5.8.0+: assignment model changed. Up to 5.7.0, a role assigned to a user or group at organization level granted access on every project that listed the role. Starting with 5.8.0, role assignment is per-solution: define roles and groups here at organization level, then assign them to users or groups from the Share modal on the Solutions page. End-user groups also moved from Keycloak to FlowX. See Runtime authorization for the new model.
Overview
End-user access management lets organization admins control who can access published solutions at runtime. Unlike Designer users (who build processes and workflows), end users interact with the finished solutions through the container app. Manage end users from Organization Settings → Access Management, where two sections handle runtime access:- End-Users: Invite and manage users who access solutions
- End-Users Groups: Organize users into groups with role assignments and custom attributes
End-users
View and manage the list of end users in your organization. End users are separate from Designer users. They access published solutions but cannot modify processes or workflows. To invite an end user:- Navigate to Organization Settings → Access Management → End-Users
- Click Add to invite a new user
- Enter the user’s details
End users authenticate through the same Keycloak realm as the organization. SMTP must be configured in Keycloak for invitation emails to be sent.
End-users roles
Roles define what end users can access at runtime. Roles live in an organization-level catalog, so the same role is reusable across projects, but you create and manage them from a project’s version settings. There is no roles section under Access Management.Managing roles
1
Open the project's version settings
In your project, go to Version Settings → End-User Roles.
2
Add a role to the version
Click Add Role, then pick an existing role from the organization catalog or select Create New Role to define a new one. The role name is visible to end users when the solution is shared.
3
Assign roles to resources
Assign the version’s roles on process swimlanes and UI Flow permissions to control what each role can access at runtime.
End-users groups
Groups organize end users and assign them roles and custom attributes. A group can have multiple roles and multiple key-value attributes.Managing groups
1
Navigate to End-Users Groups
Go to Organization Settings → Access Management → End-Users Groups.
2
Create a group
Click Add new and configure:
3
Add attributes (optional)
Click Add attribute to add custom key-value pairs. Each attribute has a Key and one or more comma-separated Values. Attributes can be used for business filters and data-driven access control.
Permissions
These permissions are available to Organization Admin and Organization Owner roles.
Related resources
Organization settings
Overview of all organization-level settings
Roles and permissions matrix
Complete reference for all platform roles and permissions
Swimlanes
Configure role-based task assignment in processes
Business filters
Filter data visibility based on user roles and attributes

