their Operational and Builder Roles.
You can customize the order in which you want to view your service agents by clicking on each column header.
Additionally, you can choose to only show service agents that belong to a particular supplier company by using the company filter option at the top of the page.
You can also use the search function at the top of the page.
Adding a new service agent
To add a new service agent, go to the ‘Service Agents’ page in Builder’s User Management section and click on the '+' icon at the top of the screen. This will bring up the ‘Add User’ pop-up where you can enter the person's details.
General Settings
In the General tab you can add the following details:
Supplier
The organisation this user works for. You can add a specific company that the service agent works for OR you can select to make them a 'Global Agent' where they aren't linked to a specific company. Service agents linked to a specific company will not be able to be added as a contact to a work item belonging to a different company. 'Global Agents' agents have much more flexibility - they can be linked to any work item, regardless of company, letting them send and receive communications from them, and they can also be added to any team, regardless of the company the team leader is linked to. This is particularly useful when your organisation has different operations set up as separate customers.
Mandatory
Username
User’s username, with which they login to all Enate applications
Mandatory
First Name
User’s first name
Mandatory
Last Name
User’s last name
Mandatory
The user’s work email address
Mandatory
Language
User's preferred language for work Manager. See below for more details.
If a language is not set while creating the User, the system will use the language of the User’s company as its default.
The 'Welcome Email' will be sent in the selected language as well.
An end-user’s language setting determines which welcome email template to use, and when setting the value for schedule-driven Work Items (which have the name of the schedule as part of the Work Item title and therefore the email subject).
If the schedule name has been localised into that language, the system will use the localised term instead.
Time zone
The user’s local Time zone
Mandatory
Calendar
The working calendar for this user
Single Sign-On user
Whether the user can access Enate via single sign-on.
Use only in conjunction with environments which have been set up with Single Sign-on
Send Welcome Email
Whether to send an automated welcome email upon creating the user
Access Settings
Enate allows for a granular level of granting access to people based on their role and business requirements. These settings are defined in the Access tab. Here you have the ability to set the following levels of access:
Attribute
Description
Notes
Builder Role
This determines which Builder role the user has and therefore which Builder features the user will have access to. User roles are configured in the User Roles section of User Management in Builder.
Select either a standard or custom role from the dropdown. Optional.
Note: if you want the user to be able to access Builder, you must give them a Builder role.
Operational Role
This determines which Work Manager role the user has and therefore which Work Manager features the user will have access to. User roles are configured in the User Roles section of User Management in Builder.
Mandatory. Select either a standard or custom role from the dropdown.
Note: if you want the user to be able to access Builder, you must give them a Builder role.
Allowed Work Types
This determines whether the user can access test work items (via Test Mode) and/or live work items.
Mandatory. Select from:
Live
Testing
Testing and Live
User Groups
This determines the user groups that the user belongs to.
User Groups are used for controlling permissions to access certain types of data, e.g. for certain customers, contracts or services or even for specific Case or Ticket processes . If a user is part of a user group, the user will have permission to access data that has been configured for that User Group. Optional.
Further Details
The details tab lets you add more detailed information for the service agent, including:
Attribute
Description
Notes
Know As
What name is the user know by
Employee ID
Uniquely identifying ID for this user.
Total Capacity
The number of working hours (and mins) this user works per day.
Cost Per Hour
The resource cost of this user per hour while they are working
Can be used in costing reporting. Note that this value cannot be negative.
Service Line
What service line does the user work
Location
User's work location
Cost Centre
User's cost centre
Department
User's department
Employment Type
User's employment status
Start Date
User's employment start date
Password
In the Password Tab you must set the service agent's password according to your password policy.
See here for more information about setting your password policy:
Password PolicyAdding extra data fields to Service Agents
If you need to collect further information on a service agent beyond the default data fields, you can create and add in as many data fields as you need via extension properties.
Editing a service agent
You can edit the details of an existing user by clicking on the menu link on the right-hand side of the contact. All attributes can be modified with the exception of the company to which they belong.
You can also see what edits have been made to a user account and when, as well as when the user account was created, by clicking on the Show Activity button.
Deleting a service agent
You can delete a Self Service user by clicking on the menu link on the right-hand side of the contact.
Reactivating a retired service agent
If you need to reactivate a service agent you can do this via the 'Service Agents' screen in User Management section of Builder. Once you are on the ' Service Agents' screen go to your settings in the top right and enable 'Show deleted objects'. Once this has been enabled all service agents who have been deactivated will appear in the grid grayed out. Go to the ellipses menu at the end of the row of the service agent you wish to reactivate and select the 'Re-activate' option. This will reactivate that service agent account and set them as an active service agent.
