Overview

Purpose and Security Responsibilities of a SysAdmin

• The System Administrator (SysAdmin) role in the DEXIT software application serves as the cornerstone of the system's security infrastructure. 
• SysAdmins are entrusted with the critical responsibility of establishing and maintaining the overall security posture of the application across all tenants. 
• They implement organization-wide security policies, manage authentication mechanisms, monitor system access, and ensure compliance with relevant data protection regulations. 
• As the highest level of system authority, SysAdmins must carefully balance providing necessary access to users while safeguarding sensitive information and maintaining system integrity. 
• Their actions directly impact every aspect of the application's security, making it essential that individuals in this role possess both technical expertise and a thorough understanding of security principles.
• System Administration Guide: Account Management and Login Security

Creating Administrator Account (SysAdmin)

• The first user in the database has to be a SysAdmin level user, and this user cannot be deleted if other users exist. 
• Note: The access levels in the system are hierarchical, with more powerful roles having higher levels. The SysAdmin has the highest security access level.
• Best Practice: Maintaining at least two SysAdmin users is strongly recommended to ensure system accessibility.

The Login Paradox

System Setup Challenges

The system is initially configured by Administrator or SysAdmin users. For any user to successfully log in, they must meet all the requirements defined in the system configuration.

However, this creates a potential paradox:

- If the system configuration cannot validate any Administrator or SysAdmin user, then no one can log in to fix the system setup.

- When the program is first installed, no users exist, so the initial user is automatically logged in as a SysAdmin.

- If users already exist, but the Admin user can no longer log in, how can the settings be corrected?

Example Scenario

Consider a system configured to use Active Directory authentication. This requires proper communication settings with the Active Directory server (server name, port number, etc.). If these settings become invalid, users depending on Active Directory authentication cannot log in to correct them.

Recommended Solution

To prevent this login paradox, create a SysAdmin user who uses local credentials rather than Active Directory credentials. See "User Login Type" documentation for more details on implementing this approach.

Redundancy Best Practices

- Maintain at least two SysAdmin users in the system at all times.

- If one SysAdmin account becomes inaccessible, the other can be used to restore functionality.

- When using Active Directory authentication, maintain at least one local user account with SysAdmin privileges to serve as a fallback in case Active Directory credentials are unexpectedly changed or become inaccessible.

SysAdmin User and Multi-Tenant Management

Permissions and Capabilities

If a user has the user access level of SysAdmin, they are able to manage the multi-tenant setup. SysAdmin users can:

- Create new tenants

- Create users and groups for tenants

- Maintain access rights across all tenants

A SysAdmin user is assigned to a specific set of settings and policies (such as password requirements), and these will apply to them.

Managing Tenants

A SysAdmin has access to the SecwinBrowseTenants procedure, which enables them to:

- Create new tenants

- Create users and groups for those tenants

In most cases, when creating a new tenant, users will need to be created as well. At the very least, an Administrator user should be created for that tenant so they can add more users and groups.

Features for Tenant Management

The SecwinBrowseTenants screen includes a COPY button that allows you to copy settings from an existing tenant when making a new tenant. This feature will copy:

- Settings

- Groups (including Group Access Rights)

When accessing the GlobalSetAccess screen, a SysAdmin will see the settings for all groups and all operators/guests across all tenants.

Description

Creating SysAdmin Account - Purpose and Security Responsibilities

The SysAdmin (System Administrator) role represents the highest level of authority within the DEXIT application, forming the foundation of its security architecture. 

When creating SysAdmin accounts, organizations must recognize the significant responsibilities these users will hold:

Core Security Responsibilities:

• Establishing and enforcing the security framework across all tenant environments
• Implementing comprehensive authentication policies and access control mechanisms
• Conducting regular system monitoring and security audits
• Ensuring organizational compliance with data protection regulations and industry standards

Critical Balancing Act:

• SysAdmins must skillfully balance operational functionality with robust security protections. This requires thoughtful consideration when granting access privileges while simultaneously safeguarding sensitive data and maintaining system integrity.

System-Wide Impact:

• Every configuration decision made by a SysAdmin affects the entire application ecosystem. This extensive influence necessitates that individuals appointed to this role possess not only advanced technical proficiency but also a comprehensive understanding of information security principles and best practices.

Creating Administrator Account (SysAdmin)

• The first user in the database has to be a SysAdmin level user, and this user cannot be deleted if other users exist.
• Note: The access levels in the system are hierarchical, with more powerful roles having higher levels. The SysAdmin has the highest security access level.
• Best Practice: Maintaining at least two SysAdmin users is strongly recommended to ensure system accessibility.

