Adding Users
Security Overview
Gravityβs security is fully integrated into the Microsoft 365 cloud portal used for all Microsoft cloud services like Office 365, SharePoint, and Teams. (Note: Office 365 or other Microsoft services are not required to use Gravity) There are several advantages to having an integrated security system:
- One Login and Password for all Microsoft cloud services. Change your password once for all services.
- Enable higher levels of security like Multi-Factor Authentication (MFA) or separate credential tools like Duo.
- Disable a user in one place for all services
Adding a new User
The steps to add a new user to Gravity are:
- Create the user in the Microsoft portal
- Assign the user the appropriate Microsoft Power Apps license
- Insert the user into the Power Platform environments
- Assign the user one or more security roles
- Add the appropriate entities (companies) to the user that they have access to
Note: the steps to add a user are different if you are using the Power Apps Pere User License or the Power Apps per App license.
There are separate sections below for each license type.
Microsoft Power Apps Licenses
Microsoft has several types of licenses that can be used by Gravity users. The primary licenses are:
- Power Apps Per User
- Used by Gravity Power User Roles
- Assigned in the Microsoft Admin portal (similar to Office 365 licenses)
- Power Apps Per APP
- Used By Gravity Limited, Read only and CPA Roles
- Assigned in the Power Apps Platform
Creating the user in the Microsoft Portal
You will be required to have Microsoft admin privileges to add users.
Users can be added and assigned a login name and password.
Adding a User with the Power Apps Per User License
Users can be assigned a Power Apps license at the time they are created or latter after they are created
Select the appropriate license. If you do not have an available license than you should contact you Microsoft license provider.
After selecting the user, you will see the option to assign licenses to the user.
You will be required to have Microsoft admin privileges to add licenses
Adding the user to the Power Platform environment
Note: You will have to repeat this for each environment the user will be accessing.
You will be required to have Microsoft Power Platform admin privileges to add users to the platform.
Select the following URL https://admin.powerplatform.microsoft.com/environmentsο»Ώ
This will show you the existing Power Platform environments
Select the Environment by clicking on the name, this will open up the environmentβs information section.
Select βUsers See Allβ
Select Add User then identify the user on the right side that you want to add.
After adding the user, you will be prompted to assign a security role. Security roles can be added or changed after the user is enabled for the environment.
Adding a User with the Power Apps Per App License
Creating the user in the Microsoft Portal
You will be required to have Microsoft admin privileges to add users.
Users can be added and assigned a login name and password.
Users can be assigned a Power Apps license at the time they are created or latter after they are created
Assign the Per App license to the correct environment
You will be required to have Microsoft Power Platform admin privileges to add users to the platform.
Select the Power Platform Admin portal at https://admin.powerplatform.microsoft.com/ο»Ώ
On the left menu select (1) Resources->(2 )Capacity.
Scroll to the bottom in the Add-ons block. Select (3) Manage from the menu.
On the Manage Add-ons panel select the (4) environment (most likely the production)
On the App Passes are (5) assign the number of passes to the environment
Adding the user to the Power Platform environment
You will be required to have Microsoft Power Platform admin privileges to add users to the platform.
Select the following URL https://make.powerapps.com/ο»Ώ
Select the correct environment in the upper right corner
On the left menu select (1) Apps
Select the (2) Gravity App and on the (3) 3 dots select βShareβ from the menu.
In the (4) People box enter the person to be added
Once found the (5) person will be listed below the box
Select the (6) security roles for the person to be added
Adding Entities to a User
Adding Entities (Companies) to a User
A user will not have access to a company unless they are explicitly given access.
To assign a user to a company:
- Select the user from the list and the user information form will appear
- Under Financial Entity Access select the β+β option to open a dialog to select and add the entity to the user
When a userβs first entity is added they are automatically assigned to a Gravity License.
Note, for a user to see information in a dashboard they must have Read access to the records that make up that dashboard.
Security Addendum
Gravityβs supports a multi-tired security profile for users as follows:
- Entity (Company) Access
- Microsoft Power Platform Security Roles
- Enhanced Process Security
- Optional Field Level Security
Predefined Security Roles
While custom security roles can be created, Gravity installs with several predefined security roles listed below:
- Gravity Administrator β Access to the Gravity System Setup area only
- Gravity AP User β Access to all Purchasing and Payables functions
- Gravity Limited AP User β Access to all Purchasing and Payables functions except check or ACH deployment
- Gravity AR User β Access to all Receivables functions
- Gravity Dashboards β Access to Gravity Dashboards
- Gravity Financial User β Access to all General Ledger and Financial Functions
- Gravity Power User β Access to all functions
Setting Up a User Security Role
All users in Gravity must have a Microsoft Dynamics 365 or Power Apps platform license. See your Gravity or Microsoft Representative for more information on Microsoft licenses.
After a new user is setup in the Microsoft platform, they must be assigned at least one security role in Gravity.
- Under Platform Settings->Security->Users select the user to update
- Select Manage Roles at the top
- A dialog window will open allowing you to select the appropriate roles
Managing Gravity Licenses
Organizations must subscribe to a Gravity license for each user that will access information under the Gravity menus and forms in addition to a Microsoft platform license.
Gravity licenses are automatically assigned when a user is assigned to their first entity (company).
To manage Gravity licenses, select Financials->System Settings->System->License Information.
License Key, Due Date and Number of Users are maintained by Gravity and updated automatically. If needed you can force an update using the Update License action on the top menu.
Disabling a user on the Microsoft platform does not remove their Gravity license. To remove a license, you must identity the user in the Enabled or Disabled views and remove them from the license.
Creating a New Gravity Security Role
It is often easiest to copy an existing role and change the security attributes. Under Platform Settings->Security->Security Roles. Open the Existing Role and select Actions->Copy Role to make a new role.
The Gravity Entities will be listed under the Custom Entities tab. You can add or remove security rights to an entity. Note that many forms are reliant and data from other entities. For example, you cannot create a Voucher without read only access to Vendors, Charts of Account, Terms etc.
New Role Process Security
Security roles will define the type of access to an Entity that a user will have. In addition, Gravity enhances the security with process security rights. For example, a user may have full access to creating an Invoice but may not be able to print or post the invoice.
To access enhanced process security, select Financials->System Setup->System->Miscellaneous Security Privileges.
Miscellaneous Security Privileges are appended to the security role to enhance user security.
If a new security role is created, the Miscellaneous Security Privileges record must be completed to give the user correct security rights to printing, processing and reports in Gravity.
Field Level Security
Field level security is available in Gravity. Please refer to the Microsoft documentation on how to enable field level security and administer it.