JP7484484B2 - Service provision system and group management method - Google Patents

Description

The present invention relates to a service providing system and a group management method .

Service provision systems that provide software and other items to users via a network are known. By preparing a certain environment, such as a terminal device such as a PC (personal computer) or electronic device, and a web browser running on the terminal device, a user can use the services provided by the service provision system through applications and other means from the terminal device.

A company or other organization may contract for a service provided by such a service providing system, and the members of the organization may use the service as users. Organizations that contract for a service are managed in units called tenants. Users or electronic devices that belong to a tenant can use the service within the scope of the license granted in the contract.

Managing the provision of services on a tenant-by-tenant basis is advantageous in terms of improving security and reducing management costs. A technology has been devised for creating child tenants within a tenant (see, for example, Patent Document 1). Patent Document 1 discloses a configuration for creating a community within a tenant and allowing users of other tenants to access the community, with the aim of promoting information sharing and collaboration with users belonging to different companies or organizations.

However, with conventional technology, when creating one or more groups within a tenant of a company or the like that uses the service, there was a problem in that the administrator of the tenant had to manually assign users and other targets to the groups. In other words, when an administrator creates a new group, manually registering users and the like to this group is cumbersome and there is a risk of incorrect operation. Also, cumbersome work was required when assigning newly added users and the like to a group or moving users and the like from one group to another group.

In view of the above problems, the present invention aims to provide a service provision system that automatically registers users and other affiliations to groups within a tenant such as a company that uses the service.

In view of the above-mentioned problems, the present invention provides a service providing system including an information processing system that permits use of an application based on a usage authority of a member registered in a group within a tenant, and a terminal device that communicates with the information processing system,
the terminal device has a display control unit that displays a new group creation screen that accepts settings of attribute information of members belonging to the tenant, an operation acceptance unit that accepts a selection of conditions for members belonging to a group from the attribute information of the members displayed on the new group creation screen, and a communication unit that transmits the member conditions accepted by the operation acceptance unit to the information processing system, the display control unit displays a list of the attribute information selectable in each item of the attribute information of the members in association with the items of the attribute information of the members, the operation acceptance unit accepts the items and the attribute information as conditions for the members, the display control unit displays "is" or "is not" for the items and the selected attribute information, the operation acceptance unit accepts a selection of "is" or "is not" as conditions for the members in addition to the items and the attribute information,
The information processing system includes a group management unit that registers the members who meet the member conditions in the group.

It is possible to provide a service provision system that automatically registers users and other affiliations to groups within a tenant such as a company that uses the service.

1 is a diagram illustrating the relationship between tenants, users, electronic devices, and licenses. 1 is a configuration diagram of an example of a service providing system according to an embodiment of the present invention. FIG. 2 is a diagram illustrating a hardware configuration of an example of a computer. FIG. 2 is a diagram illustrating a hardware configuration of an example of an image forming apparatus. 2 is an example of a functional block diagram illustrating functions of a first terminal device, an electronic device, and an information processing system, divided into blocks. FIG. FIG. 13 is a diagram showing an example of members registered in a group when an administrator sets conditions related to electronic devices. 11 is a sequence diagram illustrating an example of a procedure for registering electronic devices to a group in accordance with a device condition. 11 is a sequence diagram illustrating an example of a procedure for registering electronic devices to a group in accordance with a device condition. FIG. 13 is a diagram showing an example of a new group creation screen. FIG. 13 is a diagram showing an example of a new group creation screen. FIG. 13 is a diagram illustrating an example of a new group creation screen. FIG. 13 is a diagram showing an example of members registered in a group when an administrator sets user conditions. 11 is an example of a sequence diagram illustrating a procedure for registering a user to a group according to a user condition. 11 is an example of a sequence diagram illustrating a procedure for registering a user to a group according to a user condition. An example of members registered in a group by an administrator setting device conditions and user conditions will be shown below. 11 is a sequence diagram illustrating an example of a procedure for registering electronic devices and users to a group according to device conditions and user conditions. 11 is a sequence diagram illustrating an example of a procedure for registering electronic devices and users to a group according to device conditions and user conditions. 11 is an example of a sequence diagram illustrating a procedure in which a tenant administrator registers a user, and the registered user is then registered in a group. 11 is an example of a sequence diagram illustrating a procedure in which a tenant administrator registers a user, and the registered user is then registered in a group. FIG. 11 is a diagram showing an example of a user creation screen displayed on the first terminal device; 11 is an example of a sequence diagram illustrating a procedure in which a tenant administrator registers a device, and the registered device is then registered in a group. 11 is an example of a sequence diagram illustrating a procedure in which a tenant administrator registers a device, and the registered device is then registered in a group. FIG. 13 is a diagram showing an example of a creation screen for an electronic device displayed on a first terminal device; FIG. 13 is a diagram illustrating a change in users belonging to a group due to a change in the group definition. 13 is an example of a sequence diagram illustrating a procedure in which users belonging to a group are changed by a tenant administrator changing a group definition. 13 is an example of a sequence diagram illustrating a procedure in which users belonging to a group are changed by a tenant administrator changing a group definition. FIG. 13 is a diagram showing an example of a group editing screen displayed on the first terminal device; FIG. 13 is a diagram showing an example of a group editing screen displayed on the first terminal device; FIG. 13 is a diagram showing an example of a group editing screen displayed on the first terminal device; FIG. 13 is a diagram illustrating a change in user information due to a change in a group definition. 13 is an example of a sequence diagram illustrating a procedure in which user information of users belonging to a group is changed as a result of a tenant administrator changing a group definition; 13 is an example of a sequence diagram illustrating a procedure in which user information of users belonging to a group is changed as a result of a tenant administrator changing a group definition;

Below, a service providing system and a group management method performed by the service providing system will be described as an example of a form for implementing the present invention.

<Relationship between tenants, users, electronic devices, and licenses>
First, the relationship between tenants, users, electronic devices, and licenses will be described with reference to FIG. 1A. FIG. 1A shows an example of a data model of a tenant. For example, in the case of a service provision system used by a company or the like for business purposes, it is often managed on a company (organization) basis in terms of improving security and reducing management costs. As shown in FIG. 1, there is a tenant corresponding to each company, to which a user 401, an electronic device 40, and a license 402 belong. The license 402 is a use right for an application (hereinafter referred to as an app) permitted by a contract for using the application. The license can also be called an app, such as a Web app or a device-specific app. In the following description, when distinguishing between each user 401, each electronic device 40, and each license 402, capital letters are added.

Users A and B are assigned usage rights based on license A, and electronic devices B and C are assigned usage rights based on license B. Note that licenses are classified into user licenses and device licenses.

In order for a user 401 or electronic device 40 to use an app, the tenant enters into a contract with the service provider to use the app. A license 402 is generated from the contract. The user 401 or electronic device 40 is assigned permission to use the app up to the number or number of users permitted by the license 402. Therefore, within the tenant, which users or electronic devices 40 can use which apps is managed.

When user 401 or electronic device 40 uses an app, the user or electronic device itself is generally authenticated by an authentication system. The authentication system compares user information and device information stored in a database or the like with information included in the authentication request to determine whether authentication has been successful.

However, for example, even if license B was purchased for users A and B in a development group, the tenant administrator could assign usage rights for product B to user C.

Therefore,
- Creating groups within the tenant and restricting license usage on a group-by-group basis. - Creating groups within the tenant and restricting the scope of license usage within the group is being considered.

Figure 1(b) is a diagram explaining the allocation of licenses after creating a group. In Figure 1(b), users A and B and electronic devices A and B belong to group A, and user C and electronic device C belong to group B. For example, if license B is contracted for group A, the tenant administrator is restricted from assigning usage rights for product B to user C. In addition, the tenant administrator can grant usage rights for licenses to users A and B of group A on a group basis.

By grouping in this way, the users or electronic devices 40 that belong to the group that has a license are granted the authority to use the app. Therefore, the authority to use the app can be managed on a group-by-group basis within the tenant. However, it is a heavy workload for the administrator to manually register each user to a group.

In this embodiment, an administrator defines a group based on attribute information of users and electronic devices, and the information processing system 50 creates the group and automatically registers users and electronic devices to the group. It is also possible to grant usage rights collectively to users or electronic devices 40 registered in a group. Furthermore, if the attribute information of a user is changed, the information processing system can automatically change the group to which the user belongs.

<Terminology>
A tenant is a customer that shares the same software with multiple customers, i.e., information that indicates a company or the like that is a collection of customers. Each user in the tenant can use the applications contracted in the tenant, and the tenant administrator of the tenant can grant users the authority to use multiple software instances (applications or packages that bundle multiple applications) that exist in the system.

An application (app) is a program executed by a terminal device and an information processing device in order for a user to receive a service. A program executed cooperatively by a terminal device and an information processing device is also called a web app. An app may be, for example, a workflow app that executes a series of processes in sequence. An app can be built by a tenant administrator or the like by combining components. For example, an app can be built that uploads and saves an original scanned by the electronic device 40 to cloud storage by combining a document reading component and a cloud transmission component. An app may also be licensed as the above-mentioned package. In this case, the app package and the app are treated the same.

A role is a function within a tenant. Each role is granted different rights depending on the role. For example, the tenant administrator decides on a role based on the user's job type, job title, and how the app will be used. It is possible to assign app usage rights to a user not only when the user's role and the app's role match, but also when the user's role has greater rights than the app's role.

The device refers to the electronic device 40, and in this embodiment, the electronic device 40 may be referred to as the device.

A group refers to a group or a group. In this embodiment, at least one of the arbitrarily assigned users or electronic devices 40 is a member (element) of the group, i.e., the group member.