Resetting a service agent's password
You can reset a service agent's password by clicking on the menu link on the right-hand side of the contact and selecting 'Change password'. You can then give them a new password according to your password policy.
See here for more information about setting your password policy:
Password PolicyGlobal Service Agents
Robots
Overview
The Robots page, accessed via the User Management section of Builder, is where you can add, edit and manage your Robots. Robots are the account for RPA bots to let them interact with the system.
You can see a list of your existing Robots, and information such as their name, their farm and whether or not they are externally managed.
You can customise the order in which you want to view your Robots by clicking on each column header.
You can also use the search function at the top of the page.
Creating a Robot
To add a new Robot, go to the ‘Robots’ page in Builder’s User Management section and click on the '+' icon at the top of the screen. This will bring up the ‘Add Robot’ pop-up where you can enter the person's details.
General Settings
In the General tab you can add the following details:
Attribute
Description
Notes
Username
Auto-generated username
This cannot be manually set, but is viewable here after robot creation. You can copy the Username by clicking on the copy icon.
First Name
The robot’s name, for use when tracking in Work Manager
Mandatory
Total Capacity
The number of working hours per day that the robot can work for.
Cost per Hour
The cost of the Robot resources
Allowed Work Types
Whether the Robot is set to work on Live work items, Test work items, or both.
Time zone
The user’s local time zone
Mandatory
Calendar
The working calendar for this user
Mandatory
Farms
The farm(s) this robot belongs to
Note that when linking a robot to a farm, you may need to create a new farm. See here for more information.
Note that a robot can belong to more than a single farm.
Access Settings
Enate allows for a granular level of granting access to people based on their role and business requirements. These settings are defined in the Access tab. Here you mu choose which Builder role to assign to the robot by selecting from the dropdown menu. This determines which Builder role the user has and therefore which Builder features the user will have access to. User roles are configured in the User Roles section of User Management in Builder. Select either a standard or custom role from the dropdown.
Password
In the Password Tab you must set the Robot's password according to your password policy.
See here for more information about setting your password policy:
Password PolicyAdding a New Robot Farm
When linking a robot to a farm, you may need to create a new Farm. This can be done by clicking the link in the farm dropdown.
You will be presented with a popup where you can define the name of the farm, a description, and choose the technology which it uses (current options: UiPath, BluePrism, Automation Anywhere).
Editing a Robot
You can edit the details of an existing Robot by clicking on the menu link on the right-hand side of the contact. All attributes can be modified with the exception of the Robot's username.
You can also see what edits have been made to a Robot and when, as well as when the Robot was created, by clicking on the Show Activity button.
Deleting a Robot
You can delete a Robot by clicking on the menu link on the right-hand side of the contact.
Reactivating a retired Robot
You are able to reactivate or "undelete" retired Robots by activating the system-wide ‘Show deleted items’ button. This will show you your retired Robots which will be greyed out in your grid. Clicking on the menu option of a retired user will shows you an option that allows you to reactivate that Robot and set them as active.
Resetting a Robot's password
You can reset a Robot's password by clicking on the menu link on the right-hand side of the contact and selecting 'Change password'. You can then give them a password according to your password policy.
See here for more information about setting your password policy:
Password PolicySelf Service Users
Overview
The Self Service Users page, accessed via the User Management section of Builder, is where you can add, edit and manage your Self Service users. Self Service users are the people who you are delivering service to and who are using Enate Self Service.
Note that the Self Service Users page will only appear if you have a Self Service instance configured.
You can see a list of your existing Self Service users, and information such as their first name, last name, username, email address, company, when they last logged into Self Service, and whether or not they can view community requests i.e. if they can view all of the requests that have been submitted to their company in Self Service.
You can customise the order in which you want to view your Self Service users by clicking on each column header.
Additionally, you can choose to only show Self Service users that belong to a particular company by using the company filter option at the top of the page.
You can also use the search function at the top of the page.
Adding a new Self Service user
To add a new self service user, go to the ‘Self Service Users’ page in Builder’s User Management section click the '+' icon at the top of the screen. This will bring up the ‘Add Self Service User’ pop-up where you can enter the person's details.
In the General tab you can add the following details:
Company
The organisation this user works for.
Mandatory. Note that once the user has been added, the company they belong to can no longer be changed.
