Users
Administration Page | Application/Contract | Syracuse/Collaboration | Class | Users | Representation | user |
---|
Version 7 web client is able to display, in a single dashboard, several portlets linked to different endpoints, and every endpoint (a Sage X3 folder) has its own user list.
A single sign on is managed by the platform, which is why the version 7 administration platform supplies a global management of users that are linked to endpoint users (a user table in a Sage X3 folder).
The administration definition page includes the following sections:
LOGIN | INFORMATION | ADMINISTRATION | CUSTOM LOCALES | EXPLORER |
Defines the login information with the following fields:
This field provides the account ID requested when the user connects to the platform. When the login is successful using basic authentication (see Global settings), the actual login name is case insensitive.
If this check box is cleared, the user is not active and cannot be connected.
This field defines the user's authentication policy. When the field value is set to Standard, a default global policy setting is used. This default setting is managed in the Global settings function. If other values are selected, the user has a different setting. The list of policies usable is defined in the nodelocal configuration file. The values possible are the following:
DB is used as an alternate value when no other standard authentication exists. In this case, a user password must be entered with a confirmation and is stored encrypted in the mongodb database. A (common) user, who does not have write access to the users table, must enter the old password before entering a new password. An (administrative) user who has write access to the users table, can set a new password without entering the old password. The (administrative) user can also select a check box on a user's account page so that the corresponding user has to change the password upon next login.
LDAP (Lightweight Directory Access Protocol) means that the control is done using an access to an LDAP directory. In that case, an authentication name must be provided and the reference to an LDAP directory must be provided.
OAuth2 means that an Oauth2 authentication protocol is used. In this case, the reference to an Oauth2 server must be provided.
SAML2 means that a SAML2 authentication protocol is used. In this case, the reference to a SAML2 identity provider must be provided.
This field is displayed if either Standard or DB authentication is selected. A Confirm password field follows where the exact value of the password field should be entered to be able to proceed.
Only characters from the character set ISO 8859-1 are allowed for passwords in a basic authentication.
This setting allows you to ignore controls related to the expiration delay of the user's password. For example, this parameter can be useful for users created specifically for authentication in some flows such as web services.
This field is displayed only when either Standard or DB authentication is selected. When this check box is selected for a user account, the user is redirected to another page after login to enter and confirm the new password before access to the application is granted.
This field is displayed only when the authentication is done through an external ID provider (such as Oauth2, SAML2, Sage ID). This signature code could be used in order to secure some modifications. More information about this feature is given in the following document.
This check box defines if the record is supplied as a factory record. When this happens, a factory code is also displayed and can be entered if you are a factory provider. This features allows to prevent some modifications on records supplied by defaut by Sage or by a vertical solution provider. More information about this feature is given in the following document.
This section defines the general information about the user such as gender, first name, last name, email, and photo.
This radio button menu defines the user's gender.
This field indicates the user's first name. This information is optional.
This field indicates the user's last name. This information is mandatory.
This field indicates the user's email address, but can be blank. The structure of the value entered is checked to verify its conformity with email address format.
This field indicates the user's CTI id, but can be blank. The CTI id identifies the user in a business VOIP system.
A user's photo can be downloaded, replaced, or removed from the client.
This section defines the administration data linked to the user.
This field provides a list of groups the user is a member of. According to the groups a user is member of, several roles will be available for the user, thus defining the access rights on the platform entities.
The list of endpoints a user can connect to is defined at the group level. When a group grants access to an endpoint, any member of the group can have access to the endpoint.
By default, the connection to a Sage X3 endpoint is performed with a Sage X3 user login equal to the user's default account. If the Sage X3 user login is different from the endpoint's default account, you can change it in this array.
* The User Login column defines the Sage X3 user login. The value entered can only include upper case characters and digits. If you enter lower case characters, the "incorrect format" message will be displayed.
* The Endpoint column defines the endpoint associated with the Sage X3 folder.
There are 2 services available for each line of this array (from a link on the line):
* Create X3 user : An X3 user will be created in the corresponding endpoint. In this case, the code of this user and the login will be the same and must fit with the code format (5 digits). The endpoint must be an X3 endpoint. The service finds out all possible roles according to the groups of the user and collects all possible profession codes for these roles in the mapping of roles to menu profiles and profession codes for that endpoint. Then a list of possible profession codes will be shown. When a profession code has been selected, the system will try to create that user. The X3 user code, login, name, given name, email address will be taken from the current user. Moreover special settings for that user will be taken from the profession code (you can edit profession codes in GESAME).
* Data of X3 user : This opens the screen (GESAUS function) in a new browser tab, where you can view and edit the data of that X3 user.
For each BO server, the security policy (secEnterprise or secLdap) as well as the BO credentials can be directly defined for the user. These settings take priority if a BO profile is also linked to the Role. Note that if the BO server has a "Direct connection for LDAP", these settings are ignored for users using LDAP authentication.
When this check box is selected, an operating system user name and password can be entered. This information is necessary to connect to a SAFE X3 server (for example, Sage X3 version 5 or 6).
These fields provide a list of teams where the user has administrator, author, or member privileges. Teams can be added using the Add link, or from the team definition. When this link is used from the author or member list, the current user is added to the list of authors or members.
When a user is connected, the user can select a default locale settings parameter by choosing a locale code in User preferences. This is defined in the locale table.
This section allows you to define one of the following:
The information that must be entered is the same as the information for the locale management.
This widget presents the links between a user and different entities the user is linked to. The user is represented as a central circle with its name. For more information about the link explorer, see the UI Definition Link Explorer document.