A member is an element (e.g., an object or a person) that belongs to a tenant or a group. A license may be assigned to a member, and the member can use an app based on the license. In this embodiment, the members (subjects to which a group belongs) are, for example, users and electronic devices. For example, if a member is a user, the user can input his/her user ID into a terminal device or electronic device, etc., and authenticate with the service, allowing the user to use the app available to that user in a group within the tenant on the terminal device or electronic device. Also, if a member is an electronic device, the electronic device can authenticate the ID (model number, etc.) of the device with the service, allowing any user to use the app available on that electronic device in a group within the tenant. Note that members may also be locations such as conference rooms and spaces, electronic devices installed in the space, company cars, equipment, resources owned by an organization that uses the service, etc.

<System configuration example>
Fig. 2 is a configuration diagram of an example of a service providing system 1 according to this embodiment. In the service providing system 1 of Fig. 2, a customer environment 8 and a service provider environment 7 are connected to an information processing system 50 via a network N1 such as the Internet. The network N1 also includes telephone lines such as a mobile phone network.

Customers are those who use the services provided by the information processing system 50, and include organizations such as companies, groups, educational institutions, government agencies, and departments. Those who have some sort of employment relationship with these customers are called users. In the customer environment 8, one or more electronic devices 40, a first terminal device 10, a second terminal device 20, and a firewall 17 are connected via a network N2 such as a LAN. In addition, the information processing system 50 has one or more information processing devices connected to the network N1. A service provider is a business that provides services to customers. In the service provider environment 7, a third terminal device 30 exists.

The electronic device 40 is, for example, an image forming device 40a, but the image forming device 40a also includes a laser printer, a multifunction printer, an MFP (Multi-function Peripheral/Product/Printer), etc. Another example of the electronic device 40 is an electronic whiteboard 40b. In addition, the electronic device 40 may be, for example, a PJ (Projector), an output device such as digital signage, a HUD (Head Up Display) device, industrial machinery, an imaging device, a sound collection device, medical equipment, a network home appliance, an automobile (Connected Car), a notebook PC, a mobile phone, a smartphone, a tablet terminal, a game console, a PDA (Personal Digital Assistant), a digital camera, a wearable PC, or a desktop PC.

In this embodiment, the electronic device 40 is a terminal through which a user registered in the information processing system 50 uses a service. The user logs into the information processing system 50 from the electronic device 40, selects an app (application software) that the user has permission to use, and receives a service provided by the information processing system 50. In this way, services are provided on an app-by-app basis.

The first terminal device 10 is an information processing device such as a smartphone, mobile phone, tablet PC, desktop PC, or notebook PC used by the tenant administrator. The first terminal device 10 is equipped with a program having a screen display function such as a web browser. This program is not limited to a web browser as long as it has a function to display the screen information received from the information processing system 50 as a screen. It may also be a program dedicated to the information processing system 50.

The second terminal device 20 is an information processing device used by a user, such as a smartphone, mobile phone, tablet PC, desktop PC, or notebook PC. The second terminal device 20 is equipped with a program having a screen display function, such as a web browser. This program is not limited to a web browser, as long as it has a function to display the screen information received from the information processing system 50 as a screen. It may also be a program dedicated to the information processing system 50.

The third terminal device 30 is an information processing device such as a smartphone, mobile phone, tablet PC, desktop PC, or notebook PC used by a business person (a person in charge of operating the service provision system). The third terminal device 30 is equipped with a program having a screen display function such as a web browser. This program is not limited to a web browser as long as it has a function of displaying the screen information received from the information processing device as a screen. It may also be a program dedicated to the information processing system 50.

The firewall 17 is a device for preventing intrusion into the customer environment 8 from the outside, and all communications from the customer environment 8 are monitored by the firewall 17. However, this does not apply when the first terminal device 10, the second terminal device 20, or the third terminal device 30 communicates with the information processing system 50 via a telephone line such as a mobile phone network.

The information processing system 50 provides various services to the electronic device 40 and the second terminal device 20. The services vary depending on the type of electronic device 40, but in the case of the image forming device 40a, there are services such as uploading and saving scanned documents to cloud storage, and downloading and printing image data from cloud storage, but are not limited to these. In the case of the electronic whiteboard 40b, there are services such as creating minutes using real-time voice recognition, and converting handwritten data into text. In the case of the second terminal device 20, there are services such as real-time translation services for web pages.

In the information processing system 50, tenants and users are associated with each other. The services (applications) that can be used are determined according to the user's role, and the user uses the applications that he or she can use from the electronic device 40 or the second terminal device 20. In addition, there is the following relationship between tenants, tenant administrators, and users.
・One customer → one tenant (tenant administrator and users belong to one tenant)
One customer → multiple tenants (tenant administrators do not necessarily belong to a tenant, but manage each tenant and the users who belong to it. A user belongs to one or more tenants)
In either case, a user registered in the information processing system 50 belongs to one of the tenants, so once the user is identified after registration, the tenant to which the user belongs is also identified. In the case of one customer to one tenant, the tenant administrator can automatically determine the tenant by logging in to the tenant (the tenant does not need to be specified). In the case of one customer to multiple tenants, the tenant administrator may specify the tenant when logging in (or may have a different account for each tenant).

The information processing system 50 creates screen information for a web page to be displayed on the first terminal device 10, the second terminal device 20, the third terminal device 30, or the electronic device 40, and transmits this information. For example, the information processing system 50 displays a home screen or the like, which will be described later.

Screen information is created using HTML, XML, CSS (Cascade Style Sheet), JavaScript (registered trademark), etc. Web pages may be provided by a web application. A web application is software or a mechanism executed on a web browser that operates through cooperation between a program written in a programming language (e.g. JavaScript (registered trademark)) that runs on a web browser and a program on the web server side. Web pages can be dynamically changed using a web application.

The information processing system 50 may be compatible with cloud computing. Cloud computing refers to a form of usage in which resources on a network are used without being aware of specific hardware resources. An information processing system 50 that is compatible with cloud computing may be called a cloud system. A cloud system may be located on the Internet or on-premise.

The configuration of the service providing system 1 shown in FIG. 2 is an example, and one or more server devices (such as a proxy server or a gateway server) may be interposed between the customer environment and the information processing device. The first terminal device 10 and the second terminal device 20 may be located outside the customer environment, for example, connected to the network N1. The third terminal device 30 may be located outside the service provider environment, for example, connected to the network N1.

The information processing system 50 may be realized by one information processing device 49, or may be realized by distributing the information processing system 50 among multiple information processing devices 49. For example, there may be an information processing device 49 that provides each service, one information processing device 49 may provide multiple services, or multiple information processing devices 49 may provide one service.

In addition, in the service providing system 1 in FIG. 2, the information processing device is connected to a network N1, such as the Internet, outside the customer environment. In other words, the service providing system 1 in FIG. 2 is an example in which the information processing system 50 is provided in a cloud environment. However, the information processing system 50 may also be provided inside the customer environment (on-premise environment).

<Hardware configuration example>
<<Computer>>
The first terminal device 10, the second terminal device 20, the third terminal device 30, or the information processing system 50 in Fig. 2 is realized by a computer having a hardware configuration shown in Fig. 3, for example. Fig. 3 is a hardware configuration diagram of an example of a computer. The computer 500 in Fig. 3 is constructed by a computer, and as shown in Fig. 3, includes a CPU 501, a ROM 502, a RAM 503, a HD 504, a HDD controller 505 (Hard Disk Drive), a display 506, an external device connection I/F 508 (Interface), a network I/F 509, a bus line 510, a keyboard 511, a pointing device 512, a DVD-RW drive 514 (Digital Versatile Disk Rewritable), and a media I/F 516.

Of these, the CPU 501 controls the operation of the entire computer. The ROM 502 stores programs used to drive the CPU 501, such as IPL. The RAM 503 is used as a work area for the CPU 501. The HD 504 stores various data such as programs. The HDD controller 505 controls the reading or writing of various data from the HD 504 according to the control of the CPU 501. The display 506 displays various information such as a cursor, menu, window, character, or image. The external device connection I/F 508 is an interface for connecting various external devices. In this case, the external device is, for example, a USB (Universal Serial Bus) memory or a printer. The network I/F 509 is an interface for data communication using a communication network. The bus line 510 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 501 shown in FIG. 3.

The keyboard 511 is a type of input means equipped with multiple keys for inputting characters, numbers, various instructions, etc. The pointing device 512 is a type of input means for selecting and executing various instructions, selecting a processing target, moving the cursor, etc. The DVD-RW drive 514 controls the reading and writing of various data from the DVD-RW 513, which is an example of a removable recording medium. Note that this is not limited to a DVD-RW, and may be a DVD-R, etc. The media I/F 516 controls the reading and writing (storing) of data from the recording medium 515, such as a flash memory.

<<Image forming device>>
4 is a diagram showing a hardware configuration of an example of the image forming apparatus 40a. As shown in FIG. 4, the image forming apparatus 40a includes a controller 910, a short-range communication circuit 920, an engine control unit 930, an operation panel 940, and a network I/F 950.

Of these, the controller 910 has a CPU 901, which is the main part of the computer, a system memory 902 (MEM-P), a north bridge 903 (NB), a south bridge 904 (SB), an ASIC 906 (Application Specific Integrated Circuit), a local memory 907 (MEM-C) which is a storage unit, a HDD controller 908, and a HD 909 which is also a storage unit, and is configured such that the NB 903 and the ASIC 906 are connected by an AGP bus 921 (Accelerated Graphics Port).

Of these, the CPU 901 is a control unit that performs overall control of the image forming device 40a. The NB 903 is a bridge that connects the CPU 901 with the MEM-P 902, the SB 904, and the AGP bus 921, and includes a memory controller that controls reading and writing to the MEM-P 902, a PCI (Peripheral Component Interconnect) master, and an AGP target.

The MEM-P 902 is composed of a ROM 902a, which is a memory for storing programs and data that realize the various functions of the controller 910, and a RAM 902b, which is used for expanding the programs and data, and as a drawing memory during memory printing. The programs stored in the RAM 902b may be provided by recording them in an installable or executable format on a computer-readable recording medium such as a CD-ROM, CD-R, or DVD.