Username
User’s username, with which they login to all Enate applications
Mandatory
First Name
User’s first name
Mandatory
Last Name
User’s last name
Optional
The user’s work email address
Mandatory
Language
User's preferred language
Optional
Time zone
The user’s local Time zone
Mandatory
Calendar
The working calendar for this user
Optional
Send Welcome Email
If you switch this on, the self service user will receive an automatic emails, such as a 'Welcome to Self Service' email and emails relating to the status of their submitted requests.
Optional
Can view 'My Company Requests'
If this option is switched on, the self service user can see community requests when they are logged into Self Service. This means that they can see requests submitted to their company.
Optional
In the Password tab you then need to set the self service user's password. Please note that passwords:
Should not contain the username, first name or surname of the user.
Should contain at least contain 8 characters.
Should not contain more than 16 characters.
Editing a Self Service user
You can edit the details of an existing user by clicking on the menu link on the right-hand side of the contact. All attributes can be modified.
You can also see what edits have been made to a user account and when, as well as when the user account was created, by clicking on the Show Activity button.
Deleting a Self Service user
You can delete a Self Service user by clicking on the menu link on the right-hand side of the contact.
Reactivating a retired Self Service user
You are able to reactivate or "undelete" retired Self Service users by activating the system-wide ‘Show deleted items’ button. This will show you your retired users which will be greyed out in your grid. Clicking on the menu option of a retired user will shows you an option that allows you to reactivate that user account and set them as an active user.
Resetting a Self Service user's password
You can reset the password of a Self Service user by clicking on the menu link on the right-hand side of the contact and selecting 'Change password'. You can then give them a new password as per password policy.
User Groups & Data Permissions
Overview
User Groups are, as the name suggest, ways of grouping together a number of users - specifically Service Agent type users. User Groups can be used for setting Permissions (see below) for a number service agents to specific parts of your business operations, i.e. for certain Customers, their Contracts, Services or even down to specific Case & Ticket processes.
Watch this video to find out more:
Creating User Groups
To create a user group, navigate to the 'User Groups' section of User Management, create a new group and add one or more users into it. Once saved, the User group is ready to use with permissions linking.
Adding a User to a User Group
When creating or editing a User account, you can select which user groups they should be in via their settings on the Access tab.
There are also further access options within the tab, see the section about managing access for service agents here
Setting Permissions
You can set user Permissions in conjunction with User Groups to control levels of access for your Service Agents to the various parts of your business operations (as represented in the Service Matrix screen - who are your customers, what services are you delivering to them).
You do this by linking the user group to the 'Permissions' setting at various points in the Service Matrix. You can either add permissions at customer/contract/service-level or at Case or Ticket process-level.
Link up at the customer/contract/service-level, that User group has access to all work items under that customer/contract/service. Conversely if you set down at the Case-process level, that User Group has access to work items within that Case process specifically within that customer/contract/service combination.
At Customer/Contract/Service-Level
Setting User groups with permissions at customer/contract/service can easily be done by navigating the to Service Matrix screen and clicking to edit the desired customer/contract/service.
Once that has been set, only users within this User Group have access to work items (creation, editing etc.) for that customer, contract or service.
For example, if you link up at the customer-level, that User group has access to all work items under that customer. Conversely if you set down at the Case-process level, that User Group has access to work items within that Case process specifically within that customer/contract/service combination.
At Case/Ticket Process-Level
To set permissions for a specific customer's Case or Ticket process, go to the Service Matrix, select the Permissions link and add the User Groups you want to be able to access it.
Note that any Permissions set at higher level will show read-only when accessing settings for any item in the Service Matrix.
Once that has been set, only users within this User Group have access to work items (creation, editing etc.) within that Case process specifically within that customer/contract/service combination.
User Roles & Feature Access
Overview
Enate allows for a granular level of granting access to people based on their role and business requirements.
This is done by assigning a role to a user. Each role has a number of access options configured for it which determine what they can see and do in Enate. Every user must have a Work Manager role, but only the users who need to access Builder need to have a Builder role.
Watch this video to find out more:
There are a number of standard pre-configured roles available that give your users various levels of access to Work Manager and Builder.
If a standard role doesn't quite fit the bill, you can create custom roles that allow you to fine-tune levels of access to give users the exact combination of access levels they need.
Custom roles might be particularly useful in the following circumstances:
In Work Manager: You may wish to create a custom role for your more senior team members which falls part-way between the standard 'Team Leader' and 'Team Member' roles, giving them access to some Team Leader-like features without needing to have them fulfil that role entirely.
In Builder: Custom roles can be very useful in larger organizations where you might want to delegate e.g. user management or localized Case/Ticket maintenance access in Builder to more local resources, while keeping shared configuration activities for master data to a more select few people.
