Skip to content

Users, User Roles, and Access Management

Team members' user roles and privileges are managed in the User Management section of Leapwork’s settings. 

After installing the Controller, the first thing you need to do is to create user accounts for everyone who require access to Leapwork. You can do this by creating the individual users in Leapwork or configuring access based on Active Directory (AD).

One user account is by default already created on the platform – the admin user. The password for this account was provided during installation. Do not lose this password as Leapwork cannot assist you in retrieving it.

Note: User management settings would be available if you are logged in as an administrator.

Adding users directly in Leapwork

To add a user, simply click on the Add user button. The following pop-up then appears:

add-users1

As you will see, you only need to enter basic information in order to create a user account on Leapwork:

  • Full Name: This will be the user’s display name and will also appear in logs, reports, and other audit trails.

  • Username: Used by the user to log into Leapwork Studio.

  • Access Level: Selected from a drop-down menu, this determines the user's default privileges.

There are four access levels:

  • Administrator: Full access to all system functions, including user and asset management, system settings, and audit logs. Administrators can also view the database encryption key.

  • Contributor: Can create and edit all assets and execute flows, but cannot change system-level settings or access the audit log.

  • Reader: Has read-only access to all assets by default. However, administrators can allow Readers to run flows by enabling the "Allow Reader to run flows" option in the Privileges Settings tab. Readers cannot modify content unless explicitly granted further privileges.

  • No Access: Cannot view or edit any content. This level is useful for temporarily revoking access without deleting the user account.

Note: These roles apply universally across all folders, flows, and sub-flows in Leapwork. For example, a user with the Reader role will have consistent read-only access throughout the platform.

Additionally, Privileges Settings defined by the Administrator apply globally to all users of a given role, allowing fine-tuned control over what users can do regardless of their base role.

Once the user information and access level have been defined:

  1. Set a password: You can either create a password manually or let Leapwork generate one automatically.

  2. Assign the user to a team: Teams help organize collaboration and permissions.

After creating the user account, you must share the login credentials with the user manually.

Note: Team collaboration and management features are only available in the Leapwork Enterprise Edition. These options will not appear in the Platform Edition.

Using Active Directory (AD) to control access

Leapwork supports a mixed user setup, where some users are created directly as users (with a username and password) in Leapwork, and some users get the access via AD.

In order to use AD to control access to Leapwork, both the computer where the user's Studio is installed, and the Controller need to belong to the same AD. Otherwise the options shown below will not be available.

In the User Management section, the option Add AD/SSO User is visible if Leapwork supports AD access control. To add an access level for either a user or a group from AD, click on Add AD/SSO User button:

In the Select Users and Groups dialog, specify the AD name of a user and/or a group then click OK.

Picture9-1

With the AD entity now selected, specify the access level for the selected entities. In the example below an AD group named EXTERNAL\test has been selected in the Select Users and Groups dialog:

Picture2-1

Once the access level is set, click Save. The new configuration is shown in the list of access configurations.

Picture3-1

Add AD (LDAP) User 

LDAP integration with Leapwork is a newly added feature. For more information about LDAP and Connection tab. Connection tab lets you set up a connection to the LDAP server.

To add an LDAP user or group, from Settings, go to User Management.Click on Add AD/SSO User and a new window opens:

Enter the User or Group name which should be used to authorize the user or group in the LDAP directory.

Select Access from the drop-down menu.

Check the Team checkbox based on your requirements. (Note: The Team checkbox is only available for Leapwork Enterprise Edition users).

Click Save to save the User or Group.

To the right of the Add AD/SSO User button, use the buttons Edit, Delete and Export to change or remove user profiles or to export them in an Excel format.

Add SSO User 

The Azure Active Directory (AAD) integration with Leapwork is a newly added feature. For more information about AAD SSO and Connection tab. Connection tab lets you set up a connection to the AAD SSO server.

To add AD/SSO user or group, from Settings, go to User Management.

Click on Add AD/SSO User and a new window opens:

Enter the User or Group name that is existing in the AZURE ACTIVE DIRECTORY of the added connection.

Select Access from the drop-down menu.

Check the Team checkbox based on your requirements. (Note: The Team checkbox is only available for Leapwork Enterprise Edition users).

Click Save to save the User or Group.

To the right of the Add AD/SSO User button, use the buttons EditDelete and Export to change or remove user profiles or to export them in an Excel format.

Login options

When a user accesses the Studio the first time, they can choose how to log in - using a username and password or using the AD/SSO.

Picture5-1

If Leapwork user is selected, the user will have to enter the username and password - typically provided by the administrator in an email or similar:

Picture6

In case the user selects Active Directory user, the current Windows user is evaluated against the AD configurations in the user management section:

Picture7-1

If a Windows user is member of more than one AD group, and the different AD groups allow different access levels in Leapwork, then the user will be given the highest privileges.

In case the user selects SSO user, the current Windows user is evaluated against the SSO configurations in the user management section:

For all the three types of login, the user will only be prompted to login once. After the first successful login, Leapwork will remember the login.