The SB904 is a bridge for connecting the NB903 to PCI devices and peripheral devices. The ASIC906 is an integrated circuit (IC) for image processing applications that has hardware elements for image processing, and serves as a bridge connecting the AGP bus 921, the PCI bus 922, the HDD controller 908, and the MEM-C907. The ASIC906 is made up of a PCI target and an AGP master, an arbiter (ARB) that is the core of the ASIC906, a memory controller that controls the MEM-C907, multiple DMACs (Direct Memory Access Controllers) that rotate image data using hardware logic, and a PCI unit that transfers data between the scanner unit 931 and the printer unit 932 via the PCI bus 922. The ASIC906 may be connected to a Universal Serial Bus (USB) interface or an Institute of Electrical and Electronics Engineers 1394 (IEEE1394) interface.

MEM-C907 is a local memory used as an image buffer for copying and a code buffer. HD909 is a storage for storing image data, font data used during printing, and forms. HD909 controls the reading and writing of data from and to HD909 under the control of CPU901. AGP bus921 is a bus interface for a graphics accelerator card proposed to speed up graphic processing, and by directly accessing MEM-P902 with high throughput, the graphics accelerator card can be made faster.

The short-range communication circuit 920 also includes a short-range communication circuit antenna 920a. The short-range communication circuit 920 is a communication circuit such as NFC or Bluetooth (registered trademark).

The engine control unit 930 is further composed of a scanner unit 931 and a printer unit 932. The operation panel 940 has a panel display unit 940a such as a touch panel that displays the current setting values and a selection screen, etc., and receives input from the operator, and hard keys 940b consisting of a numeric keypad that receives setting values for image formation conditions such as density setting conditions, and a start key that receives a copy start instruction. The controller 910 controls the entire image forming device 40a, and controls, for example, drawing, communication, and input from the operation panel 940. The scanner unit 931 or the printer unit 932 includes an image processing unit such as error diffusion and gamma conversion.

The image forming device 40a can sequentially switch between the document box function, copy function, printer function, and facsimile function using the application switching key on the operation panel 940. When the document box function is selected, the document box mode is selected; when the copy function is selected, the copy mode is selected; when the printer function is selected, the printer mode is selected; and when the facsimile mode is selected, the facsimile mode is selected.

The network I/F 950 is an interface for data communication using a communication network. The short-range communication circuit 920 and the network I/F 950 are electrically connected to the ASIC 906 via the PCI bus 922.

<About the function>
The functions of each device of the service providing system 1 according to the present embodiment are realized, for example, by the processing blocks shown in Fig. 5. Fig. 5 is an example of a functional block diagram in which the functions of the first terminal device 10, the electronic device 40, and the information processing system 50 are divided into blocks and explained.

<<First terminal device>>
The first terminal device 10 has functions realized by a first communication unit 12 and a web browser 11. The first communication unit 12 communicates with an information processing system 50 to receive screen information for displaying various screens (described later) on the first terminal device 10. The first communication unit 12 also transmits information input by the tenant administrator on these screens to the information processing system 50.

The web browser 11 has a browser engine unit 13, a display control unit 14, and an operation reception unit 15. The browser engine unit 13 acquires web content (the above-mentioned screen information) by HTTP requests, analyzes the acquired screen information, and provides drawing information to be displayed on the display to the display control unit 14. In addition, in order to save the information received from the information processing system 50, the browser engine unit 13 issues a save instruction to the browser information storage unit 16.

The display control unit 14 displays the drawing information on the display. The operation reception unit 15 receives operations (inputs to each screen) by the tenant administrator on the first terminal device 10.

The web browser 11 also has a browser information storage unit 16 that allows the web browser to store and retrieve information. The browser information storage unit 16 stores and manages information provided by the information processing system 50 (e.g., information on a login method).

<<Electronic devices>>
The electronic device 40 has functions realized by a fourth communication unit 42 and a web browser 41. The fourth communication unit 42 communicates with the information processing system 50 to receive screen information for displaying a standby screen, a launcher screen, a login screen, an application screen, and the like by the electronic device 40. The fourth communication unit 42 also transmits information input by the user to the standby screen, the launcher screen, the login screen, and the application screen to the information processing system 50.

The web browser 41 has a browser engine unit 43, a display control unit 44, and an operation reception unit 45. The browser engine unit 43 acquires web content (the above-mentioned screen information) by HTTP requests, analyzes the acquired screen information, and provides drawing information to be displayed on the display to the display control unit 44. In addition, in order to save the information received from the information processing system 50, the browser engine unit 43 issues a save instruction to the browser information storage unit 46.

The display control unit 44 displays the drawing information on the display. The operation reception unit 45 receives operations (inputs to each screen) by general users on the electronic device 40.

The web browser also has a browser information storage unit 46 that allows the web browser to store and retrieve information. The browser information storage unit 46 stores and manages information provided by the information processing system 50 (e.g., information on a login method).

<<Information Processing System>>
The information processing system 50 includes a network communication unit 51, a screen information generating unit 52, a tenant management unit 53, a user management unit 54, a device management unit 55, a group management unit 56, and a license management unit 57. These functions of the information processing system 50 are functions or means realized by a CPU 501 included in a computer 500 illustrated in FIG. 3 executing a program loaded from an HD 504 to a RAM 503.

The network communication unit 51 transmits and receives various information to and from the first terminal device 10 and the electronic device 40. For example, it transmits various screen information generated by the screen information generation unit 52 to the first terminal device 10 and the electronic device 40. It also receives information input on these screens.

The screen information generating unit 52 generates the above-mentioned screen information in response to the operation content on the first terminal device 10 and the electronic device 40. The screen information generating unit 52 is a Web application that returns an HTTP response including HTML and the like in response to an HTTP request from a Web browser. The screen information generating unit 52 cooperates with other functions to generate information to be displayed on the screen.

The tenant management unit 53 manages tenant information related to tenants and stores and retrieves the tenant information in the tenant information storage unit 591 described below.

The user management unit 54 manages user information, and performs operations such as registering user information in the user information storage unit 592 described below and acquiring (reading) user information from the user information storage unit 592. The user management unit 54 is an example of a member management unit.

The device management unit 55 manages device information, and performs operations such as registering device information in the device information storage unit 593 described below and acquiring (reading) device information from the device information storage unit 593. The device management unit 55 is an example of a member management unit.

The group management unit 56 manages group information, and performs operations such as registering group information in the group information storage unit 594 (described later) and acquiring (reading) group information from the group information storage unit 594.

The license management unit 57 accepts application contracts and registers license information in the license information storage unit 595 described below. It also manages the number of licenses, expiration dates, etc.

The information processing system 50 also has a storage unit 59 realized by the HD 504, RAM 503, etc. shown in FIG. 3. The storage unit 59 includes a tenant information storage unit 591, a user information storage unit 592, a device information storage unit 593, a group information storage unit 594, and a license information storage unit 595.

表１はテナント情報記憶部５９１に記憶されているテナント情報を模式的に示す。テナント情報はテナントＩＤに対応づけて、テナント名と登録日の項目を有している。
・テナントＩＤ…テナントの識別情報である。
・テナント名…テナントの名称であり、社名や部署名である。
・登録日…テナントの登録日である。

Table 1 illustrates the tenant information stored in the tenant information storage unit 591. The tenant information has items of tenant name and registration date in association with a tenant ID.
Tenant ID: Identification information of a tenant.
- Tenant name: The name of the tenant, such as the company name or department name.
- Registration date: The date of registration of the tenant.

表２はユーザ情報記憶部５９２に記憶されているユーザ情報を模式的に示す。ユーザ情報が有する各項目（メンバーの属性情報の一例）を説明する。
・テナントＩＤ…ユーザの所属するテナントの識別情報である。
・ユーザＩＤ…テナント内でユーザを一意に示す識別情報である。
・パスワード…ユーザが秘匿して保持するパスワードである。
・姓…ユーザの姓（上の名前）である。
・名…ユーザの名（下の名前）である。
・メールアドレス…ユーザのメールアドレスである。
・表示言語…Ｗｅｂブラウザなどで表示される各画面及びメールの表示言語である。
・国…ユーザの国籍又は母国である。
・状態…ユーザが使用する画面で表示される文字の言語である。
・アカウントの状態…アカウントはユーザが情報処理システム５０にログインするための権利のことである。アカウントの状態には「有効、無効又はアカウントロック」の少なくとも３つがある。ユーザ情報が仮登録されると無効となり、本登録により有効となる。有効となった後もテナント管理者が無効に設定できる。アカウントロックは、有効な状態でユーザがパスワードを何回か間違えた場合に設定される。アカウントロックは、例えば、一定期間の経過で有効に戻る点、又は、テナントに所属するユーザとしてカウントされたままである点で無効と異なる。
・タイムゾーン…ユーザが活動する地域のタイムゾーンである。
・ロール…ユーザの権限である。例えば「テナント管理者又は一般ユーザ」がある。本実施形態ではテナント管理者及び一般ユーザをユーザと称している。
・管理グループＩＤ…ユーザが管理するグループの識別情報である。
・UUID…ユーザを一意に示す識別情報である。
・外部サービスアカウント情報…ユーザが連携できる外部サービスのアカウントの情報である。
・利用可能なサービス権限情報一覧…ユーザが利用可能なサービス権限情報（アプリ）の一覧である。ユーザに割り当てられたライセンスとなる。
・所属グループＩＤ一覧…ユーザが所属するグループの一覧である。
・部署…ユーザの所属する部署である。
・役職…ユーザの役職である。
・ロケーション…ユーザが活動する拠点や場所の情報である。

Table 2 shows a schematic diagram of the user information stored in the user information storage unit 592. Each item of the user information (an example of member attribute information) will be described.
Tenant ID: Identification information of the tenant to which the user belongs.
User ID: Identification information that uniquely identifies a user within a tenant.
Password: A password that is kept secret by the user.
Last Name: The user's last name (first name).
- First name: The user's first name.
Email address: The user's email address.
Display language: The display language of each screen and email displayed on the web browser, etc.
- Country: The user's nationality or home country.
Status: The language of the text displayed on the screen used by the user.
Account status: An account is a right for a user to log in to the information processing system 50. There are at least three account states: valid, invalid, or account locked. When user information is provisionally registered, the account is invalid, and when the user information is fully registered, the account is valid. Even after the account is valid, the tenant administrator can set the account to invalid. An account is locked when the user enters the wrong password several times while the account is valid. An account is locked differently from an invalid account in that, for example, the account reverts to valid after a certain period of time has passed, or the account remains counted as a user belonging to the tenant.
- Time zone: The time zone in which the user is active.
Role: User authority. For example, there is a "tenant administrator or general user." In this embodiment, the tenant administrator and general users are referred to as users.
Managed group ID: Identification information for a group managed by a user.
・UUID...Identification information that uniquely identifies a user.
External service account information: Account information for an external service with which the user can link.
Available service permission information list: A list of service permission information (applications) available to the user. This is the license assigned to the user.
· List of group IDs: A list of groups to which the user belongs.
Department: The department to which the user belongs.
- Job Title: The user's job title.
Location: Information about the base or place where the user is active.

