Appearance
Roles & Permissions
Invent Workflows uses two layers of role-based access control: global roles (what you can access in the platform) and instance roles (what you can do within a specific workflow).
Global Roles
Your global role determines which parts of the platform you can access.
| Capability | Admin | Manager | User |
|---|---|---|---|
| View Dashboard | ✓ | ✓ | ✓ |
| View My Tasks | ✓ | ✓ | ✓ |
| View My Documents | ✓ | ✓ | ✓ |
| View Analytics | ✓ | ✓ | ✓ |
| Launch Workflows | ✓ | ✓ | ✓ |
| Complete Assigned Tasks | ✓ | ✓ | ✓ |
| Access Designer | ✓ | ✓ | — |
| Create/Edit Templates | ✓ | — | — |
| Manage Input Templates | ✓ | — | — |
| Manage Form Task Templates | ✓ | — | — |
| Retry Failed Actions | ✓ | — | — |
Admin
Full access to every feature. Admins can design workflow templates, manage all template libraries, and retry failed automated actions.
Manager
Can access the Designer section to view templates but cannot create or modify them. Has full access to all end-user features including task execution and workflow tracking.
User
Standard end-user access. Can launch workflows, complete assigned tasks, view documents, and track workflow progress. Does not see the Designer menu.
Instance Roles
When a workflow is launched, each member of that workflow instance is assigned an instance role. This controls what they can do within that specific workflow.
| Action | Instance Admin | Instance Manager | Instance User |
|---|---|---|---|
| View instance details | ✓ | ✓ | ✓ |
| View all tasks | ✓ | ✓ | ✓ |
| Complete own tasks | ✓ | ✓ | ✓ |
| Complete any task | ✓ | ✓ | — |
| Cancel workflow | ✓ | — | — |
| Manage members | ✓ | — | — |
| Add/remove members | ✓ | — | — |
| Change member roles | ✓ | — | — |
How Instance Roles Are Assigned
- The creator role is configured in the workflow template — it determines what role the person who launches the workflow gets (typically Admin).
- Default permissions can be set on the template to automatically add users or groups with specific roles when a workflow is launched.
- Instance admins can add, remove, and change roles for members after the workflow is running.
Role Indicators
Throughout the interface, you'll see role badges next to user names:
- Admin — Full control over the workflow instance
- Manager — Can manage tasks and view all details
- User — Can work on assigned tasks
In the members tab of a workflow instance, your own entry is marked with a "You" indicator so you can quickly identify your role.
Directory Integration
Invent Workflows integrates with your organization's identity management (IAM) system for user and group management. Users and groups are not created locally — they are resolved from the external directory.
How It Works
- Authentication — users log in through your organization's identity provider. Group memberships are included in the authentication token (JWT).
- User & group search — when assigning tasks, adding workflow members, or configuring default permissions, the platform searches the external directory in real time.
- Automatic provisioning — when a user or group is first referenced in a workflow (e.g., assigned to a task), their profile is automatically fetched from the directory and stored locally as a reference.
- Group-based access — tasks assigned to a group are visible to and completable by any member of that group. "My Tasks" includes tasks assigned to you personally as well as tasks assigned to your groups.