# Account Management
Account management allows you to create new users, access roles, access groups, workspaces, and institutions.
Note: You need to be an admin of your institution to be able to access account management settings.
To access the account management page, click on the user profile on the upper right corner, choose Account Management in the dropdown menu.
# Account Management Page
On the account management page, you can:
- Create and Delete Users
- Create, Edit, and Delete Roles
- Create, Edit, and Delete Groups
- Create, Edit, and Delete Workspaces
- Configure Single Sign On
# Managing Roles within your institution
Roles are a collection of scopes which can be tied to user groups. For example one could create an admin role with all scopes, or an analyst role that can view the Query Log and Activity Log but not edit AI Versions.
The Roles tab on the Account Management Page (shown above) allows you to Create, Edit, Delete, Import, and Export Roles. Searching and filtering is enabled as well.
To create a role, simply click the + Create Role button and fill out the form with name (must be unique), description, and select a set of scopes.
# Managing Groups within your institution
Groups are a collection of users and roles. Each user in the group will inherit the scopes from all of the associated roles. Groups are a good way to organize your instutition into teams.
The Groups tab on the Account Management Page (shown above) allows you to Create, Edit, and Delete Groups. The search bar enables filtering by roles and users, as well as plaintext search for group name. Sorting is additionally available.
To create a group, simply click the + Create Group button and fill out the form with name (must be unique) and description. One may also assign existing roles and users to a group during creation.
# Platform Scopes in Detail
| Scopes | Explanation |
|---|---|
| View Users | Give users the ability to view all the platform users but not edit their permissions nor delete them |
| Edit Users | Give users the ability to view and edit platform users permissions. |
| View Institutions | Give users the ability to view all the institutions created on the instance (Institution Management page) |
| Edit Institutions | Give users the ability to add new institutions, delete existing institutions or reset them. |
| View Query Log | Give users the ability to read Query Log with which you can see the most recent queries for all the AI versions in your institution; apply filter to see queries that meets certain conditions and export the queries as training data. To learn more about Query Log, go to Query Log section under Analyze in the Platform Reference. With the read-only permission, users won't be able to correct classification, bookmark the query or export the queries to training data. The ability to create test dialog from the query side bar is disabled too. |
| Edit Query Log | Give users the ability to edit Query Log. They will be able to do everything mentioned above. Without read and write permission, users won't be able to access Query Log and Export Logs under the logs section. |
| View Personalities | Give users the ability to read Personalities. Note that, you should always enable Read Personalities and Read Training since they go hand in hand. Users will be able to view all the competencies in all the AI versions, access training data and responses. Users won't be able to make any changes to them such as add data, import data, add transitions or edit responses but they can still export data and export response templates. You won't be able to create a new channel(device) on the Personalities page. |
| Edit Personalities | Give users the ability to edit Personalities. Same with read, you should always enable Edit Training together with Edit Personalities. With these two permissions, users will be able to edit and access all the functions under the Create tab. |
| View Training | See Read Personalities. |
| Edit Training | See Edit Personalities. |
| View Crash Log | Users will be able to read crash log which provides insights about error types such as undefined slots in a response template, internal server error regarding to the Business Logic etc. which can guide further AI model improvement. |
| View Activity Log | Users will be able to see activities taken place on the platform such as new user creation, logins, change edit AI version etc. |
| View User Tests | With this permission, users will be able to view all the test suits, dialogs and test results on the Testing page. |
| Edit User Tests | With this permission, users can run tests, edit, export and delete suits, import and create new suits and dialogs, also export testing report. |
| View Deployments | Give users the ability to see the applications launched on the Launch Page. |
| Edit Deployments | Give users the ability to launch, edit or delete their AI version to devices like Alexa, Google Home, Mobile app, Web app, Slack etc. |
| View Accounts | Give platform users the ability to read application end users account information. |
| Edit Accounts | Give users the ability to add or remove application end users. |
| View AI Models | Give users the ability to view details of all the AI versions as well as viewing the training progress. |
| Edit AI Models | Give users the ability to edit, export and delete all the AI models insides all the AI versions, including training data, responses etc. |
| Query | Users are able to test a query in the query sidebar and send in a query through the query endpoint. |
| View Crowdsource | Users are able to read crowdsource jobs but not launch or delete them. |
| Edit Crowdsource | Users are able to launch crowdsource jobs on the platform to collect data. |
| View Environments | Users may view the environments and applications on the Deploy tab. |
| Edit Environments | Users may create, edit, and delete, environments and applications on the Deploy tab. Addionally, users may deploy environments to production. |
| View VA Console | Users may view the console tab and configurations associated with the users institution. |
| Edit VA Console | Users may create, edit, and delete configurations on the Console tab. Additionally, users who have this scope may create, edit, and delete response elements. |
# Adding platform native users to your institution
Click + Create User, in the modal pop up enter a username, email, and password.
# Managing Workspaces within your institution
A workspace represents a group of projects. This allows users to organize projects and grant users access to different projects within the same institution. A user will have different scopes based on the groups associated with each workspace. For example, a user can have the Edit Training scope in one workspace but lack that ability in a different workspace depending on what groups belong to each workspace.
The Workspaces tab on the Account Management page allows you to create, edit, and delete workspaces. The search bar enables searching by workspace name.
To create a workspace, click the + Create Workspace button and fill out the form with name (must be unique across institution), description, and zero or more groups.
All projects will now belong to a workspace. On the main projects page, users can select among the workspaces they have access to, and the projects under the selected workspace will show on the page. Users can also select among workspaces on the global testing page, and the test suites that belong to the projects under the selected workspace will show on the page. The selected workspace will persist across sessions.
Similarly, the query sidebar will now have the option to choose the workspace on top of choosing a project. The list of projects/versions will automatically update if a user selects a new workspace. The selected querying workspace will persist across sessions.
# Managing App Keys
App Keys are used to authenticate and interact with Clinc with a given set of scopes.
The App Key tab on the Account Management Page (shown above) allows you to Create, Edit, and Delete App Keys.
To create an App Key, simply click the + Create App Key button. Fill out the form by adding a name, selecting one or more scopes and provide a referrer address if you wish to limit where the App Key can be used.
After creating an App Key we give you an opportunity to copy the key to your clipboard or download the key to your computer. This will be the only time we will display your App Key, so it is imperative you save it.
# Configuring Single Sign On for Your Institution
Admin users can set up single sign on for their institution. To set this up, go to the SSO tab under the Account Management page.
SSO will be disabled at first. Click Enable to enable the feature.
After enabling SSO, continue to Step 2 and fill in the form with details provided by your identity provider.
The Identity Provider Group IDs field is optional. If your IdP provides the option to set up Idp groups for whitelisting specific users, type in the Idp group IDs.
Click Save SSO Configuration. Users under this institution will now have SSO access.
To log in using SSO, go to the login page of the platform.
Check Login with SAML and type in the institution. Clicking Login will direct the user to their identity provider for authentication.
Users created through SSO login will start with only the Query scope. It is up to the institution admin to give additional permissions to each user.
Existing features such as session timeout will work as before for both platform native and sso users.
SSO users will be logged back into the platform automatically once they re-authenticate with their identity provider by clicking Log In.
# Converting Existing Native Platform Users to SSO Users
Native platform users who log in with SAML using the same email will be converted to SSO users and they will always use SAML to log in to the Platform in the future.
If a user logs in with SAML using a new email, a new SSO user will be created.
Once SSO is disabled, SSO users will no longer be able to log in to the Platform.
# Viewing SSO Users
On the Users tab, the admin user will be able to distinguish between native platform users and sso users.
Last updated: 09/05/2023