表３はデバイス情報記憶部に記憶されているデバイス情報を模式的に示す。デバイス情報が有する各項目（メンバーの属性情報の一例）を説明する。
・テナントＩＤ…電子機器４０が所属するテナントを示す識別情報である。
・デバイスＩＤ…電子機器４０を一意に表す識別情報である（情報処理システム５０への登録により発行される）。
・シリアルＩＤ…デバイス本体が保有している固体識別情報（出荷時に決まり変更がない）。
・デバイス種別…電子機器４０の種別（画像形成装置、プロジェクタ、電子黒板等）である。
・所属テナントＩＤ…電子機器４０が所属するテナントの識別情報である。
・所属グループＩＤ一覧…電子機器４０が所属するグループＩＤの一覧である。
・登録日時…電子機器４０の 登録日時である。
・更新日時…電子機器４０の更新日時である。
・ロケーション…電子機器４０が配置された拠点や場所の情報である。
・状態…電子機器４０の状態（アクティブ、アクティブ前等）である。
・バージョン…電子機器４０（ファームウェア、ＯＳ等）のバージョンである。
・利用可能なサービス権限情報一覧…電子機器が利用可能なサービス権限情報（アプリ）の一覧である。電子機器に割り当てられたライセンスとなる。

Table 3 shows a schematic diagram of the device information stored in the device information storage unit. Each item of the device information (an example of member attribute information) will be described below.
Tenant ID: Identification information indicating the tenant to which the electronic device 40 belongs.
Device ID: Identification information that uniquely represents the electronic device 40 (issued upon registration in the information processing system 50).
・Serial ID: Individual identification information held by the device itself (determined at the time of shipment and does not change).
Device type: the type of electronic device 40 (image forming device, projector, electronic whiteboard, etc.).
Tenant ID: Identification information of the tenant to which the electronic device 40 belongs.
List of group IDs: A list of group IDs to which the electronic device 40 belongs.
Registration date and time: the registration date and time of the electronic device 40.
Update date and time: The update date and time of the electronic device 40.
Location: Information on the base or place where the electronic device 40 is located.
Status: The status of the electronic device 40 (active, pre-active, etc.).
Version: The version of the electronic device 40 (firmware, OS, etc.).
Available service permission information list: A list of service permission information (applications) available to the electronic device. This is a license assigned to the electronic device.

表４はグループ情報記憶部５９４に記憶されているグループ情報を模式的に示す。グループ情報が有する各項目を説明する。
・テナントＩＤ…グループが所属するテナントの識別情報である。
・グループＩＤ…テナント内のグループを一意に表す識別情報である。
・グループ名…グループの表示名である。
・条件…ユーザ又は電子機器４０がグループに所属するための条件である。

Table 4 shows a schematic diagram of the group information stored in the group information storage unit 594. Each item of the group information will be described below.
Tenant ID: Identification information of the tenant to which the group belongs.
Group ID: Identification information that uniquely represents a group within a tenant.
・Group name: The display name of the group.
Condition: A condition for a user or electronic device 40 to belong to a group.

表５はライセンス情報記憶部５９５に記憶されているライセンス情報を模式的に示す。ライセンス情報が有する各項目を説明する。
・ライセンスＩＤ…ライセンスを一意に識別する識別情報である。
・テナントＩＤ…ライセンスを保有するテナントの識別情報である。
・グループＩＤ…ライセンスを付与されているグループの識別情報である。
・サービス種別…サービスの種別（ユーザライセンス又はデバイスライセンス）である。
・サービス名称…サービスの名称（表示名）である。
・ボリューム種別…ライセンス制限の種別である。
・数量…割り当て可能な利用権限の上限数（ライセンス数）である。
・利用中の数量…すでに割り当てられた利用権限の数である。
・利用可能な残数量…残りの利用権限の数である。
・利用可能なデバイス種別…ライセンスを利用可能なデバイスの種別（画像形成装置、プロジェクタ、電子機器４０等）である。
・利用可能なロール…ライセンスを利用可能なロールである（管理者、一般ユーザ等）。
・利用開始時刻…ライセンスの利用開始時刻（契約などでサービスを利用開始できる始期）である。
・利用終了時刻…ライセンスの利用終了時刻（契約などでサービスを利用できなくなる終期）である。
・ライセンスの状態…ライセンスの状態（アクティブ、アクティブ前等）である。

Table 5 shows a schematic diagram of the license information stored in the license information storage unit 595. Each item of the license information will be described below.
License ID: Identification information that uniquely identifies a license.
Tenant ID: Identification information of the tenant who holds the license.
Group ID: Identification information of the group to which the license is granted.
Service type: The type of service (user license or device license).
Service name: the name (display name) of the service.
Volume type: The type of license restriction.
Quantity: The maximum number of usage rights (number of licenses) that can be assigned.
- Quantity in use: The number of usage rights that have already been assigned.
· Available remaining quantity: The number of remaining usage rights.
Available device type: the type of device that can use the license (image forming device, projector, electronic device 40, etc.).
Available roles: Roles that can use the license (administrator, general user, etc.).
Use start time: The time when the license starts to be used (the start time when the service can be started via a contract, etc.).
End of use time: The end time of the license (the end of the period when the service can no longer be used due to a contract, etc.).
License Status: The status of the license (active, pre-active, etc.).

<Group registration based on electronic device conditions>
6 shows an example of members who are registered in a group by an administrator setting conditions related to electronic devices. The conditions related to these electronic devices correspond to the conditions of the group information in Table 4. The conditions related to electronic devices are called "device conditions," and the conditions related to users, which will be described later, are called "user conditions." There is a case where the two are not differentiated and are referred to as "group definition."

The device conditions set by the administrator are as follows. Note that the conditions can be set by the tenant administrator or the group administrator. The group administrator may be a user who does not meet the user conditions (a user outside the group can become the group administrator).
Definition of Group A: Members are devices and location is building A Definition of Group B: Members are devices and location is building B or C Members of both groups A and B are devices (electronic devices 40). Therefore, devices A and B located in building A are registered in group A, and devices C and D located in buildings B and C are registered in group B.

Because group A contains the license for app A, devices A and B are assigned the right to use app A. Because group B contains the license for app B, devices C and D are assigned the right to use app B.

In this way, the tenant administrator or group administrator can set device conditions, and the group management unit 56 can register electronic devices 40 or users to groups. This reduces manual operations, and therefore reduces the work and errors involved in registering to groups.

<<Device conditions and procedures for registering electronic devices to a group>>
7A and 7B are sequence diagrams illustrating an example of a procedure for registering electronic devices 40 to a group according to device conditions. In the example illustrated in FIG. 7A and FIG. 7B, the tenant administrator performs the operation.

S1 to S3: The tenant administrator operates the first terminal device 10 to connect it to the information processing system 50. If the tenant administrator is not logged in, the tenant administrator inputs authentication information into the first terminal device 10, which then sends it to the information processing system 50. If the authentication is successful, the tenant administrator can input an operation to display a new group creation screen from the administrator screen. The operation acceptance unit 15 of the first terminal device 10 accepts the operation, and the first communication unit 12 sends a request for a new group creation screen to the information processing system 50.

S4 to S6: The network communication unit 51 of the information processing system 50 receives the request for a new group creation screen, and the screen information generation unit 52 generates screen information for the new group creation screen. The network communication unit 51 transmits the screen information for the new group creation screen to the first terminal device 10.

S7, S8: The first communication unit 12 of the first terminal device 10 receives the screen information of the new group creation screen, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the new group creation screen on the display based on the drawing information. An example of the new group creation screen is shown in Figures 8A to 8C.

S9 to S11: The tenant administrator sets the device conditions on the new group creation screen. The operation reception unit 15 of the first terminal device 10 receives the settings, and the first communication unit 12 transmits the device conditions to the information processing system 50.

S12 to S14: The network communication unit 51 of the information processing system 50 receives the device conditions, and the screen information generation unit 52 queries the group management unit 56 about group overlaps. Group overlaps refer to the existence of groups that have the same device conditions and user conditions (either one may be missing). Although it may be permitted for one electronic device 40 to belong to multiple groups, it is also possible to prohibit this.

S15, S16: If the groups overlap, the screen information generating unit 52 sends an error (indicating that the groups overlap) to the first terminal device 10 via the network communication unit 51.

S17, S18: The first communication unit 12 of the first terminal device 10 receives the error, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the error on the display based on the drawing information.

S19 to S22: If the groups do not overlap, the screen information generation unit 52 requests a list of target devices that meet the device conditions from the device management unit 55. The network communication unit 51 transmits the list of target devices to the first terminal device 10.

