Managing Users |
|
A user refers to one who accesses Process Platform and performs administrative operations or develops applications on Process Platform. Users must identify themselves with a User ID to access Process Platform. User ID governs the authorization of a user to perform any action. Once the user logs into the Process Platform environment, the webserver validates these credentials and accordingly provides access to the user.
Users in Process Platform can access applications based on the roles assigned to them. These roles determine the scope of user actions. As an administrator, you can assign the necessary roles and govern the user behavior. Users can be of following types:
- External Users: These users are created by Cordys, but authenticated by external component or Identity providers such as Windows Authentication, Web server authentication. Also, SAML2 supports Identity Providers like OpenSSO. Such users do not need a password, as they are authenticated outside Process Platform environment.Example: ntdom/gharry, where ntdom is the domain and gharry is login ID.
- OpenText Process Suite Platform Users: These users are created and authenticated in Process Platform itself. To create OpenText Process Suite Platform Users, you must define their login ID and Password. Process Platform authenticates these users using their login credentials. When the user is authenticated, the Process Platform SSO component will provide a signed SAML assertion and a cookie based security artifact. Whenever, a user requests for services, this cookie based security artifact is validated and used to identify the user. To login as custom users, you must configure anonymous access in either IIS or Apache Web Server.
Example: gharry/Pswd, where gharry is the login ID and Pswd refers to the password provided. Note: A OpenText Process Suite Platform User and External User cannot operate concurrently in a Process Platform environment. Configuring anonymous access in the Web server will allow the OpenText Process Suite Platform Users to log into Process Platform environment . However, this change in the context of authentication will not recognize the External Users. Hence, you must switch the context and login either as a OpenText Process Suite Platform User or a External user at a time. - Certified Users: To create a certified user, you associate a digital certificate for every user being created. These certificates contain information about whom does it belong to, who issued it, a unique serial number or any other identification information. As you create users, you upload a digital certificate for every user and depending on the certificate, the User ID is generated (which is the combination of issuer DN and serial numbers). When the users try to log in using the certificates specified during their creation, IIS validates these certificates and judges the identity.
Example: O=system,CN=monitor@CIN0643+175471915373153685653046787255459759178.Note: To log in as a certified user, you must use https instead of http in the URL to access Process Platform. Example: https://<Machinenumber>/cordys.
Note:
If a user is created with the same ID of an existing authenticated user, the user can be mapped to that authenticated user. However, this mapping is possible only if both the users belong to the same type of users. For example, Let us assume that you have already created a domain user A1 and if you try to create a custom user called A1, you cannot map it to the pre-existing domain user A1, as they do not belong to the same category of users. While, if you have created a custom user called A1 and are trying to create another custom user A1, you can be ensured to connect them.
In addition, you can map these same type of users with same IDs in different organizations only.
Working with User Manager
User Manager enables the administrator to perform the following tasks:
- Creating a User
- Creating Multiple Users
- Cloning a User
- Disabling Users
- Deleting Users
- Assigning Roles to Users
- Revoking Roles from Users
- Assigning Tasks to Users
- Revoking Tasks from Users
- Assigning Teams to Users
- Revoking Teams from Users
- Viewing User Profile
- Changing the Default Organization of a User
Views in User Manager
The User Manager view is split into two panes: the left hand pane and right hand pane. Depending upon the view selected, the User Manager artifacts are displayed in the corresponding panes.
There are seven different views in User Manager:
- Users - Roles: To display users list on the left hand pane and Roles on the right hand pane
- Roles - Roles: To display roles and associated roles
- Roles - Users: To display Roles on the left hand pane and users list on the right hand pane
- Roles - Tasks: To display list of Roles and associated Tasks
- Users - Tasks: To display list of users and associated tasks to the selected user
- Teams - Users: To display list of Teams and associated users to the teams
- Users - Teams: To display the users list and the teams they are associated to
Show All
The Show All feature is applicable to the artifacts in the left pane of the User Manager only. When you click Show All, based on the view selected, all the corresponding artifacts will be displayed in the left pane.
Search for users
The default view in the User Manager is Users - Roles which displays only the users who are currently logged. The Search feature helps you to search for an artifact in the left pane of the User manager.
- To search for an artifact, type any character(s) in the name of the artifact. For example, to search for the user with the name 'John', you can enter the characters 'J', 'Joh' or 'Jon'.
- The list of the artifacts matching with the search criteria will be displayed. To view all the artifacts, leave the search field empty and click on the search button.
All the artifacts are displayed in the left pane according to the selected view.