Access management

🔐 Accessing the Access Management Page

Navigate to: Administration → Access Management

There are three main tabs:

Users: View and manage user accounts.
Roles: View and assign custom roles.
API Clients: Manage API access

👤 Users Tab

In Vince Live users play a crucial role in managing and utilizing its features. There are two distinct types of users, each with different privileges.

Admin

Admin users possess full access to all features and functionalities within Vince Live. They have the authority to configure settings, manage user roles and permissions, and utilize all aspects of the software. Admin users hold the highest level of control and are responsible for overseeing the system's operation.

Users

End users, on the other hand, have limited access to Vince Live by default. They can only perform actions and access features for which they have been specifically assigned roles with associated privileges. These roles define the level of access and capabilities granted to end users. Without being assigned a role, an end user will have no access to the system.

When creating a user in Vince Live, several essential details need to be provided. These include the user's first name, last name, email address, phone number, and home address. Additionally, administrators must assign appropriate permissions or roles to the user. These permissions dictate what the user can and cannot do within the software, ensuring the right level of access and security.

Once a user is created in Vince Live, an automated email will be sent to the user's provided email address. This email will contain important information, including the URL to access Vince Live and the user's email address. Additionally, a temporary password will be provided, which the user will be required to change upon their first login to the system. This password change ensures enhanced security and confidentiality of user accounts.

By providing users with clear instructions and necessary login details via email, Vince Live simplifies the onboarding process and enables users to get started with the software seamlessly.

The Users tab lists all registered users with the following columns:

Column	Description
Full Name	Name of the user
Email	User’s registered email
Permissions	Access level (`Admin` or `User`)
Active	Indicates if user is currently active
Last Active	Last login timestamp
Roles	Number of assigned roles

Actions

Click the ⋮ icon for a user to:
- Manage User: Edit their profile
- Deactivate User: Revoke access

✏️ Managing a User

Click Manage User or the user row to open the user profile page.

Editable Fields

Field	Description
First Name	Required
Last Name	Required
Email	Required
M3 User Id	Optional, for M3 integration
Phone	Optional
Address	Optional
Permissions	Set to `Admin` or `User`
Roles	Assign roles via dropdown
Tags	Add metadata for internal categorization

To assign roles:

Use the Roles dropdown
Select from available roles (e.g. Group Creation 1, etc.)

After making changes, click Save.

➕ Adding a New User

Click + Add User
Fill in required fields: First Name, Last Name, Email
Set permissions and assign roles
Click Save

🧯 Deactivating a User

Click the ⋮ next to a user
Select Deactivate User
Confirm deactivation

This disables the user but does not delete their data.

Tag Management & utilisation

📘 Overview

Tags are dynamic, user-specific identifiers that allow you to personalize and control access to workflows, dashboards, and automation behaviors. This guide outlines the complete lifecycle of tag creation, assignment, and usage within the platform — tailored for admins, developers, and end users.

Key Use Cases:

Personalizing workflow input dynamically

Conditional dashboard filtering

Enabling user-segmented automations

🔧 1. Creating & Assigning Tags

🔐 Accessing Tag Management

To access and assign tags:

Click on Administration in the top navigation.
Select Access Management from the dropdown.
Navigate to the Users tab.
Click on edit to open their profile.
Go to the Tags section.

✍️ Creating a New Tag

Click Add Tag.
In the Tag Key field, enter a descriptive name.
- Tag suggestions will auto-populate if existing tags match your input.
Enter a Tag Value (string-based).
Click Save to assign the tag to the user.

🔄 Managing Tags

Action	Description
Edit name or Value	Click the tag name or value to update it
Delete Tag	Click the trash icon next to the tag.
Mandatory Fields	Both Tag Key and Tag Value must be filled.

⚙️ 2. Using Tags in Workflows

Tags streamline the way inputs are dynamically handled during workflow execution — enabling role- or profile-specific automation logic.

🧩 Configuring Tag-Driven Inputs

Go to your Workflow Editor.
In any step that accepts an input source, click Source and choose From Tag.
A dropdown appears with all available tags in your tenant.
Select a tag (you can reuse the same tag for multiple input fields).

▶️ Executing the Workflow

Behavior	Outcome
Tag Assigned	Input field is auto-filled and disabled (not editable).
Tag Missing	Error is shown next to the field, and the Execute button is disabled.
All Tags Present	Execute is enabled and workflow runs normally.

🔔 Important: Only tags assigned to the logged-in user are used at runtime.

✅ Best Practices

Use consistent naming for Tag Keys (e.g., Warehouse, BusinessUnit, Region).
Assign tags during user onboarding to ensure downstream compatibility.
Avoid hardcoding input values when tag-based dynamic input is available.

🛡️ Roles

Roles define permission sets which are then assigned to users or API clients. Each role can be linked to multiple apps, resources, and permission levels (Read/Write/All).

📋 Role List Overview

From the Roles tab, you can:

View all existing roles
See how many users are linked to each role
See how many permissions each role contains
Check the active/inactive status of a role
Perform actions like Edit, Delete, or Deactivate

🧑‍🤝‍🧑 Users in Roles

Hovering over the number of users shows a tooltip with specific usernames linked to the role.

