This document consolidates information from customer reported issues and FAQs related to Prolaborate’s Access Control Profiles, SAML Single SignOn (SSO) configuration, readonly access, and a known login issue after license changes. It is intended to help automate responses in Zoho Desk and provide consistent guidance to customers.
1. Access control menu for SAML profiles and Active Directory (AD) groups
Customer question
“Would we be correct in saying that access will be decided on the access control menu for the SAML profiles? Reason for the question is that we want to give users access to them being in an AD group.”
Answer: Yes. In Prolaborate, repository access rules and user group membership are defined using Access Control Profiles (ACP). When using SSO (e.g., SAML), you can map users from your identity provider or AD groups to ACPs. Once mapped, the ACP decides what repositories and permissions the user has. Make sure you follow Prolaborate’s SAML SSO best practice guide when configuring SSO and ACP mappings.
Reference: Ticket #6852 – “SSO and SAML” (Prolaborate Support). Tags: access control menu, SAML groups, AD groups, access denied SSO.
2. Setting Prolaborate to readonly
Answer: Prolaborate does not have a global “readonly” mode. Instead, readonly access is achieved through Access Control Profiles and applies only to users who log in via SSO or who sign up and are mapped to a profile. To implement readonly access:
Enable SAML SSO from the portal settings if you haven’t already. The SAML Single SignOn configuration defines the connection to your identity provider. See Prolaborate’s documentation for stepbystep instructions.
Define an Access Control Profile with the desired permission level. Permissions include:
Read Only – view diagrams and repository content without any editing or collaboration.
Read & Write
Read & Collaborate
Read, Write & Collaborate
Map the profile to users or groups in your identity provider (e.g., AD). Only users who are mapped to this ACP will be restricted to the permissions defined.
If your Prolaborate instance uses registered users instead of SSO, there is no automatic way to enforce readonly access across all repositories. You must manually adjust permissions for each repository.
Email template:
Hi [Customer],
Thank you for your patience.
In Prolaborate, readonly access is achieved through Access Control Profiles for SSO or signedup users. Since your environment currently uses registered users, you will need to manually configure each repository’s access settings. Please refer to the documentation on configuring repository access permissions: Configure access for repository.
Please let us know if you have any questions.
Reference: Ticket #9933 – “Set Prolaborate to read only” (Prolaborate Support). Tags: SSO, Access Control Profiles, Read Only, Access Permissions, SAML Single Sign On, Repositories.