S23, S24: The first communication unit 12 of the first terminal device 10 receives the list of target devices, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the list of target devices on the display based on the drawing information. The tenant administrator can check the electronic devices that can be registered in the group.

S25 to S27: Next, or in parallel, the tenant administrator inputs an operation to display a list of users that can be set as a group administrator. For example, the tenant administrator inputs search conditions. The operation reception unit 15 of the first terminal device 10 receives the operation, and the first communication unit 12 sends a user list request to the information processing system 50.

S28 to S32: The network communication unit 51 of the information processing system 50 receives the search conditions, and the screen information generation unit 52 specifies the tenant ID of the tenant administrator and obtains a user list from the user management unit 54. The network communication unit 51 transmits the target user list to the first terminal device 10.

S33, S34: The first communication unit 12 of the first terminal device 10 receives the user list, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the user list on the display based on the drawing information.

S35 to S37: Subsequently, or in parallel, the tenant administrator inputs an operation to display a list of licenses to be set for the group. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a request for a list of licenses to the information processing system 50.

S38 to S42: The network communication unit 51 of the information processing system 50 receives the license list request, and the screen information generation unit 52 specifies the tenant ID of the tenant administrator and obtains the license list from the license management unit 57. The network communication unit 51 transmits the target license list to the first terminal device 10.

S43, S44: The first communication unit 12 of the first terminal device 10 receives the license list, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the license list on the display based on the drawing information.

S45 to S47: Next, the tenant administrator selects a group administrator and a license, and inputs the operation to create a group. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a group creation request to the information processing system 50. The group creation request includes a registration request for the electronic device 40.

S48 to S50: The network communication unit 51 of the information processing system 50 receives the group creation request, and the screen information generation unit 52 requests the group management unit 56 to create a group. The group management unit 56 creates a new group. The group information in Table 4 is created.

S51, S52: Next, the group management unit 56 assigns the target electronic device 40 that meets the device conditions to a group. In other words, it registers the group ID in the list of group IDs in the device information in Table 3.

S53: Next, the group management unit 56 requests the license management unit 57 to grant licenses to the electronic devices 40 that belong to the group.

S54, S55: The license management unit 57 assigns a license to the electronic device 40 that belongs to the group. In other words, the license ID selected by the tenant administrator is registered in the "List of available service permission information" item of the device information in Table 3. Note that it is required that the group to which the license is granted is the same as the group of the electronic device 40 (usually satisfied), the service type of the license information is device, and the available device type of the license information is the type of the electronic device 40 (e.g., image forming device).

S56: Completion of license assignment is sent to the group management unit 56.

S57, S58: Next, the group management unit 56 requests the user management unit 54 to set the user specified by the administrator in the user information. The user management unit 54 registers the created group ID in the managed group ID field of the user information.

S59 to S63: A notification of the completion of group creation is sent to the first terminal device 10, and the first terminal device 10 displays the completion.

In this way, a group is created and electronic devices 40 (members) are registered in the group.

<<Example of the screen for creating a new group>>
8A to 8C are diagrams showing an example of a new group creation screen 200. The new group creation screen 200 is a vertically scrolling screen. It mainly has a group definition section 201, a device list section 202, a user list section 203, a group manager selection section 204, a license list section 205, and a create button 206.

The group definition section 201 is an area for the tenant administrator to set device conditions and user conditions. The group definition section 201 has a group name column 211, a device condition column 212a, and a user condition column 212b. The group name column 211 is a column for the tenant administrator to set an arbitrary group name. The device condition column 212a is a column for the tenant administrator to set device conditions. In the device condition column, the tenant administrator inputs desired information into "OO" 213, "XX" 214, and "is or is not" 215.
"XX" 213... A list of attribute information contained in the device information in Table 3 is displayed in a selectable pull-down menu. Therefore, the tenant ID, user ID, password, last name, first name, email address, display language, country, status, account status, time zone, role, management group ID, UUID, external service account information, department, job title, and location are displayed.
A list of attribute information (attribute information of device information in Table 3) corresponding to the item "XX"214..."XX" is displayed in a selectable pull-down menu. For example, if the item is location, building A is displayed. Therefore, the tenant administrator can select existing attribute information and register it in a group.
"Is or Is not" 215 . . . Two options, "is" or "is not", can be selected and are displayed in a pull-down menu.

Note that by pressing the Add button 216, the tenant administrator can add device conditions. The user condition field 212b is a field where the tenant administrator can set user conditions. In the user condition field 212b, the tenant administrator inputs the desired information into "XX" is "XX" and "is or is not". The setting method is the same as for the electronic device 40. By pressing the Add button 220, the tenant administrator can add user conditions. Note that the user condition field 212b is also used to input search conditions for a list of users to be selected as a group administrator.

The device list section 202 is an area where a list of electronic devices 40 that meet the device conditions is displayed. Information on each electronic device 40 is displayed in the following fields in the device list section 202: device ID 221, device name 222, device type 223, and status 224.

The user list section 203 is an area in which a list of users who meet the user conditions is displayed. Information on each user is displayed in the fields of user ID 231, last name 232, first name 233, and email address 234 in the user list section 203.

The group administrator selection section 204 is an area for the tenant administrator to select a group administrator. The group administrator selection section 204 has the following items: check mark 241, user ID 242, last name 243, first name 244, and email address 245, as well as an add button 246 and a delete button 247. The tenant administrator can add a group administrator by checking the check mark 241 and pressing the add button 246. The tenant administrator can also delete a group administrator by checking the check mark 241 and pressing the delete button 247.

The license list section 205 is an area where the tenant administrator selects a license to assign to a group. The license list section 205 has the following items: a check mark 251, a license name 252, a number of licenses 253, and a status 254, as well as an add button 255 and a delete button 256. The tenant administrator sets the license (app) to assign to the group by checking the check mark 251 and pressing the add button 255. The tenant administrator can delete a license by checking the check mark 251 and pressing the delete button 256.

When the Create button 206 is pressed, the settings on the new group creation screen 200 are sent to the information processing system 50 along with a group creation request.

In this way, the tenant administrator can automatically assign electronic devices 40 to groups by setting device conditions.

<Group registration based on user conditions>
Next, registration of a user to a group based on user conditions will be described with reference to Fig. 9. Fig. 9 shows an example of a member to be registered to a group by setting user conditions by the administrator. The conditions related to this user correspond to the conditions of the group information in Table 4. The conditions set by the administrator are as follows. Note that the conditions can be set by the tenant administrator or the group administrator.
· Group A definition: Members are users and department is Development Room A · Group B definition: Members are users and department is Development Room B Members of both Groups A and B are users. Therefore, users E and F in the A Development Room department are registered in Group A, and users G and H in the B Development Room department are registered in Group B. Users C and D are not in Development Room B, but were manually registered in Group B by the tenant administrator.

Because group A contains the license for app A, users E and F are assigned the authority to use app A. Because group B contains the license for app B, users C, D, G, and H are assigned the authority to use app B.

In this way, the tenant administrator or group administrator can set user conditions, and the group management unit 56 can register users to groups.

<<User conditions and procedure for registering users to groups>>
10A and 10B are an example of a sequence diagram for explaining a procedure for registering a user to a group according to user conditions. The processing in Fig. 10A and Fig. 10B is the same as that in Fig. 7A and Fig. 7B, except that the electronic device 40 is replaced by a user. Therefore, the differences from Fig. 7A and Fig. 7B will be mainly explained.

S1 to S8: Same as Figure 7A.

S9 to S11: The tenant administrator sets user conditions on the new group creation screen 200. The operation reception unit 15 of the first terminal device 10 receives the settings, and the first communication unit 12 transmits the user conditions to the information processing system 50.

S12 to S14: The network communication unit 51 of the information processing system 50 receives the user conditions, and the screen information generation unit 52 queries the group management unit 56 about group overlaps. The definition of overlaps may be the same as in FIG. 7A.

S15 to S18: If the groups overlap, the first terminal device 10 will display an error, as in Figure 7A.

S19 to S22: If the groups do not overlap, the screen information generation unit 52 requests a list of target users who meet the user conditions from the user management unit 54. The network communication unit 51 transmits the list of target users to the first terminal device 10.

S23, S24: The first communication unit 12 of the first terminal device 10 receives the target user list, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the target user list on the display based on the drawing information.

S25 to S34: Same as Figure 7A.

S35 to S44: Same as Figure 7B.

S45 to S47: Next, the tenant administrator selects a group administrator and a license, and inputs the operation to create a group. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a group creation request to the information processing system 50. The group creation request includes a request to register a user.

S48 to S50: The network communication unit 51 of the information processing system 50 receives the group creation request, and the screen information generation unit 52 requests the group management unit 56 to create a group. The group management unit 56 creates a new group. In other words, the group information in Table 4 is created.

S51, S52: Next, the group management unit 56 assigns the user who meets the user conditions to a group. In other words, it registers the group ID in the list of group IDs in the user information in Table 2.

S53: Next, the group management unit 56 requests the license management unit 57 to grant licenses to the users registered in the group.

S54, S55: The license management unit 57 assigns a license to the user registered in the group. In other words, the license ID selected by the tenant administrator is registered in the "List of available service permission information" field of the user information in Table 2. Note that it is required that the group to which the license is granted is the same as the group of the user (usually satisfied), the service type of the license information is user, and the available role of the license information is general user.

S56: Completion of license granting is sent to the group management unit 56.

S57, S58: Next, the group management unit 56 requests the user management unit 54 to set the user specified by the administrator in the user management unit 54. The user management unit 54 registers the created group ID in the managed group ID field of the user information.

S59 to S63: A notification of completion of group creation is sent to the first terminal device 10, and the first terminal device 10 displays the completion.

In this way, a group has been created and users (members) have been registered in the group.