Congratulations - Your Data Privacy Protection is Complete

Security Implementation Milestone

You have successfully completed two critical security steps:

• In Step 7 - Security Policy (specifically section 7.1), you defined your basic Security Policies
• You have established Security Administration by creating the SysAdmin user account

With these essential components in place, your data privacy and protection measures now meet our highest recommended standards.

System Security Enforcement

• DEXIT now automatically enforces your security policies across the entire system:
• Users simply need to enter their correct UserID and Password
• The application handles all security policy enforcement
• Access controls are applied consistently based on your defined policies

Secure Access Control

• Moving forward, all system access is protected:
• The application will present the user Logon form for all access attempts
• No access to the software will be permitted without verification of valid user credentials
• All user activity will be governed by the security policies you've established

Your organization's data is now protected by a comprehensive security framework that balances usability with strong protection measures.

Security Is Cabinet (Folder) Specific

Understanding Cabinet-Level Security

• DEXIT implements a "Program-Level-Security" model, which means security is managed at the individual cabinet level rather than globally across the application. 
• While users can create and store data across multiple Cabinets (as outlined in Step 3 Create Cabinet), each cabinet maintains its own independent security configuration.

Critical Security Implementation Note

**IMPORTANT:** Each cabinet requires its own complete security setup. This cabinet-specific approach provides enhanced data isolation and protection but requires administrative attention when setting up new cabinets.

Required Setup Steps for Each Cabinet

For every cabinet in your DEXIT environment, you must complete the following sequence:

1. Step 3 - Create Cabinet

2. Step 4 - License Key

3. Step 7 - Security Policy

4. Step 8.1 - Create SysAdmin User

5. Step 8.2 - Create Operator Users

6. Step 8.3 - Create Teams (if applicable)

Benefits of Cabinet-Level Security

This granular security approach allows organizations to:

• Implement different security policies for different data collections
• Assign specific administrators to manage particular cabinets
• Create custom access control schemes based on departmental or functional needs
• Establish varying levels of protection based on data sensitivity

Administrative Considerations

• Administrators should carefully plan cabinet creation and security implementation to balance security requirements with administrative overhead. Documenting the security configuration for each cabinet is strongly recommended for ongoing management and auditing purposes.

Steps to Create SysAdmin Account:

Note: Creating User accounts starts after the completion of steps 7 - Security Policy. If you haven't completed the steps in the Security Policy section do so now and then return to Create SysAdmin User.

1) Open the System Admin Menu Option

2) Select Users

3) The Security Users browse list will appear and their will be no entries in the list.

4) To start the process of adding the user SysAdmin - Click on the Insert button

5) When the Insert button is selected the "Update User" form will appear, with focus on the "General" TAB.

6) The User Level "SysAdmin" radio button will be enabled by default. The first user created MUST be a User Level: SysAdmin

7) Complete the entry of the following fields on the form: the values used are for illustration purposes only.

• User Login:            SysAdmin 
• User Name:            SysAdmin
• New Password:       sysadmin143$ - while entering the password it will not be visible, to view the password right click the field and select 'Toggle'

                         

• Email: youremail@emailco.com - this should be your/the SysAdmin's user email account 

     - Validated: 'check' this  box to validate your email is correct

• Phone: +# ###-###-#### - this should be a valid phone number and can be prefixed by the + and country code

     - Validated:          'check' this  box to validate your email is correct

• The following illustrates what your completed "General" tab information should resemble:

8) Click the "Other" TAB"

9) Click the radio button associated with Login Type "Program Login"

10) Click the Lookup button associated with the Company:

Note: Requiring Steps (11 thru 14) are temporary and will be set by default in a future release because not all users will use this feature.

11) Once the lookup button has been clicked in step #10 above the "Companies" panel will appear.

12) The "Default" company will already be selected.

13) Click the "Select" button

14) Click the "Close" button.

15) To save and Update the setting created for the SysAdmin user click the [ OK ] button.

16) Security Users browse list will appear

17) The newly created "SysAdmin" record will appear as the first record in the list.

18) Process Complete - click the "Close" button

SysAdmin Account Created

You have completed the steps to create the SysAdmin Account. 

19) In the last step you clicked the [ Close ] button, immediately after that you will be returned to the main application panel as illustrated below.

20) Click "Exit DEXIT" (Close the application) 

Next Step - Create Operator User - Using SysAdmin Account Login

• Restart DEXIT and continue with 8.2 Create Operator user in the User Reference Guide.
• Creating the Operator will follow the exact same steps as creating the SysAdmin account.
• The setting changes for creating an Operator User account will be highlighted in step 8.2 of the User Reference
• The next time and all future times DEXIT is started the user will now be required to enter a UserID and Password to gain access to the application.