🔧 Editing a Role

Each role defines access to specific apps, resources, and resource names (such as specific workflows or users).

Use the dropdowns to assign:
- App (e.g., Foundation)
- Resource type (e.g., Workflow, User)
- Resource name (e.g., Diwakar Export)
- Permission (Read / Write / All)

You can also add multiple permissions to the same role:

🔑 API Clients

API clients are used to automate interactions with Vince Live via external systems. Each client is issued an ID and secret, and is assigned one or more roles that determine its access scope.

🔍 API Client Overview

From the API Clients tab, you can:

View all clients
See their descriptions
Check activation status
Edit or deactivate individual clients

⚙️ Editing API Client Roles

You can link one or more roles to an API client. This defines what that client can access programmatically.

🧼 Naming & Cleanup Best Practices

To ensure clarity and avoid duplicates:

Always review existing roles before creating new ones
Use clear naming conventions (e.g., team-resource-type)
Regularly audit and deactivate unused roles or clients

🔐 API Clients Detailed Guide

Securely connect external systems to Vince Live using access-controlled API clients.

✨ What Are API Clients?

API Clients in Vince Live allow you to programmatically interact with the platform — securely and with permission-based access.

Each client is:

Issued a Client ID and Secret
Assigned one or more roles
Used to authenticate workflows, integrations, or third-party tools via OAuth 2.0

🔑 Think of API Clients like service accounts: they represent non-human actors accessing Vince Live with specific permissions.

🧠 Why Use API Clients?

You should use API Clients when:

You’re building integrations with Vince Live from external tools or systems
You want to automate workflows without using personal login credentials
You need fine-grained access control over what your integrations can do

Examples:

Exporting users to Excel
Syncing data with external CRMs or ERPs
Triggering workflows from external services

✅ What You’ll Need

Before creating an API Client, make sure:

You have Admin access to Vince Live
You’ve defined at least one role with the appropriate permissions (e.g., access to Users, Tables, etc.)

🧭 Step-by-Step: Create and Use an API Client

1. Go to Access Management → API Clients

Click + Add API Client.

2. Fill in the fields:

Field	Description	Required
Name	Unique name for your API client	✅ Yes
Description	Short summary of its purpose	Optional
Label	Optional tag (e.g., “ERP Export”)	Optional
Role(s)	Assign one or more roles	✅ Yes

⚠️ You cannot create two API clients with the same name.

3. Click Save

Your API client will now appear in the list with an Active status.

🔑 Get the Client ID & Secret

Click Edit on your newly created client
Use the Copy icons to copy your:
- Client ID
- Client Secret

These will be used when authenticating via OAuth 2.0.

🛡️ Keep your Client Secret private — treat it like a password.

🔌 How to Use in a Connection

To use this API Client in a Workflow or integration:

1. Go to Connections

Click + Add Connection

2. Set the following fields:

Field	Example Value
Auth Type	OAuth
Client ID	`abcdef123456...` (from API client)
Client Secret	`zyxwv987654...` (from API client)
Grant Type	`client_credentials`
Token URI	https://api.vincelive.dev/oauth/token
Base URI	https://api.vincelive.dev

Click Save. Your connection is now ready to use in REST API steps.

🔄 Use Case: Export Users via API Client Workflow

Let’s say you want to export users from Vince Live:

Create API Client with read/Write/Full access to the Users module
Create a Connection using the Client ID and Secret
Build a Workflow with:
- REST API step calling /users endpoint using the connection
- Transform step to format the output
Run the workflow and fetch the results to Excel or another system.

⚙️ Managing API Clients

✏️ Edit an API Client

You can update its name, description, or roles at any time.

🚫 Deactivate an API Client

Deactivated clients cannot authenticate or run workflows.

Useful when rotating credentials or revoking access.

🔁 Role Changes

If a role assigned to an API Client is deactivated, the client will lose access.

Workflows using that client may fail with 403 Forbidden errors.

🔍 Searching and Sorting

On the API Clients page, you can:

🔍 Search by client name
🔃 Sort by Name, Status, or Role
🧩 Filter by Active or Inactive clients

🛠 Tips & Best Practices

✅ Use one client per integration for better control
🔐 Rotate secrets periodically and deactivate unused clients
🧪 Test API clients using the REST API steps before going live
📋 Document each client's purpose in the description

🧪 Frequently Asked Questions

Q: Can I create multiple clients with the same name?

A: No. API client names must be unique.

Q: What happens if I deactivate a client?

A: Any workflows using that client will fail to authenticate (401 error).

Q: Can I assign multiple roles to a client?

A: Yes. The client will inherit the combined permissions.

Q: Can I view or regenerate the secret later?

A: You can view and copy the secret anytime — but rotating is manual.

🧠 Notes

A user can have multiple roles, each of which grants access to different functions.
Tags are useful for filtering or grouping users by department, customer, or usage.
Always keep user permissions and activity under review for security.