The ability to integrate external suppliers into the 3YD platform offers platform owners the opportunity to expand their additive manufacturing capabilities beyond internal resources. With the integration of external AM service providers, platform owners can access a wider range of printing capabilities and streamline their procurement process. However, it is important to ensure that external suppliers are granted limited access only to the necessary information for order processing and do not have access to sensitive data such as pricing, materials, and user information of other integrated services.
Process of onboarding an external service
Following these steps sets you up for onboarding external services into your platform:
(One-time) Prepare the platform to verify new users
Create and register a new (external) Service
Invite external service users and
Prevent access to User Panel
Revoke AMPI access
Provide Service Panel access to the new external service users
Preparing the platform to verify new users
The platform owner must invite external service users explicitly and therefore prevent uncontrolled registration and access to the platform. This can be achieved by enabling Force verify user in the admin panel.
For more information see
If platform access was unrestricted, then external Service users could simply register as new users and would be granted access to the User Panel, where they could see all offers of all Services.
Creating and registering a new (external) service
To create a new Service (Fulfillment Partner) follow the steps as described in https://3yourmind.atlassian.net/l/cp/yC1AvGQ8.
Do not add external users to the new Fulfillment partner, yet. This will be done in a later step.
Inviting external service users
There are two possible cases. As an admin you can invite external users, or external users can sign up themselves. In both cases, the Force Verify User setting should be enabled.
Case 1 - Org admin invites an external user with delayed activation
This method ensures that invited users at no point in time have access to the User Panel or AMPI. However, an email must be sent to the new user manually to inform about account creation and password.
To perform the following steps access to both the Org panel and Admin panel is required.
In the Org panel - Invite the user
As an organization admin, go to the Org panel - Users
Select Invite User
Fill in the name and e-mail accordingly
Deactivate Activate User
Save
At this moment the new user account will be created, but no automatic email is sent to the new user to inform about the account creation. This will give us time to revoke default permissions that may have been provided.
In the Admin panel - Revoke permissions
By default, most organizations will provide both AMPI and User Panel access to newly created users. In this section, we are going to revoke those default permissions for Service users
To revoke permissions…
As an admin, go to the Admin panel
Navigate to Authentication and Authorization › Users
Find and open the user details of the external user you just invited
Under Permissions enabled the Active checkbox to activate the account
To remove the User Panel access go to the USER ACCESS GROUPS section
Select the DELETE? checkbox for any AMPI and/or User Panel permission
Confirm your changes by clicking Save and continue editing at the bottom of the page.
The permissions of the new user are set up correctly now. But the new user cannot log into the platform, yet, because the new account is still missing a password.
This can be solved in two ways
(Preferred) Inform the new user to use the Forgot password? functionality to set a password
Or set an initial password for the user manually in the admin panel
Open the Change password form for the newly created user
Enter a secure password and memorize/store it temporarily.
Share the password with the new user via a secure channel and ask the user to change their password upon first login.
E.g. use Bitwarden Send for transmitting the password.
The external Service user can now log into the platform. To complete the setup for the external service user, Service Panel access needs to be granted. For details, see below at https://3yourmind.atlassian.net/wiki/spaces/PD/pages/1845952516/Inviting+External+Suppliers+as+Printing+Service+Onto+Your+Platform#Providing-Service-Panel-access-to-new-external-users.
Case 2 - Org admin invites an external user with instant activation
This method requires no manual interaction with external service users as they are informed about account creation manually. However, there is a small time window between account creation and revoking of permission where the new user could potentially access User Panel and AMPI.
To perform the following steps access to both the Org panel and Admin panel is required.
In the Org panel - Invite the user
As an organization admin, go to the Org panel - Users
Select Invite User
Fill in the name and e-mail accordingly
Keep Activate User enabled
Save
At this moment the external user will receive an automatic e-mail to reset their password and be able to log into the platform.
In the Admin panel - Revoke permissions
You should revoke UP and AMPI permissions directly after sending the invitation to keep the time window of logging into the platform with additional permissions minimal.
To revoke permissions you can follow the same steps outlined in Case 1 under “In the Admin panel - Revoke permissions”.
To complete the setup for the external service user, Service Panel access needs to be granted. For details, see below at https://3yourmind.atlassian.net/wiki/spaces/PD/pages/1845952516/Inviting+External+Suppliers+as+Printing+Service+Onto+Your+Platform#Providing-Service-Panel-access-to-new-external-users.
Case 3 - External user signs up
Actions performed by a new external user
An external user signs up on the platform
The external user receives an automatic email to set a password
The external user sets a password and needs to wait for activation of the account through an admin
Only after step 3, the user appears in the user list in the org panel and the admin panel.
To perform the following steps access to both the Org panel and Admin panel is required.
In the Admin panel - Revoke permissions
To revoke permissions you can follow the same steps outlined in Case 1 under “In the Admin panel - Revoke permissions”
In the Org panel - Verify user
As an Org admin verify the new user to grant platform access
The new external user can now log into the platform and does not have access to AMPI or the User Panel.
In fact, the new user now does not have access to any panel, so Service Panel access needs to be granted in the next step. See below.
Providing Service Panel access to new external users
To grant external service users access to their respective Service Panel the corresponding roles need to be assigned in the admin panel.
Go to Home › Partner › Fulfillment partners › <EXTERNAL SERVICE>
Expand the section USER ACCESS GROUPS
Assign the necessary access group(s)
For more details see https://3yourmind.atlassian.net/l/cp/0ZF9ThPW
Permissions of internal service users vs external service users
Permission | Internal Service User | External Service User |
|---|---|---|
AMPI access | ✅ | ❌ |
User Panel access | ✅ | ❌ |
Service Panel access | ✅ | ✅ |
User list in Create Quote/Order | Unrestricted list | Restricted list |
For internal service users, the user list is in Create Quote/Order unrestricted, i.e. it shows every user registered on the platform.
For external service users, the list is restricted, i.e. it does not contain users from other external services.
