This content applies solely to Connected KYC, which must be purchased separately from the Appian base platform. This content was written for Appian 23.3 and may not reflect the interfaces or functionality of other Appian versions. |
When adding users to Appian Connected KYC, they initially won't have access to see or do much in the solution. In order to give them access to the information and actions that they need to do their jobs, you must add them to the appropriate groups.
Connected KYC comes with default groups that make it easy to grant the appropriate access to users. The solution uses business groups that represent the different business roles that will interact with the solution. For example, KYC investigator and Sales Department Heads. These business groups are members of security and wrapper groups, which grant access to different parts of the solution, such as starting a new Investigation or viewing account information.
By placing users into the business groups, the solution automatically assigns them the appropriate access for their business role. To understand what groups to put users in depending on the actions that they need to perform, see Actions users can perform based on their group membership on the Groups Reference Page. This page also gives more information on what business groups belong to which security and wrapper groups.
When you are setting up the solution, you will need to understand what business roles are required for your organization and modify the groups to fit your organization. You will also need to add users to the appropriate groups. This page outlines how to do both.
To give users appropriate access to Connected KYC, you must first add them to the necessary business and security groups. Generally, it is a best practice to only place users inside of business groups, not security groups. However, there are some security groups where it is preferable to grant membership to individual users.
For example, the AS FS Manage Processes security group grants access to the Connected FS Settings site and allows users to modify Investigation processes. Since Connected FS Settings is an administrative page, you may want to control access on an individual user level. For example, rather than giving access to all users in the KYC investigator group, you may want to limit it to a couple of individuals. In this case, you would add users to the security group, instead of adding a business group to the security group.
You can manage group membership either manually or automatically.
Modifying group membership can be done from two places in Connected KYC: the Connected FS Settings site and Appian Designer.
Business users can use the Connected FS Settings site to modify users in business groups. See Managing Group Membership for instructions on how to do this.
Administrators can also use Appian Designer to manage group membership. See Group Management for more information on this. However, Appian highly recommends that you use the Connected FS Settings site to manage all group memberships. Using Appian Designer to update group membership for Connected KYC may cause unwanted visibility changes or security vulnerabilities.
You can also configure an Appian process model to run periodically, typically nightly, which can automatically add users to different groups. This is typically hooked into an LDAP integration to ensure the LDAP system is what actually controls user access to groups. See the LDAP Synchronization Playbook article for more information about setting this up.
Syncing with LDAP would likely overwrite group memberships that were set using the Connected FS Settings site.
If you implement automatic syncing, you have two options:
If your organization has different business roles that the default business groups don't cover, you can create additional groups using Appian Designer.
To add a new business group:
If you configure additional functionality in the application, such as adding new records or related actions, it is recommended that you create a security group. Learn more about object security.
For example, the AS FS Create or Update Customer process model has associated security groups called AS FS Create Customer and AS FS Update Customer.
To add a new security group for an object:
Modifying Groups