How to assign a role to an existing user
You can assign the relevant roles to a user in the Service Agents section of Builder by:
Clicking to edit a user and then selecting the relevant roles from their access tab OR
Clicking on the user's role directly from the grid of user accounts, on the 'Operational Role' or 'Builder Role' column. This will then bring up the user's access tab:
Users can be given two roles: they must have an Operational role which grants them access to the relevant features in Work Manager and, if they need to access Enate Builder, they can be given a Builder role too. This Builder Role will give them access to build and maintain the data which underpins your business processes in Enate. The majority of your user base will likely be assigned with just an operational role, but your administrators, business analysts and some operational super users will also be assigned a Builder role. If you do not assign a Builder role to a user, they will not be able to access the Builder app.
What happens if I change a user's role while they are logged into the system?
If you change a user's role while they are logged into the system, the user will be automatically logged out with a warning message stating that their user session has ended. When the user logs back into the Enate system, they will be able to see and access the features that have been enabled for the new role they have been assigned.
If you edit the details a user's role while they are logged into the system, they will not be automatically logged out of the system, but they will not be able to use or see the changes to their role until they have logged out and logged back into the system.
How to view, create and maintain user roles
You can view, create and maintain your user roles in the new User Roles section of Builder - click on User Management and then select User Roles from the dropdown.
Here you will see the standard roles available in the system, as well as any custom roles you have and this is where you can create and maintain your custom roles.
Clicking on a user role will bring up the details for that role, including its name, description and access to which features are enabled for it.
Standard Roles
Enate provides some standard pre-configured roles to give your users access to the various Work Manager and Builder features that they need, which already have a variety of feature access options enabled. The feature access options for these standard roles cannot be edited.
Work Manager Standard Roles
There are two standard operational roles:
Team Member - this is for Agent users who process Tickets, Actions & Cases
Team Leader - this is for senior members who manage a Team and set Queues they oversee
The table below shows access to which features are enabled for team member and team leader roles
Work Item Creation
Can Create Individual Work Items
Yes
Yes
Can Bulk Create Work Items
No
Yes
Work Item Assignment
Can Assign to Anyone
No
Yes
Can Assign to Themselves
Yes
Yes
Can Unassign
No
Yes
Work Item Options
Can Override Due Date
Yes
Yes
Can Split Tickets
Yes
Yes
Can Merge Tickets
Yes
Yes
Can Convert to Case
Yes
Yes
Can Edit Defects Logged by Others
Yes
Yes
Can Edit Time Tracker Entries Logged by Others
No
Yes
Can Access Custom Data in Peer Review Actions
Yes
Yes
Can Delete Email Attachments
No
No
Queues & Team Members
Can View Queues & Team Members
Yes
Yes
Can Work on Items Outside their Queues
Yes
Yes
Can Set Up Team & Queues
No
Yes
Email View Options
Can Access Email Inbox, Sent Items & Outbox
Yes
Yes
Can Access Unprocessed Emails
Yes
Yes
Can View Blocked Email Addresses
Yes
Yes
Can Edit Blocked Email Addresses
No
Yes
Contacts
Can Access Contacts Page
No
No
Advanced Search
Can Access Advanced Search Page
Yes
Yes
Can Export Advanced Search views to Excel
No
No
Reports
Can Access Reports
Yes
Yes
Can Create Custom Reports
No
Yes
Builder Standard Roles
There are three standard Builder roles:
Local Builder - this provides more limited access to configure Ticket & Case processes
Master Builder - this provides users with access to create shareable master data, configure processes and set live
System Administrator - this provides full access to all configuration features in Builder, including integrations
The table below shows access to which features are enabled for the standard Builder roles:
Edit Business Entities
Companies
Yes
Yes
Yes
Contracts
Yes
Yes
Yes
Service Lines
No
Yes
Yes
Services
Yes
Yes
Yes
Edit Processes
Cases
Yes
Yes
Yes
Tickets
Yes
Yes
Yes
Edit Shared Process Data
Action General Settings
No
Yes
Yes
Action Types
No
Yes
Yes
Allocation Settings
No
Yes
Yes
Case Types
No
Yes
Yes
Due Date Settings
No
Yes
Yes
Ticket Categories
No
Yes
Yes
Ticket Types
No
Yes
Yes
Edit Queues
Queues
Yes
Yes
Yes
Set Tickets & Cases Live
Set Tickets & Cases Live
No
Yes
Yes
Edit Scheduling
Fixed Frequency Schedules
Yes
Yes
Yes
Schedules
Yes
Yes
Yes
Schedule Structures
No
Yes
Yes
Edit Calendars
Calendars
Yes
Yes
Yes
Edit Custom Cards & Data
Custom Cards & Data
Yes
Yes
Yes
Access User Management
Robot Farms
No
No
Yes
User Roles
No
No
Yes
User Groups
No
No
Yes
Users (Service Agents & Self Service Users)
No
No
Yes
Edit Mailbox Settings
Email Routes
Yes
Yes
Yes
Email Connectors
No
Yes
Yes
Edit Email Content
Canned Responses
No
Yes
Yes
Email Templates
No
Yes
Yes
System Settings
System Settings
No
No
Yes
Edit Integrations
Marketplace Configurations
No
No
Yes
Edit Localizations
Localizations
Yes
Yes
Yes
Delete Items
Delete Items
Yes
Yes
Yes
Custom Roles
If the standard roles don't quite match your organization's needs, you can create custom roles and customize the levels of access within the role.