<Group registration based on device and user conditions>
Next, registration to a group based on conditions related to device conditions and user conditions will be described with reference to Fig. 11. Fig. 11 shows an example of members registered to a group by an administrator setting device conditions and user conditions. These device conditions and user conditions correspond to the conditions in Table 4. The conditions set by the administrator are as follows. Note that the conditions can be set by a tenant administrator or a group administrator.
- Group A definition: location is Building A - Group B definition: location is Building B For both Groups A and B, location is a condition for group membership. Therefore, electronic devices A and B, whose location is Building A, and user E are registered in Group A. User B is not in Building A, but was manually registered in Group A by the tenant administrator. Furthermore, electronic devices C and D, whose location is Building B, and user F are registered in Group B. Users C and D are not in Building B, but were manually registered in Group B by the tenant administrator.

Group A contains the license for app A, so electronic devices A and B and user E are assigned the authority to use app A. Group B contains the license for app B, so electronic devices C and D and user F are assigned the authority to use app B.

In this way, the tenant administrator or group administrator can set device conditions and user conditions, allowing the group management unit 56 to register electronic devices 40 and users to the group.

<< Procedure for registering electronic devices and users to groups according to device and user conditions >
12A and 12B are examples of sequence diagrams illustrating the procedure for registering electronic devices 40 and users to a group according to device conditions and user conditions. The processing in Fig. 12A and Fig. 12B is similar to that in Fig. 7A and Fig. 7B, except that not only electronic devices 40 but also users are registered. Therefore, the differences from Fig. 7A and Fig. 7B will be mainly described.

S1 to S8: Same as Figure 7A.

S9 to S11: The tenant administrator sets device conditions and user conditions on the new group creation screen. The operation reception unit 15 of the first terminal device 10 receives the settings, and the first communication unit 12 transmits the device conditions and user conditions to the information processing system 50.

S12 to S14: The network communication unit 51 of the information processing system 50 receives the device conditions and the user conditions, and the screen information generation unit 52 queries the group management unit 56 about overlapping groups. The definition of overlapping is the same as in FIG. 7A.

S15 to S18: If the groups overlap, the first terminal device 10 will display an error, as in Figure 7A.

S19 to S22: If the groups do not overlap, the screen information generating unit 52 requests the device management unit 55 to send a list of electronic devices that meet the device conditions. The screen information generating unit 52 also requests the user management unit 54 to send a list of users that meet the user conditions.

S23, S24: The network communication unit 51 transmits the list of electronic devices and the list of users to the first terminal device 10.

S25, S26: The first communication unit 12 of the first terminal device 10 receives the electronic device list and the user list, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the target electronic device list and user list on the display based on the drawing information.

S27 to S36: Similar to steps S25 to S34 in Figure 7A.

S37 to S46: Similar to steps S35 to S44 in Figure 7B.

S47 to S49: Next, the tenant administrator selects a group administrator and a license, and inputs an operation to create a group. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a group creation request to the information processing system 50.

S50 to S52: The network communication unit 51 of the information processing system 50 receives the group creation request, and the screen information generation unit 52 requests the group management unit 56 to create a group. The group management unit 56 creates a new group. The group information in Table 4 is created.

S53, S54: Next, the group management unit 56 assigns the target electronic device 40 to a group. In other words, it registers the group ID in the list of group IDs in the device information in Table 3.

S55, S56: Next, the group management unit 56 assigns the target user to a group. In other words, it registers the group ID in the list of group IDs in the user information in Table 2.

S57: Next, the group management unit 56 requests the license management unit 57 to grant licenses to users who satisfy the user conditions.

S58, S59: The license management unit 57 assigns a license to the target user. In other words, the license ID selected by the tenant administrator is registered in the "List of available service permission information" field of the user information in Table 2. It is required that the group to which the license is granted is the same as the user's group (usually satisfied), the service type of the license information is user, and the available role of the license information is general user.

S60: Completion of license granting is sent to the group management unit 56.

S61: Next, the group management unit 56 requests the license management unit 57 to grant licenses to the electronic devices 40 that satisfy the license conditions.

S62, S63: The license management unit 57 assigns a license to the target electronic device 40. In other words, the license ID selected by the tenant administrator is registered in the "List of available service permission information" item of the device information in Table 3. Note that it is required that the group to which the license is granted is the same as the group of the electronic device 40 (usually satisfied), the service type of the license information is device, and the available device type of the license information is the type of the electronic device 40 (e.g., image forming device).

S64: Completion of license assignment is sent to the group management unit 56.

S65, S66: Next, the group management unit 56 requests the user management unit 54 to set the user specified by the administrator in the user information. The user management unit 54 registers the created group ID in the managed group ID field of the user information.

S65 to S71: A notification of completion of group creation is sent to the first terminal device 10, and the first terminal device 10 displays the completion.

In this way, a group is created and electronic devices 40 and users (members) are registered in the group.

<Automatic registration of users to groups when a user is registered after a group is created>
Next, automatic registration of a user to a group in a case where the user is registered after the group is created will be described with reference to Figures 13A, 13B, and 14. This can reduce the work and mistakes involved in registering a user to a group.

Figures 13A and 13B are example sequence diagrams showing the steps in which a tenant administrator registers a user, and the registered user is then registered in a group.

S1 to S3: The tenant administrator operates the first terminal device 10 to connect it to the information processing system 50. If the tenant administrator is not logged in, the tenant administrator inputs authentication information into the first terminal device 10, which then transmits it to the information processing system 50. If the authentication is successful, the tenant administrator can input an operation to display a user's creation screen from the administrator screen. The operation reception unit of the first terminal device 10 receives the operation, and the first communication unit 12 transmits a request for the user's creation screen to the information processing system 50.

S4 to S6: The network communication unit 51 of the information processing system 50 receives a request for a screen created by the user, and the screen information generation unit 52 generates screen information for the screen created by the user. The network communication unit 51 transmits the screen information for the screen created by the user to the first terminal device 10.

S7, S8: The first communication unit 12 of the first terminal device 10 receives screen information of the user's created screen, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the user's created screen on the display based on the drawing information. An example of the user's created screen is shown in Figure 14.

S9 to S11: The tenant administrator inputs user information into the user creation screen and inputs an operation to display a list of groups to which this user can belong. The operation acceptance unit 15 of the first terminal device 10 accepts the operation, and the first communication unit 12 sends a request for a list of groups to the information processing system 50.

S12 to S14: The network communication unit 51 of the information processing system 50 receives the group list request, and the screen information generation unit 52 requests and obtains a group list from the group management unit 56. In other words, the group management unit 56 obtains a group that matches the input user information from the group information.

S15, S16: The screen information generation unit 52 transmits the list of groups to the first terminal device 10 via the network communication unit 51.

S17, S18: The first communication unit 12 of the first terminal device 10 receives the list of groups, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the list of groups on the display based on the drawing information.

S19 to S21: The tenant administrator inputs information about the user and an operation to create a new user. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a user creation request to the information processing system 50.

S22: The network communication unit 51 of the information processing system 50 receives the user creation request and transmits the user information to the screen information generation unit 52.

S23, S24: The screen information generation unit 52 requests the user management unit 54 to create user information by specifying information about the user. The user management unit 54 uses the information about the user to create new user information in Table 2.

S25: Next, the screen information generation unit 52 requests the group management unit 56 to register the user in a group to which the user can belong.

S26 to S28: The group management unit 56 compares the conditions of each group information with the user information, and registers the user in a group to which the user can belong. That is, it registers the group ID in the list of group IDs in the user information in Table 2.

S29, S30: Next, the screen information generating unit 52 requests an assignable license from the license managing unit 57. The license managing unit 57 identifies a license where the group to which the license is granted is the same as the user's group (usually satisfied), the service type of the license information is user, and the available role of the license information is general user. The identified license is returned to the screen information generating unit 52.

S31: The screen information generation unit 52 requests the license management unit 57 to assign the license obtained from the license management unit to the user.

S32, S33: The license management unit 57 assigns a license to the user. In other words, it registers the license ID in the "List of available service permission information" field of the user information in Table 2.

S34 to S38: A notification of completion of user creation is sent to the first terminal device 10, and the first terminal device 10 displays the completion of creation.

In this way, when a user is created, they are automatically registered to a group and assigned a license.

Figure 14 is an example of a user creation screen 260 displayed by the first terminal device 10. The user creation screen 260 has a user ID field 261, an email address field 262, a last name field 263, a first name field 264, an email reply language field 265, a role field 266, a location field 267, a department field 268, a group search button 269, and a group list field 270.

The values entered in the user ID field 261, email address field 262, last name field 263, first name field 264, email reply language field 265, role field 266, location field 267, and department field 268 are set in the corresponding items of the user information in Table 2.

The group search button 269 is a button that allows the tenant administrator to cause the information processing system 50 to search for groups to which the user can belong based on location and department. The groups to which the user can belong are displayed in the group list section 270. The tenant administrator can check the group before registering the user. In this way, the tenant administrator can check the group to which the user will be registered before registering the user to the group.

<Automatic registration of electronic devices to a group when a device is registered after a group is created>
Next, automatic registration of electronic devices to a group in the case where devices are registered after the group is created will be described with reference to Figures 15A, 15B, and 16. This can reduce the work and mistakes involved in registering electronic devices to a group.

Figures 15A and 15B are example sequence diagrams showing the procedure in which a tenant administrator registers a device, and the registered device is then registered in a group. The explanation of Figures 15A and 15B will mainly focus on the differences from Figures 13A and 13B.

S1 to S3: The tenant administrator operates the first terminal device 10 to connect it to the information processing system 50. If the tenant administrator is not logged in, the tenant administrator inputs authentication information into the first terminal device 10, which then transmits it to the information processing system 50. If the authentication is successful, the tenant administrator can input an operation to display the creation screen for the electronic device 40 from the administrator screen. The operation acceptance unit 15 of the first terminal device 10 accepts the operation, and the first communication unit 12 transmits a request for the creation screen for the electronic device 40 to the information processing system 50.

