Who are Guest Users?
Guest Users are users with limited access to Amplify. Unlike Standard Users they will not be able to navigate the hierarchy to access initiatives and cannot be assigned as owners of items.
Guest Users will only be able to access the idea submission form. You can learn more about what this form looks like here.
How to create Guest Users?
Guest Users are created using your organization's identify provider (IDP) by defining a given person's Amplify user type as 'Guest'. If a person's Amplify user type is not defined (and they are allowed to access Amplify via your organization's IDP), they will be assumed to be a Standard User.
In order for Amplify to connect to your organization's IDP, SAML will need to be configured by your Amplify Administrator.
Enabling SAML & Guest Users
Prior to creating Guest Users in your IDP it is recommended that you read this article about how to configure SSO and SAML. In order to create Guest Users your organization's IDP must be connected to Amplify and the 'Create user if the user does not exist' setting must be enabled under Administration -> Authentication.
Managing Guest Users
In addition to creating Guest Users, you can also manage them in the following ways:
-
Upgrading Guest Users to Standard Users:
- Guest Users can be converted to Standard Users via your organization's IDP
- This will upgrade their permissions the next time they sign in via SSO. They will not be upgraded if they sign-in using username/password (as this does not check your organizations IDP)
-
Downgrading Standard Users to Guest Users:
- Standard Users can be converted to Guest Users via an organization's IDP
- This will downgrade their permissions the next time they sign in via SSO and will re-assign any existing ownership to 'Amplify Owner'. They will not be downgraded if they sign-in using username/password (as this does not check your organizations IDP)
-
Preventing Guest Users from accessing Amplify:
- Individual Guest User's can be locked under Administration -> Manage Users which will prevent them from signing in via either SSO or username/password regardless of the access permissions defined in your organization's IDP
-
Deleting Guest Users:
- Guest Users' Amplify access permissions should be revoked from your organization's IDP. This will prevent the user from signing in to Amplify. Additionally, Guest Users should be manually deleted from Amplify via Administration -> Manage Users