You create and maintain custom roles from the User Roles section of Enate Builder.
To create a custom role for Work Manager, click the '+ Create New Custom Role' option in the Operational Roles tab, and to create a custom role for Builder, click the '+ Create New Custom Role' option in the Builder Roles tab.
You can create a brand new custom role in two ways:
Option 1 - From scratch, starting from a blank role where you will need to populate all your desired role data
Option 2 - By cloning an existing role (standard or custom) and adjusting the data accordingly. This option is useful if you only want to make a slight adjustments to an already existing role.
Whether creating from new or cloning from existing, proceed by giving your new custom role a name, description and then select what features you want the role to access. Once you have created your role be sure to save it before exiting the page.
Access Options Available
There are a large number of access options available to choose from when you are defining a role's access to the various features in Enate. The full list of operational access options are listed below.
Work Manager Access Options
Work Item Creation
Create Individual Work Items
This gives the user access to the following features:
creating a new work item from the Contact Activity Page
splitting a Ticket (as this results in the creation of two or more brand new work items)
converting a Ticket into a Case (as this creates a brand new Case)
sending an email to another internal team that is using Enate that will result in the creation of a new work item for that team.
Creating a new linked Case or Ticket
Creating a Sub-Case
Note that users can still use the merge item feature and they can still create links between existing work items.
Bulk Create Work Items
This gives the user access to use the bulk create feature.
Note that the 'Create Individual Work Items' option must be enabled for this 'Bulk Create Work Items' option to be enabled.
Work Item Assignment
Assign to Anyone
This gives a user access to assign or reassign a work item to someone else in their team, either from the homepage or from within the work item itself.
Assign to Themselves
This gives a user access to assign or reassign a work item to themselves, either from the homepage or from within the work item itself, or from Quickfind.
Unassign
This gives a user access to unassign a work item, either from the homepage or from within the work item itself.
Work Item Options
Override Due Dates
This gives a user access to override the due date of a work item from within the work item screen by clicking on the due date in the header and changing the date in the resulting pop-up (if the work item has been set up in Builder to allow the due date to be overridden).
Split Tickets
This gives a user access to use the split Tickets feature.
Note that the 'Create Individual Work Items' option must be enabled for this 'Split Tickets' option to be enabled.
Convert to Case
This gives a user access to use the converting a Ticket to a Case feature.
Note that the 'Create Individual Work Items' option must be enabled for this 'Convert to Case' option to be enabled.
Edit Defects Logged by Other
This gives a user access to edit, mark as resolved and delete defects that have been logged by other people.
Note that even without this access option, users are still able to add a new defect and edit, mark as resolved and delete defects that were added by themselves.
Edit Time Tracker Entries Logged by Other
This gives a user access to edit the time entries in the time tracker card that have been logged by other people.
Note that a user will always be able to modify their own time entries regardless of this access option.
Access Custom Data in Peer Review Actions
This gives a user access to edit custom card data in a Peer Review Action.
Note that even without this permission, users are still able to view custom card data and to choose if the review was a Pass, Fail or was Unable to be completed.
Delete Email Attachments
This gives a user access to delete an email attachment from the files tab section of a work item.
Queues & Team Members
View Queues & Team Members
This gives a user access to view their Queues and Team Members in the Team Bar, as well as access to view their team's work or owned work via the 'Team Work Inbox' and 'Team Owned Work' filters on the homepage grid.
Work on Items Outside Their Queues
This gives a user access to work on items assigned to any Queue (permissions permitting), as opposed to only being able to work on items which are specifically assigned to Queues that they are a part of.
