Skip to main content

Automatically Assign the Process Contributor Role

You can allow users from your identity provider or with specific email domains to be automatically assigned the process contributor role in Tonkean using a just-in-time (JIT) provisioning option. This provisioning method is only for users without roles on their first sign-in.

This option is available if your organization manages process contributors using the manual and communication tool option or if your organization uses an identity provider for user provisioning and role management.

Users who sign in using instant access are granted the process contributor role permanently—until that role is revoked manually or in your identity provider. If you're using an identity provider, we strongly recommend provisioning users who sign in using instant access through your identity provider.

Enabling instant access alongside an identity provider does not override higher permissions that already exist.

To configure instant access on your Tonkean board, follow the steps below:

Enable Instant Access with the Manual & Communication Tool Option

  1. In the Contributor Settings, ensure Manual & Communication Source is selected and the Allow manual creation of new contributors checkbox is selected.

    process_contribs_manual_selected.png

  2. In the Email Domain field, enter the email domains for users you want to automatically assign the process contributor role (for example, "tonkean.com" for all users with a users@tonkean.com email address).

    process_contribs_add_email_domain.png

  3. When finished, select Save Changes.

Enable Instant Access with the Identity Provider Option

  1. In the Contributor Settings, ensure Sync Identity Provider users is selected.

    process_contribs_id_provider_selected.png

  2. Select the Enable instant access checkbox. The Scope options display.

    process_contribs_enable_instant_access.png

  3. Select one of two Scope options:

    • All users provisioned from identity provider - All users provisioned in your connected identity provider (for example, Okta or Entra ID) are automatically granted the process contributor role upon their initial sign-in.

      process_contribs_instant_access_all_users_provisioned_from_id_provider.png

    • Only users from whitelisted domains - Users who sign in with the specified email domains are provisioned in Tonkean and are assigned the process contributor role.

      When you select this option, you must enter the email domains for users you want to automatically assign the process contributor role (for example, "tonkean.com" for all users with a {name}@tonkean.com email address).

      process_contribs_enable_instant_access_whitelist_domain.png

  4. When finished, select Save Changes.

In this section: