6.3.Users in contentACCESS
All currently present contentACCESS users are listed on the Users page (open it with navigating to System => Security => Users button).
Initially there is only one user present in contentACCESS, and this is the system administrator with the internal system account (user: system; PW :c0ntent@ccess). The basic user information (display name, ID number and role) are featured in the respective columns of the grid. The role defines the permissions that the given user has in contentACCESS.
Users’ context menu
The users’ context menu allows the following operations:
The detailed user information can be accessed by selecting option “Edit” in the user’s context menu (the logged on user can access his own user details by clicking “About me” in the upper right user menu). With this option the User details (or About me) page opens.
Screenshot A: Details of the selected contentACCESS user
Screenshot B: Details of the logged on user
- Section “User details”
- Online (green): means there was an interaction in the last 5 minutes
- Away (yellow): the user is logged in, but inactive in the last 5 minutes. If the user has clicked the Remember me when logging in, then he will be displayed as Away until his token expires
- Offline (red): the user does not have any login session
In this section you can find the given user’s display name (i.e. his name in contentACCESS), and the information about the the user’s status. To change the actual display name, enter the desired name in the text field, and save your changes.
The user’s status signalizes if the user is:
Section “Security information”
Here you find the user’s display name, the role(s) assigned to the given user and a description about the user’s rights. Each role assignment has a flag. Manual flag means that the given role was assigned manually. Manual permissions are not changed/removed by the automatism. Automatic flag means that the role was assigned by the provisioning job. Automatic flag is marked with “(100)”.
Section “User logins”
New user logins can be assigned to a user in the User logins section. By clicking “+new” in this section the “Add new login” window opens.
In the Add new login window, select a provider configuration that the given user will use when logging into the given application. The providers, that where configured on the Login providers page (for more information check “Login providers”) can be selected here. Windows and Forms authentications are enabled by default. Multiple user logins are not enabled for Forms and Windows login providers.
Change password, Reset password context menu options:
By the Forms type login accounts, the administrator can change the user’s actual login password. The administrator must have Manage tenant permissions to change, and/ or to reset the password of a user.
To change the password, just select this option and enter the old, new, and confirm the new, desired password in the pop-up window:
If the password has been lost or forgotten, use the Reset password option to create a new one. New passwords can be created manually (just type the desired password to the appropriate text field), or generated randomly (click option “Generate password”). If you wish to send a notification about the reset password, check this option and enter the email address where the password should be sent. At the next notification job run the new password will be sent to the email address specified in the dialog. This configuration is optional.
Section “User login sessions”
At the bottom of the User details page, there is a list of active login sessions (if the user logged in in officeGATE, contentWEB etc., then all these apps will have a separate login session; if the user is logged in from different browsers, there will be separate login sessions for each browser as well). From that page, the administrator can also log off an existing user. Once the logoff is done, the user will be redirected to the login page on the next click in the given application.
Creating/inviting contentACCESS users
When you create/invite user(s) in contentACCESS, always follow these steps:
Any new users/existing users (with new roles/permissions) can be added to contentACCESS on the Users page. To create/invite a user, click “Create or invite user” on the Users page (System tab => Security group => Users page).
The Create/Invite user dialog pops up, where you need to choose one of the user adding methods (Create new user/Invite user) and fill the necessary parameters into the dialog.
Option “Create new user”
Mark the “Create user” option in the Create/Invite user dialog and continue with the following settings:
Type in the user’s name into the dialog box, and choose an authentication provider configuration from the Login type dropdown list. Forms and Windows providers can be selected by default. (Other provider configurations need to be set on the Login providers page first.) If you select the Forms type (as in this use case), then the login credentials must be also entered into the dialog.
Further select a (default or predefined) role that will be assigned to the given user – in this use case we are creating a tenant administrator, so we select this role from the list. The globally allowed permissions of the selected role get displayed in the window. These can be shown/hidden.
Save your settings. In case that you have assigned a role containing at least one “Specific” permission, you will be automatically redirected to the Assign specific permissions page, where you can further specify these specific permissions of the role assignment. This will be described later in section “Roles”.
Option “Invite user”
Invitation is another way of how to
To send an invitation for an already existing or potential contentACCESS user, click the “Invite user” option.
The pop up dialog requires to fill the email address, where the invitation will be sent and the role that should be assigned to this user. If you are ready with the necessary configurations, click “Save”. In case that you have assigned a role having at least one “Specific” permission, you will be automatically redirected to the Assign specific permissions page, where you can further specify these specific permissions of the role assignment. This will be described later in section “Roles”.
The next running notification job (must be configured in System => Services => Notifications) will send the invitation for the respective user. You can start this job manually as well.