Note that users will still be able to work on items that are not assigned to a Queue. Additionally, if this option is switched off users can continue to work on items which were already assigned to them that are not in their Queues. These items can be unassigned from the user manually.
Setup Team & Queues
This gives a user access to the team and Queues setup features via the 'Queues' page from the nav menu.
Email View Options
Access Email Inbox, Sent Items & Outbox
This gives a user access to the Email Inbox, Sent Items and Outbox features, available from the nav menu.
Access Unprocessed Emails
This gives a user access to the Unprocessed Emails feature, where users can review the unprocessed emails that have arrived into the system and decide how to deal with them (i.e. creating a work item from the email or deleting the email).
Note that if the 'Create Individual Work Items' access option setting is not enabled, users will not be able to create a work item from an unprocessed email, they will only be able to delete them.
View Blocked Emails Page
This gives a user access to view the blocked emails page and therefore access to view information for emails that have been blocked.
Note that this access option does not give users the ability to edit blocked emails information - they will need the 'Edit Blocked Email Address Entries' access option to be switched on as well.
Edit Blocked Email Address Entries
This gives a user access to edit the information for emails that have been blocked in the blocked emails page.
Note that the 'View Blocked Emails Page' access option must be enabled in order for the 'Edit Blocked Email Address Entries' access option to be enabled.
Contacts
Access Contacts Page
This gives a user access to the Contacts page where they can view and manage external contacts, available from the 'Contacts' option in the nav menu.
Advanced Search
Access Advanced Search
This gives a user access to the Advanced Search feature where they can create search views of work item data in their business area.
Export Advanced Search Views into Excel
This gives a user access to the Export to Excel feature in the Advanced Search page that allows users to export their Advanced Search views into Excel.
Note that the 'Access Advanced Search' option must be enabled in order to enable the 'Export to Excel' option.
Reports
Access Reports
This gives a user access to the Reports feature, available from the nav menu, where they can view and edit reports to visualize desired data.
Note that in order to enable this option, you must select at least one report the users in the role will be able to access from the resulting Report List option.
Create Custom Report
This gives a user access to the advanced features on the Reports page - they can create brand new visuals and delete existing visuals.
Note that the 'Access Reports' option must be enabled in order to enable the 'Create Custom Reports' option.
Report List
Choose which reports the role will be able to access
This allows you to choose which standard report(s) you want the users in the role to be able to access. You must select at least one.
Note that the Report List will not appear as an option until the 'Access Reports' option has been enabled.
Builder Access Options
The full list of Builder access options are listed below.
Edit Business Entities
Customers
This option gives users access to create & edit customer information in the service matrix screen.
Contracts
This option gives users access to create & edit contract information in the service matrix screen.
Service Lines
This option gives users access to add and to edit service lines from the service lines screen.
Note that Ticket Category details for a service line can still be edited by users without the 'Service Lines' access option if the 'Ticket Categories' access option is enabled for them.
Services
This option gives users access to create & edit service information in the service matrix screen.
Edit Processes
Cases
This option gives users access to create and edit Case processes. With this access option, users can:
Create a brand new Case process
Clone from an existing Case process
Add, move and delete existing Action types in series, parallel or in conditional flows
Add and edit general Case information in the Case info tab. Note that where applicable, they will only be able to choose from existing settings i.e. they will be able to add existing due date settings and allocation settings to the Case process, but will not be able to create new settings or edit the information within them as access to do so is controlled by different access setting options ('Allocation Settings' and 'Due Date Settings' in 'Edit Shared Process Data').
Add and edit Action information in the various Action info tabs. Note that where applicable, they will only be able to choose from existing settings i.e. they will be able to add existing due date settings, allocation settings and general Action settings to the Case process, but will not be able to create new settings or edit the information underlying them as access to do so is controlled by different access setting options ('Allocation Settings', 'Due Date Settings' and 'Action General Settings' in 'Edit Shared Process Data').
Add existing custom cards to the Case and its Actions
Restore a retired process
View the activity history of the Case
Decide whether to allow the Case to be started from the Contact Activity page in Work Manager
Decide whether to allow the Case to be started from Self Service
Save their updates
Note that this access option does not allow users to:
Create new Action types from the Case screen - this access is dependent upon the 'Action Types' access option under 'Edit Shared Process Data'
Set the Case process live - this access is dependent upon the 'Set Tickets & Cases Live' access option
Create new or update existing allocation settings, due date settings and general action settings. They will only be able to choose from existing settings as access to create or edit these settings is controlled by different access setting options ('Allocation Settings', 'Action General Settings' and 'Due Date Settings' in 'Edit Shared Process Data').
