User Creation Settings¶
When creating a new user there are several options to select from with regards to setting a new password for the user. These options can be selected on the User Creation Settings page. Only one setting can be active at any given time.
By selecting the current setting and pressing the edit button you will be taken to an assistant where a new settings can be selected.
Options to choose from are the following:
|Ask||: No password set initially. Use Set Password to manually create a password after User creation (default option)|
|: Highly recommended to use in customer production environments. A password will be sent to the new Users email upon selecting "first time logging in" on the login page. Setup your Email Server for IAM before selecting this option.|
|Username||: The password will be set to the new Users Username. The User will be prompted to change this upon first login. Not recommended for customer production environments. Use in Test and Development environments.|
|Custom||:Administrator chooses a custom password. This will be set for all new Users upon creation. The User will be prompted to change this upon first login|
Creating a new User¶
To create a new User, navigate to the User or Users page in Solution Manager. This can be found under Users and Permissions. The "+" button is used to open the Creating a new User option.
Once the Creating a new User is opened, a few of the fields are marked as red. These are the mandatory fields.
- Identity - Unique identifier for a User in IFS Cloud
- Directory Id - Same as Identity if System Authentication is used. If a User is created/used in an external Identity Provider, this should be set to the external Directory Id
- Description - User Description. Normally set to the Users full name
- User Type - Should be set to End User for normal IFS Aurena users
- Default IDP - Option to disable Default IDP. If this is disabled, user can only log in through External Identity Provider. If set to YES, it will merge the External IDP account with Default IDP account.
- LTU User - A user that has only LTU permissions will be considered an LTU user. And, if a user has both LTU and non-LTU permissions, will be considered a Full User.
Preferred Language and User Email are not mandatory. If User Creation Settings are set to Email, the User need to have an Email address connected in order to receive a password. LTU User is a not editable. After creating a user, this will provide whether the user is LTU user or Full user.
Connect to Person¶
The person object in the system defines information which is valid for the person and not necessarily for a user of IFS Applications, such as addresses, phone numbers and picture. You can connect a user to a person by enabling the Create Person toggle when creating a new User. This will be enabled by default.
Assigning Permission Sets¶
Permission Sets are used to grant access to Projections, Lobby Pages, Reports, Workflows and System Privileges. Permission Sets are directly granted to a User in order to give the user this access. More about the Permission Set concept can be found here.
Permission Sets can be assigned to the User by navigating to User Permissions on the left hand side.
Pressing Grant Permission Sets will toggle an assistant which allows the administrator to choose Permission Sets to grant the User.
A password can be Set or Expired by using the Set Password and Expire Password options on the User Details page. Selecting Set Password will prompt a assistant to open up. This allows the administrator to set a new Password for the User. If the Temporary switch is enabled, the user will be prompted to set a new password upon login.
Rules with regards to setting a new password can be set. More information about password policies can be found here.
To view or change which companies or sites a user operates on open the Companies tab. Set the companies and sites that should be available to the user. Selecting a site for a company which is not selected will prompt you to also select the company.
To decide which IDP to login.
- If no external IDP(eg: Azure) connected, this should always set to ON as users will login through default IDP only.
- If an external IDP connected, Administrators can decide which IDP to use. If this Property set to OFF, it will only allow the particular user to login through External IDP. If it is ON, it allows the user to login through both external IDP and Default IDP. Also at first login, it will ask to enter the password to validate. You can set this flag to OFF for all users synchronized through SCIM by changing the System Parameter "Multiple login for users synchronized through SCIM"
Note: If you directly create users from the IFS Application, Please do not include @ for Directory ID and leave the Identity equal to Directory ID. This does not apply for the users created through SCIM.