Access
 		Previous Topic  Next Topic 

Administrator / SysAdmin


The system is setup by Administrator, or SysAdmin users. In order to login, a user has to meet all the requirements of the system. If the system is set such that it cannot validate any Administrator or sysAdmin user, then no-one can login to fix the system setup.


When the program is first installed, no users exist, so the user is logged in as a sysAdmin. However if users already exist, and the Admin user can no longer login, then  how can the settings be corrected?


For example, say the program is set up to use Active Directory authentication. This requires that the program be set up to communicate with the Active Directory server (server name, port number etc). What happens if those settings are, or become, invalid. How then to log in to correct the settings. A solution to this is to create a SysAdmin user who uses local credentials, not Active Directory credentials.


Generally speaking, the existence of at least two SysAdmin users is a good idea. If the ability for one of them to login is lost, then the other can be used to restore the first one to working order. When using Active Directory authentication the use of one local user  is recommended in case the Active Directory credentials are changed unexpectedly.


SysAdmin


If a user has the user access level of SysAdmin, then they are able to manage the multi-tenant setup. They are able to create new tenants - create users, and groups, for tenants, and generally maintain the access rights - across all the tenants.


A SysAdmin user is assigned to a specific set of settings and policies, (such as password requirements) and these will apply to her.


A SysAdmin has access to the Browse Tenants, and from here can create new tenants, as well as users and groups for those tenants. In most cases when creating a new tenant, users will need to be created as well (at the very least an Administrator user for that tenant so they can add more users and groups)


In the Browse Tenants a COPY button exists to allow you to copy settings from an existing tenant when making a new tenant. This will copy the Settings, and Groups (including Group Access Rights).


When accessing the Set Access screen, a SysAdmin will see the settings for all the groups, and all the operators/guests for all the tenants. 



Changing Password


When a user is logged in they are able to change their password by going to the Change Password procedure. 


The user will need to enter the old password, and a new password.


The new password will need to conform to the Password Policies.



Remember Password


One of the settings that the end-user can choose to activate is allowing a user login to be remembered.


This makes sense when the user is accessing the program from their personal computer or device, and where the penalty for someone else logging in as them self is limited. Of course if a different person gets access to the device then access to the program is compromised.



On the web the token is stored as a cookie. It can be erased by the user simply by clearing their cookies (or by clicking on Logout). The browser usually protects cookies, as long as the connection to the server is secure (ie using TLS). These tokens are not bound to the device though, so should be used with care. In both desktop and web cases, if the user expressly logs out  then the token is deleted on the server, and the client,  and thus any (client side) copies of the token become useless.


Tokens have an expiry date - by default 30 days. This is one of the settings set by the SysAdmin when setting the Runtime Settings. Setting the expiry days to 0 means that the tokens do not expire.