Tickets
This option gives users access to create and edit Ticket processes.
and With this access option, users can:
Create a brand new Ticket process
Clone from an existing Ticket process
Add existing Ticket categories into the Ticket process
Add and edit Ticket category information. Note that where applicable, users will only be able to choose from existing settings i.e. they will only be able to add existing due date and allocation settings, and will not be able to create new categories or edit the information underlying existing categories as access to do so is controlled by different access setting options (the 'Ticket Categories' access setting option in 'Edit Shared Process Data')
View the activity history of the Ticket process
Decide whether to allow the Ticket process to be started from the Contact Activity page in Work Manager
Add existing custom cards and email templates
Decide whether to allow the Ticket to be started from Self Service
Save their updates
Note that this access option does not allow users to:
Create new Ticket categories - this access is dependent upon the 'Ticket Categories' access setting option under 'Edit Shared Process Data'
Set the Ticket process live - this access is dependent upon the 'Set Tickets & Cases Live' access setting option
Create new or update existing allocation settings or due date settings. They will only be able to choose from existing settings as access to create or edit these settings is controlled by different access setting options ('Allocation Settings' and 'Due Date Settings' in 'Edit Shared Process Data')
Create new or update existing Ticket categories. They will only be able to choose from existing categories as access to create or edit Ticket categories is controlled by different access setting options (the 'Ticket Categories' access setting option in 'Edit Shared Process Data')
Edit Shared Process Data
Action General Settings
This option gives users access to create and edit Action General Settings in Case processes.
Note that the 'Edit Cases' access option under Edit Processes must be enabled in order for a user to edit Action general settings.
Action Types
This option gives users access to create and edit Action types from either the service line screen or from within a Case process.
Allocation Settings
This option gives users access to create and edit allocation settings for processes, regardless of their access to edit Cases or Tickets.
Note that either the 'Edit Cases' or 'Edit Tickets' access options under Edit Processes must be enabled in order for a user to edit allocation settings.
Case Types
This option gives users access to create and edit Case types from either the service matrix screen or from the service line screen.
Due Date Settings
This option gives users access to create and edit due date settings for processes, regardless of their access to edit Cases or Tickets.
Note that the 'Edit Cases' or 'Edit Tickets' access options under Edit Processes must be enabled in order for a user to edit due date settings.
Ticket Categories
This option gives users access to create and edit Ticket categories, either from the service line screen or from within a Ticket process itself.
Ticket Types
This option gives users access to create and edit Ticket types from either the service matrix screen or from the service line screen.
Edit Queues
Queues
This option gives users access to create and edit Queues, either from the process allocation settings or from the Queues section in System Settings.
Set Tickets & Cases Live
Set Tickets & Cases Live
Edit Scheduling
Triggers
This option gives users access to create and edit triggers - these allow you to drive Case creation based on a repeating frequency to trigger automatic creation.
Edit Calendars
Calendars
This option gives users access to create and edit working calendars - working calendars are linked to contracts and are used in day to day processing of work items to help determine precise due dates.
Edit Custom Cards & Data
Custom Cards & Custom Data
This option gives users access to create and edit custom data and custom cards.
Edit User Management
Robot Farms
This option gives users access to create and edit robot farms, accessible when creating or editing a robot user account.
Note that the 'Users (Service Agents, Robots & Self Service Users)' access option must be enabled in order for a user to edit robot farm data.
User Roles
This option gives users access to create and edit user roles.
Note that a user with this access option will not be able to edit their own user role.
Access & Edit Users (Service Agents, Robots & Self Service Users)
This option gives users access to view, create and edit service agents, robots and Self Service users.
Email Connectors
This option gives users access to create and edit email connectors, as well as access to view, create and edit an Office 365 integration where you can sync Enate to Office 365 email boxes, available in the System Settings page.
Note that without this 'Edit Connectors' access option, the Office 365 Integration will be hidden in the System Settings page.
Edit Email Content
Canned Responses
This option gives users access to create and edit canned responses.
Edit System Settings
System Settings
This option gives users access to create and edit system settings. These are the settings that take effect across the entire system and includes general settings, defect parties, file tags, suppliers, contact tags, password policy and SSO settings.
Note that users will not be able to create and edit Queues from here unless the 'Queues' access option has also been enabled. Additionally, note that the Office 365 integration, where you can sync Enate to Office 365 email boxes, will be hidden unless the 'Edit Connectors' access option is enabled.