S4 to S6: The network communication unit 51 of the information processing system 50 receives a request for a creation screen of the electronic device 40, and the screen information generation unit 52 generates screen information for the creation screen of the electronic device 40. The network communication unit 51 transmits the screen information for the creation screen of the electronic device 40 to the first terminal device 10.

S7, S8: The first communication unit 12 of the first terminal device 10 receives screen information of the creation screen of the electronic device 40, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the creation screen of the electronic device 40 on the display based on the drawing information. An example of the creation screen of the electronic device 40 is shown in FIG. 16.

S9 to S11: The tenant administrator inputs device information into the creation screen for the electronic device 40, and inputs an operation to display a list of groups to which this electronic device 40 can belong. The operation acceptance unit 15 of the first terminal device 10 accepts the operation, and the first communication unit 12 transmits the list of groups to the information processing system 50.

S12 to S14: The network communication unit 51 of the information processing system 50 receives the request for a list of groups, and the screen information generation unit 52 requests and obtains a list of groups from the group management unit 56. In other words, the group management unit 56 obtains a group that matches the input information of the electronic device 40 from the group information.

S15, S16: The screen information generation unit 52 transmits the list of groups to the first terminal device 10 via the network communication unit 51.

S17, S18: The first communication unit 12 of the first terminal device 10 receives the list of groups, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the list of groups on the display based on the drawing information.

S19 to S21: The tenant administrator inputs information about the electronic device 40 and an operation to create a new electronic device 40. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a device creation request to the information processing system 50.

S22: The network communication unit 51 of the information processing system 50 receives the device creation request and transmits information about the electronic device 40 to the screen information generation unit 52.

S23, S24: The screen information generating unit 52 sends information about the electronic device 40 to the device managing unit 55 and requests device registration. The device managing unit 55 uses the information about the electronic device 40 to create new device information in Table 3.

S25: Next, the screen information generation unit 52 requests the group management unit 56 to register the electronic device 40 to a group that meets the device conditions.

S26 to S28: The group management unit 56 compares the conditions of each group information with the input device information, and registers the electronic device 40 in a group to which the electronic device 40 can belong. The group ID is registered in the item of the list of group IDs of the device information in Table 3.

S29, S30: Next, the screen information generation unit 52 requests an assignable license from the license management unit 57. The license management unit 57 identifies a license where the group to which the license is granted is the same as the group of the electronic device 40 (usually satisfied), the service type of the license information is a device, and the available device type of the license information is the type of the electronic device 40 (e.g., an image forming device). Then, the identified license is returned to the screen information generation unit.

S31: The screen information generation unit 52 requests the license management unit 57 to assign the identified license to the electronic device 40.

S32, S33: The license management unit 57 assigns a license to the electronic device 40. In other words, the license ID is registered in the "List of available service permission information" field of the device information in Table 3.

S34 to S38: A notification of device creation completion is sent to the first terminal device 10, and the first terminal device 10 displays the completion of creation.

In this manner, electronic device 40 is registered, added to a group, and assigned a license.

Figure 16 is an example of a creation screen 280 for an electronic device 40 displayed by the first terminal device 10. The creation screen 280 for an electronic device 40 has a device name field 281, a location field 282, a group search button 283, and a group list field 284.

The values entered in the device name column 281 and location column 282 are set in the corresponding items of device information in Table 3.

The group search button 283 is a button that allows the tenant administrator to cause the information processing system 50 to search for groups to which the electronic device 40 can belong based on the location. Groups to which the electronic device 40 can belong are displayed in the group list section 284. The tenant administrator can check the group before registering the electronic device 40. In this way, by registering the electronic device 40, the tenant administrator can check the group to which the electronic device 40 will be registered and register the electronic device 40 in the group.

<Changing users belonging to a group by changing the group definition>
When a tenant administrator or the like changes a group definition, the groups to which users or electronic devices 40 that belonged to the group before the change belong are also changed.

FIG. 17 is a diagram for explaining a change in users belonging to a group due to a change in the group definition.
・Definition of Group A (before change): Members are users and the department is Development Room A ・Definition of Group A (after change): Members are users and the department is Development Room B Figure 17 (a) shows users registered in Group A based on the user conditions before the change. Users B and C from the department Development Room A belong to Group A.

Figure 17 (b) shows users who are registered in group A based on the changed user conditions. Users D and E in Development Department B belong to group A. Users B and C do not belong to group A.

This reduces the work and errors involved in changing group definitions and re-registering users and electronic devices 40 to groups.

Next, referring to Figures 18A, 18B, and 19, we will explain the process of changing users who belong to a group by changing the group definition.

Figures 18A and 18B are example sequence diagrams showing the steps for changing the users belonging to a group by a tenant administrator changing a group definition.

S1 to S3: The tenant administrator operates the first terminal device 10 to connect it to the information processing system 50. If the tenant administrator is not logged in, the tenant administrator inputs authentication information into the first terminal device 10, which then transmits it to the information processing system 50. If the authentication is successful, the tenant administrator can input an operation to display a group editing screen from the administrator screen. The operation reception unit 15 of the first terminal device 10 receives the operation, and the first communication unit 12 transmits a request for the group editing screen to the information processing system 50.

S4 to S8: The network communication unit 51 of the information processing system 50 receives a request for a group editing screen, and the screen information generation unit 52 acquires group information having the tenant ID of the tenant administrator from the group management unit 56. The screen information generation unit 52 generates screen information for the group editing screen. The network communication unit 51 transmits the screen information for the group editing screen to the first terminal device 10.

S9, S10: The first communication unit 12 of the first terminal device 10 receives the screen information of the group editing screen, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the group editing screen on the display based on the drawing information. An example of the group editing screen is shown in Figures 19A to 19C.

S11 to S13: The tenant administrator inputs the changed group definition into the group editing screen, and inputs an operation to search for a user. The operation acceptance unit 15 of the first terminal device 10 accepts the operation, and the first communication unit 12 sends a user search request to the information processing system 50.

S14 to S16: The network communication unit 51 of the information processing system 50 receives a request to change the group definition, and the screen information generation unit 52 queries the group management unit 56 about group overlaps.

S17 to S20: If the groups overlap, the first terminal device 10 displays an error (indicating that the groups overlap).

S21, S22: If the groups do not overlap, the screen information generation unit 52 requests a list of users who match the changed user conditions from the user management unit 54. The screen information generation unit 52 obtains the user list.

S23, S24: The screen information generation unit 52 transmits the list of users to the first terminal device 10 via the network communication unit 51.

S25, S26: The first communication unit 12 of the first terminal device 10 receives the list of users, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the list of users on the display based on the drawing information.

S27 to S29: The tenant administrator inputs an operation to change the group definition. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a group definition change request to the information processing system 50.

S30, S31: The network communication unit 51 of the information processing system 50 receives the group definition change request, and the screen information generation unit 52 sends the changed user conditions to the group management unit 56.

S32: The group management unit 56 requests the license management unit 57 to release the license of the user leaving the group.

S33 to S35: The license management unit 57 requests the user management unit 54 to release the license. The user management unit 54 searches the user information (list of group IDs to which the user belongs) for the group ID whose definition has been changed, and if the changed user conditions are not met, it deletes the license from the user information. In other words, it deletes the license ID from the "List of available service permission information" item in the user information in Table 2.

S36, S37: Next, the group management unit 56 requests the user management unit 54 to remove the user from the group, and further requests the user management unit 54 to register the user to the group. First, the group management unit 56 searches for user information by group ID, and if the changed user conditions are not met, it deletes the group from the user information. That is, it deletes the group ID from the list of groups to which the user belongs in the user information in Table 2. The group management unit 56 also compares the changed user conditions with the user information, and registers users who match into a group. That is, it registers the group ID in the list of group IDs to which the user belongs in the user information in Table 2.

S38 to S40: Next, the group management unit 56 requests the license management unit 57 to assign a license to the user added to the group. The license management unit 57 assigns a license belonging to the group to the user added to the group. That is, the license ID is registered in the "List of available service permission information" item of the user information in Table 2. However, a license is registered where the service type of the license information is user and the available role of the license information is user.

S41 to S46: A completion of the change is sent to the first terminal device 10, and the first terminal device 10 displays the completion of the change.

In this way, when the user conditions are changed, the users who belong to the group are also changed, and licenses are also assigned.

Figures 19A to 19C are an example of a group editing screen 290 displayed by the first terminal device 10. The explanation of Figures 19A to 19C will mainly explain the differences from the new group creation screen 200 of Figures 8A to 8C. On the group editing screen 290, an existing group name is entered in the group name field 211. The tenant administrator enters changed user conditions in the user condition field 212b. When the Create button 206 is pressed, the user conditions are changed, the users belonging to the group are also changed, and licenses are also assigned.

Note that in the explanations of Figures 18A, 18B, and 19A to 19C, the case where the user conditions are changed is described, but the same applies when the device conditions are changed.

<Changing user information by changing group definition>
In FIGS. 18A, 18B, and 19A to 19C, the users belonging to the group are changed in response to the change in the group definition, but the user information may be changed in response to the change in the group definition.

FIG. 20 is a diagram for explaining a change in user information due to a change in a group definition.
・Definition of Group A (before change): Members are users and the department is Development Room A ・Definition of Group A (after change): Members are users and the department is Development Room B Figure 20 (a) shows users registered in Group A based on the user conditions before the change. Users B and C in the department Development Room A belong to Group A.

Figure 20 (b) shows users whose user information has been changed based on the changed user conditions and who are now registered in group A. The department in the user information for users B and C has been changed to Development Office B, so users B and C belong to group A just as they did before the user conditions were changed.

This reduces the amount of work and mistakes required to change information about users or electronic devices in a group.

Figures 21A and 21B are example sequence diagrams showing the steps in which a tenant administrator changes a group definition, thereby changing the user information of users who belong to the group.

S1 to S6: Same as Figures 18A and 18B.

S7, S8: The screen information generation unit 52 obtains a list of users belonging to the group from the user management unit 54.

