HsM provides the possibility to invite users. An existing HsM user can invite another user to participate in HsM and at the same time can define the roles that are assigned to this user.
Users can be invited in the context of a customer together with assigning roles for that user on that customer. Users can also be invited in the context of the system securable together with assigning roles on the system securable.
Behind the scenes an invitation will create a new HsM user (if that user does not already exist), will assign roles to that user on the securable and will optionally send an invitation email to that user.
Inviting users is bound to the capability USER_INVITATION. If this capability is not granted on the HsM instance, the only way to add customers is via business data synchronization. To invite users on a customer securable the inviting user must have the <%PC EDIT_USER_ASSIGNMENT%> permission, to invite users on the system securable the inviting user must have EDIT_USERS permission.
The invitees are identified by their email address (regardless if the invitee is already an existing user in HsM or not). The Client Service will check if the provided email address already identifies an existing user in HsM. If not, a new user will be created. This user is then assigned the roles specified by the inviting user on the customer where the user is invited. The inviting user can only assign those roles with the invitation that contain only permissions the inviting user effectively has on the customer where the invitation is created.
If not disabled by the inviting user, an invitation email will be sent to the invitee. The inviting user may include a personal message alongside the invitation which is then used to personalize the invitation email.
Note: Inviting a user creates a user in HsM and optionally sends an invitation email, but does not create the user in the identity service used by HsM. I.e. if the invitee does not have an account on the used identity service he has to create one himself. HsM creates a link between the user on the identity service and the HsM user by matching the email addresses stored in both systems.
Re-inviting a user
Users that are already created in the Client Service can be re-invited, i.e. the Client Service can remind the user that he is invited to work with HsM. Re-invitation is bound to the capability USER_INVITATION
A user can be re-invited in the context of the system securable if that user has at least one role-assignment on the system securable. Only users with permission EDIT_USERS can re-invite other users.
Users can be re-invited in the context of a customer if that user has at least one role assignment on that customer. Only users with permission EDIT_USER_ASSIGNMENTS can re-invite other users.
Note that users can be re-invited irrespective if they have already logged in in the past or not.
Locale of user-invitation and re-invitation e-mail
The locale that is used in invitation e-mails is evaluated as follows: If the user is already existing in HsM and has been logged into HsM at least once the locale to be used in the e-mail is taken from the user's settings on the identity service. Else the locale is taken from the customer's base data. If there is no locale defined in the customer's base data (locale is not mandatory there) then the locale is set to EN .
