This week we have got very good news for our Nintex for Office 365 users as we have recently rolled out a new release. One of the main features is the new functionalities introduced for Admin and Governance.
For many years, here at Nintex we´ve been relying on the underlying infrastructure, that is, SharePoint online, its security model and its artifacts for governance and security over the Office 365 tenant. However, we constantly receive a lot of feedback from our Office 365 users and personally i´ve had quite a few conversations with partners and customers demanding more control over the Nintex assets in their tenants: more admin features, more governance and more visibility mainly. Seems like that with the curren SharePoint assets is not enough to properly bring governance to our workflows and designers. That´s exactly why Nintex is introducing with this release these new Administrator Management features. Let´s have a deep look into that.
What it is?
As you may have noticed there´s a new element in the Workflow Gallery panel called Settings, currently with two tabs: General and Administrator Management.
The General Settings section doesn´t really bring anything new. In here we´re just bringing a couple of settings that were a little bit hidden, within the workflow designer such as the User Profile Grant access and the Connection Creation settings. Bringing those to the Workflow gallery makes more sense and allows us to consolidate all Governance and Administration settings in one place.
The Administrator management section introduces the concept of Nintex Administrator. From here you´ll find the ability of designating who the Nintex Admins for your tenants are. The first user to be added has to be an Office 365 user with Global Admin rights in your tenant and then this admin will be able to register any user as a Nintex admin.
With this first releaese, there are currently two things you can control as a Nintex Administrator:
- Limit the users who can publish workflows
- Create Tenant-Wide Connections
Let´s see in this post how to limit the workflow publishers. For creating the tenant-wide connections just check out the next post of this series: Deep Dive: The New Admin Settings in Nintex for Office 35 – Part II.
How to Add Nintex Admins to your tenant
The first time you´ll see this page it will show you an empty list. As I mentioned before, the first Nintex admin in your tenant can only be assigned by a user with Global Admin rights in your tenant. So, if your user has this role you could register your user as a Nintex Admin or, if not, you will have to ask one of your Global Admins to add your user. Be aware that once you are registered you cannot remove your own user, it will have to be another Nintex Admin to remove your user.
For that, all you have to do is click on Register as a Nintex Administator. That will then take you to the Microsoft Admin consent page in which basically you´d acknowledging that you agree with Nintex reading from your Directory the necessary information to register the user.
Once you accept that, you´ll see that, coming back to the Workflow gallery page, you´ve got a new option called Workflow Publishers enabled and that your user appears in the list of Nintex admins.
From this moment on, you can search and add any user as a Nintex admin for you tenant from the Administrator Management section.
How to Restrict Workflow Publishers
Once you are a Nintex Admin, from the Workflow publishers section you can control who can publish workflow across all the tenant. There are two possible configurations for this, as you can see in the interface.
- All users with design pemissions: That´s the setting by default. This in other words is how it works up until now, it just relies on the SharePoint permissions and all users with Designer permissions on the list/site can publish a workflow.
- Restrict workflow publishing: With this option Nintex will stop the previous configuration and only the users that you add here will be able to publish workflows in your tenant will no longer be able to do it. But don´t worry, you can always roll that back just changing to the All users option and it will be reset and turn back to the original situation.
Notice that it doesn´t mean that your users wont´be able to use Nintex anymore, they will still be able to open the designer, create workflows and even save them. They will be just prevented to publish them
If you restrict your workflows publishers the only users that will able to publish a workflow in your tenant will be the Nintex admins and the users that you add to this list of Workflow Publishers. The users that previously could publish workflows, as we mentioned, will continue to have access but for them, now they will see the Publish button greyed out and a warning message in red on top of the canvas.
That´s it, these are the only two steps you need to restrict your workflow publishers. And remember whenever you need revert to the default configuration in which all designer can publish workflows just come back to the workflow gallery and select the All users option.
Easy and powerful! Now, play a little bit with it, have a cup of coffe and I´ll see you in the next post of this series to see how to create Tenant-Wide connections:
This post is also available in: Español (Spanish)