Edit Integrations
Marketplace Configurations
This option gives users access to create and edit app integration configurations in Enate Marketplace.
Delete Items
Delete Items
This option gives users access to delete objects that they have edit permissions for.
Note that you cannot enable the Delete option without having enabled one of the edit options first for Builder Roles.
Application Credentials
Overview
The Application Credentials page gives developers a dedicated way to support how their APIs can be given access to the system.
Application Credential records can be created by an individual user logged into Builder. In creating such a record, the logged-in user effectively grants their own user account's access levels to the Application Credential record, to allow third party systems using that record subsequently to act on this user's behalf. However the user may not wish to grant the access which is available to all of the roles they occupy, so as part of the record creation they can specify a subset of roles which this Application Credential would have the power to use.
Using this Application Credential approach for granting API access has some advantages over using standard user accounts:
A single set of application credentials can have multiple concurrent sessions active.
You can select specific levels of access to grant each set of application credentials, keeping permissions only as expansive as they need to be.
Allows a more appropriate support for system-to-system communication.
Gives better tracking of which APIs are accessed by third party applications.
Technical Specifics
In technical terms, this feature allows Builder admin users to create sets of credentials, specifically 'OAuth Client Credentials' to access Enate & call APIs. Enate uses OAuth2.0 (Open Authorization) for token-based authentication and authorization. For more information on OAuth2.0, please refer to this link https://oauth.net/2/.
The approach is as follows:
An Enate user logs into Builder and creates an application Credential record (a specific 'ClientID & SecretKey' record, which is effectively a username & password).
External to Enate, you must call the Enate OAuth/Token API passing the client id and client secret to obtain a token (specifically a 'Bearer Token').
Ensure this Token is included in each API call which is made into the Enate system.
Bearer Tokens
The integration approach uses a type of tokens called 'Bearer Tokens' to access the Enate APIs. These Bearer tokens use HTTPS security, and the request is not signed or encrypted: possession of the bearer token is considered authentication. For more about OAuth 2.0 access tokens, refer to this link https://oauth.net/2/access-tokens/.
Note that the bearer token will expire if it is not used to make an API call for the length of time set in the 'Idle Session Timeout' setting in the General Settings section of Enate Manager.
If the bearer token does expire, the application credentials can be re-authenticated by using the '/OAuth/Token' Enate API to generate a new bearer token.
Additionally, any changes made to a user's roles (i.e. if a user gets assigned a new role or they are removed from a role) will cause the bearer token to expire.
If a bearer token does expire, the application credentials can be re-authenticated by using the '/OAuth/Token' Enate API to generate a new bearer token. Note that revoked roles will not get assigned to a new bearer token.
Creating a new Application Credentials Record
To support this feature we've added a new section in the User Management section of Builder to help manage different sets of Application Credentials you may wish to create:
The resulting screen will show a list of any existing Application Credentials which the logged-in user created before (Application Credentials created by other users are not displayed), including the roles the role(s) assigned to the user and the expiry date.
To create a new credential record, click on the '+' link, and fill out the details in the resulting popup:
Enter a name for the credential and add an expiration date. Then select the Operational Role you want the credential to have. If you want the credential to access Builder, select a Builder role too. These roles determine the various access options that a user will have access to.
Then click to generate a key. This will create:
A Client ID
A Secret Key
You should copy these two pieces of data at this point, for use in subsequent steps to create a Bearer Token outside of Enate.
Once the Credential record has been generated, it will be saved and stored in the Application Credentials page. You, as the creator of the record, can subsequently edit its name and expiry date and generate a new secret key for it. Credential records can also be deleted if desired.
Generating the Bearer Token - Sample
You should use the copied Client ID and Secret Key as inputs into your third party system, for example the Postman API testing tool. From example above, this would be:
Client ID: eba59171-ac3a-4527-939a-830494c2c5f6
Secret Key: 3@rn0i+0y5jRB8_n
The Third-party system should be making a POST API call to the '/OAuth/Token' Enate API to generate the bearer token.
For the API request, select 'x-www-form-urlencoded' in the body section to pass the three parameters below while making the API call to generate the token.
grant_type - client_credentials
client_id - 0f6c907b-00f4-4e12-8d75-41454b777533
client_secret - TLd55KNez61niSXO
Example:
This generates the Bearer token, which is then used to get authorization for API calls to Enate.
Using the Bearer Token
To make a new API call to Enate, select Type as ‘Bearer Token’ in the Authorization section of the API request, pass your generated bearer token and the request URL for the specific API you're looking for.