S9, S10: The screen information generation unit 52 generates screen information for the group editing screen 290. The network communication unit 51 transmits the screen information for the group editing screen 290 to the first terminal device 10.

S11, S12: The first communication unit 12 of the first terminal device 10 receives the screen information of the group editing screen 290, and the browser engine unit 13 analyzes the screen information and extracts drawing information. The display control unit 14 displays the group editing screen on the display based on the drawing information.

S13 to S28: These steps may be the same as steps S11 to S26 in Fig. 18A and Fig. 18B. However, the display control unit 14 of the first terminal device 10 displays a list of existing users and a list of users to be added after the change.

S29 to S31: The tenant administrator inputs an operation to change the group definition. The operation reception unit 15 of the first terminal device 10 receives the input, and the first communication unit 12 sends a group definition change request to the information processing system 50.

S32, S33: The network communication unit 51 of the information processing system 50 receives the group definition change request, and the screen information generation unit 52 sends the changed user conditions to the group management unit 56.

S34, S35: The group management unit 56 requests the user management unit 54 to change the users belonging to the group based on the changed user conditions. The user management unit 54 changes the part of the user information of the users belonging to the group whose user conditions have been changed that corresponds to the user conditions.

S36, S37: Next, the group management unit 56 requests the user management unit 54 to add (register) the user to the group. The group management unit 56 compares the changed user conditions with the user information, and registers the matching users to the group. The group ID is registered in the list of group IDs in the user information in Table 2.

S38 to S40: Next, the group management unit 56 requests the license management unit 57 to assign a license to the user added to the group. The license management unit 57 assigns the license belonging to the group to the user added to the group. That is, the license ID is registered in the "List of available service permission information" item of the user information in Table 2. However, a license is registered where the service type of the license information is user and the available role of the license information is user.

S41 to S46: A completion of the change is sent to the first terminal device 10, and the first terminal device 10 displays the completion of the change.

In this way, when the user conditions are changed, the user information of users belonging to the group can also be changed.

<Major Effects>
According to this embodiment, the tenant administrator can define a group based on attribute information of the electronic devices 40 or users, so that the electronic devices 40 or users can be automatically registered in the group, and licenses can be automatically granted to the group in a lump sum.

In addition, when a tenant administrator registers a new user or electronic device 40 or moves the device, the user or electronic device 40 can be automatically assigned to an appropriate group based on the user information or device information. In addition, if a license is available for the group, it can be automatically granted.

In addition, the tenant administrator can change the group definition to change the users or electronic devices 40 that belong to the group all at once. Alternatively, the user information or device information can be changed to match the changed group definition.

<Other application examples>
The above describes the best mode for carrying out the present invention using examples, but the present invention is not limited to these examples in any way, and various modifications and substitutions can be made within the scope that does not deviate from the gist of the present invention.

For example, in this embodiment, each terminal device uses a general-purpose web browser, but a dedicated app may also be used for the information processing system 50.

In addition, the configuration examples in FIG. 6 and the like are divided according to main functions to facilitate understanding of the processing by the first terminal device 10, the second terminal device 20, the third terminal device 30, the electronic device 40, and the information processing system 50. The method of division or names of the processing units does not limit the present invention. The processing by the first terminal device 10, the second terminal device 20, the third terminal device 30, the electronic device 40, and the information processing system 50 can also be divided into even more processing units depending on the processing content. Also, it is possible to divide one processing unit so that it includes even more processes.

The devices described in the examples are merely illustrative of one of several computing environments for implementing the embodiments disclosed herein. In one embodiment, the information processing system 50 includes a plurality of computing devices, such as a server cluster. The computing devices are configured to communicate with each other via any type of communication link, including a network, shared memory, etc., and perform the processes disclosed herein.

Furthermore, the information processing system 50 can be configured to share the disclosed processing steps, such as sequence diagrams such as FIG. 15, in various combinations. For example, a process executed by a specific unit can be executed by multiple information processing devices possessed by the information processing system 50. Furthermore, the information processing system 50 may be integrated into a single server device, or may be divided into multiple devices.

Each function of the embodiments described above can be realized by one or more processing circuits. Here, the term "processing circuit" in this specification includes a processor programmed to execute each function by software, such as a processor implemented by an electronic circuit, and devices such as an ASIC (Application Specific Integrated Circuit), DSP (Digital Signal Processor), FPGA (Field Programmable Gate Array), and conventional circuit modules designed to execute each function described above.

Reference Signs List 1 Service providing system 10 First terminal device 40 Electronic device 50 Information processing system

JP 2018-63580 A

Claims (10)

A service providing system including: an information processing system that permits use of an application based on a usage authority of a member registered in a group within a tenant; and a terminal device that communicates with the information processing system,
The terminal device
a display control unit that displays a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit that receives a selection of conditions for members to belong to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit that transmits the member conditions accepted by the operation acceptance unit to the information processing system,
the display control unit displays a list of the attribute information selectable in each item of the attribute information of the member in association with the item of the attribute information of the member;
the operation reception unit receives the item and the attribute information as conditions for the member;
The display control unit displays "is" or "is not" for the item and the selected attribute information,
the operation reception unit receives a selection of "is" or "is not" as a condition for the member in addition to the item and the attribute information;
The information processing system includes:
A service providing system comprising: a group management unit that registers the members who meet the member conditions in the group. If the member is a user,
The service providing system according to claim 1, characterized in that the items of the member's attribute information are tenant ID, user ID, password, last name, first name, email address, display language, country, status, account status, time zone, role, management group ID, UUID, external service account information, department, position, or location. If the member is an electronic device,
2. The service providing system according to claim 1 , wherein the items of the member attribute information are a tenant ID, a device ID, a serial ID, a device type, a registration date and time, an update date and time, a location, a state, or a version. A service providing system including: an information processing system that permits use of an application based on a usage authority of a member registered in a group within a tenant; and a terminal device that communicates with the information processing system,
The terminal device
a display control unit that displays a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit that receives a selection of conditions for members to belong to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit that transmits the member conditions accepted by the operation acceptance unit to the information processing system,
an operation receiving unit of the terminal device receiving identification information of a license belonging to the group;
the communication unit transmits identification information of the license to the information processing system ;
The information processing system includes:
a group management unit that registers the members who meet the member conditions in the group;
a license management unit that allocates the license identified by the license identification information to the member that meets the member conditions ;
A service providing system comprising: A service providing system including an information processing system that permits use of an application based on a usage authority of a member registered in a group within a tenant, and a terminal device that communicates with the information processing system,
The terminal device
a display control unit that displays a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit that receives a selection of conditions for members to belong to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit that transmits the member conditions accepted by the operation acceptance unit to the information processing system,
an operation reception unit of the terminal device receives information regarding members belonging to the tenant ;
The communication unit transmits a registration request for the member to the information processing system by specifying information about the member;
The information processing system includes:
a group management unit that registers the members who meet the member conditions in the group;
a member management unit that registers members based on information about the members;
the group management unit registers the member in a group in which the information about the member registered by the member management unit matches the conditions for the member;
A service providing system comprising: an operation reception unit of the terminal device receives a change to the conditions of the members belonging to the group;
The communication unit transmits the changed member conditions to the information processing system;
The group management unit of the information processing system removes the member who does not meet the changed member conditions from the group;
6. The service providing system according to claim 5, wherein the members who meet the changed member conditions are registered in the group. an operation reception unit of the terminal device receives a change to the conditions of the members belonging to the group;
The communication unit transmits the changed member conditions to the information processing system;
7. The service providing system according to claim 6 , wherein the member management unit of the information processing system changes information about the member that matches the member's conditions before the change to the member's conditions after the change. A group management method performed by a service providing system having an information processing system that permits use of an application based on a usage authority of a user registered in a group within a tenant, and a terminal device that communicates with the information processing system, comprising:
The terminal device
a display control unit displaying a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit receiving a selection of conditions for members belonging to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit transmitting the member conditions accepted by the operation acceptance unit to the information processing system;
a step of displaying a list of the attribute information selectable in each item of the attribute information of the member by the display control unit in association with the item of the attribute information of the member;
a step of the operation receiving unit receiving the item and the attribute information as a condition for the member;
the display control unit displays "is" or "is not" for the item and the selected attribute information;
the operation reception unit receiving a selection of "is" or "is not" as a condition of the member in addition to the item and the attribute information;
The information processing system includes:
13. A group management method comprising: a step of registering, in the group, the members who meet the member conditions, by a group management unit. A group management method performed by a service providing system having an information processing system that permits use of an application based on a usage authority of a user registered in a group within a tenant, and a terminal device that communicates with the information processing system, comprising:
The terminal device
a display control unit displaying a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit receiving a selection of conditions for members belonging to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit transmitting the member conditions accepted by the operation acceptance unit to the information processing system;
a step of receiving identification information of a license belonging to the group by the operation receiving unit;
the communication unit transmitting identification information of the license to the information processing system ;
The information processing system includes:
a group management unit registering the members who meet the member conditions in the group ;
a license management unit allocating the license identified by the license identification information to the member who meets the member condition;
13. A group management method comprising: A group management method performed by a service providing system having an information processing system that permits use of an application based on a usage authority of a user registered in a group within a tenant, and a terminal device that communicates with the information processing system, comprising:
The terminal device
a display control unit displaying a new group creation screen that accepts settings of attribute information of members belonging to the tenant;
an operation receiving unit receiving a selection of conditions for members belonging to a group from the attribute information of the members displayed on the new group creation screen;
a communication unit transmitting the member conditions accepted by the operation acceptance unit to the information processing system;
a step of the operation reception unit receiving information regarding members belonging to the tenant ;
the communication unit designating information about the member and transmitting a registration request for the member to the information processing system;
The information processing system includes:
a group management unit registering the members who meet the member conditions in the group ;
A member management unit registers a member based on information about the member;
a step of the group management unit registering the member in a group in which information about the member registered by the member management unit matches a condition for the member;
13. A group management method comprising:

Images