Users and profiles
Access to Mawidabp is controlled by profiles. Each user has at least one profile in an organization; that profile determines what they can see and what they can do. This page covers how to onboard users, define profiles, and assign privileges. For the general security concepts (authentication, MFA, system log), see Security and traceability.
Profile types
Each profile has a type that fixes the user's functional role:
| Type | Main responsibility |
|---|---|
| Audit manager | Oversees the entire audit operation. |
| Supervisor | Reviews and approves reports. Can issue the final audit report. |
| Senior auditor | Auditor with additional privileges. |
| Auditor | Executes reviews, documents working papers, records findings. |
| PAI | User and profile administration. |
| Auditee | Sees only the Follow-up module and assigned issues. |
A single user can have different profiles in different organizations.
Privileges
For each module, a profile can have any combination of:
- Read
- Modify
- Delete
- Approve
Privileges combine with the profile type to fine-tune what each user sees and can do.
Create or modify a user
When there is no integration with a corporate identity provider:
- Administration → Security → Users → New.
- Fill in:
- Name, last name, email.
- Username.
- Initial password.
- Profiles in one or more organizations.
- Position and Hierarchical superior (useful for finding escalation).
- Create user.
To modify, you edit from the same listing with the pencil icon.
Removing users
Removal does not delete historical data; the user is deactivated but their traceability in findings, comments, and working papers is preserved.
- Edit the user.
- Deactivate.
Integration with Active Directory or Entra ID
When Mawidabp is integrated with a corporate identity provider, user management is simpler:
- Authentication and password administration are handled by the provider.
- Each Mawidabp profile corresponds to a group in the directory. The profile's name equals the group's name.
- When a user is added to a group in AD/Entra ID, they become associated with the corresponding Mawidabp profile after syncing.
Example mapping between groups and profiles
| AD group | Mawidabp profile | Description |
|---|---|---|
MawidabpAIGerente | MawidabpAIGerente | Internal audit manager |
MawidabpAISupervisor | MawidabpAISupervisor | Audit supervisors |
MawidabpAISenior | MawidabpAISenior | Seniors |
MawidabpAIAuditor | MawidabpAIAuditor | Regular auditors |
MawidabpPAI | MawidabpPAI | User and profile administration |
Company | Company | All auditable users (organization employees) |
Onboarding flow when integrated
- The IT security area adds the user to the corresponding group in AD/Entra ID.
- In Mawidabp, from Administration → Security → Users → Import, changes are synced. If the option "Show 'Import from LDAP' only to users with approval permission" is on, only roles with approval privilege can run this step.
The detailed configuration of the provider lives in the integration pages: Entra ID, Google Workspace, LDAP.
Profiles and privileges
Create a profile
- Administration → Security → Profiles and privileges → New.
- Fill in:
- Profile name (must match the AD group name when integrated).
- Type (manager, supervisor, auditor, senior auditor, PAI, auditee).
- Privileges per module: tick read, modify, delete, and/or approve as appropriate.
- Create profile.
Typical privilege examples
For a standard auditor:
| Module | Read | Modify | Delete | Approve |
|---|---|---|---|---|
| Planning | ✓ | |||
| Execution | ✓ | ✓ | ✓ | |
| Conclusion | ✓ | ✓ | ||
| Follow-up | ✓ | ✓ | ||
| Administration |
For a supervisor:
| Module | Read | Modify | Delete | Approve |
|---|---|---|---|---|
| Planning | ✓ | ✓ | ✓ | |
| Execution | ✓ | ✓ | ✓ | ✓ |
| Conclusion | ✓ | ✓ | ✓ | ✓ |
| Follow-up | ✓ | ✓ | ✓ | ✓ |
| Administration | ✓ |
Multi-organization
If a user belongs to multiple organizations, each profile is defined separately. To switch active organization without signing out, see Switching organizations.
Delegating responsibilities
When a user is absent or leaves the organization, their responsibilities (assigned findings, ongoing reviews) can be delegated to another user:
- Edit the outgoing user.
- Delegate responsibilities.
- Select the destination user.
All assignments are reassigned; historical records keep the original user for traceability.
Security reports
Administration → Security → Reports groups views useful to the IT security area: active and inactive users, recent accesses, profile changes, etc. See Security and traceability for the system-log and access-log concepts.