User Creation Settings¶
When creating a new user, there are several options to select from with regard to setting a new password for the user. These options can be selected on the User Creation Settings page. Only one setting can be active at any given time.
By selecting the current setting and pressing the edit button, you will be taken to an assistant where new settings can be selected.
Password for new users¶
One of the following options can be used to set the passwords for the new user.
|Ask||: Initially a password is not set. Use the Set Password option to manually create a password after User creation (default option)|
|: Highly recommended to use in customer production environments. A password will be sent to the new Users email upon selecting "first time logging in" on the login page. Setup your Email Server for IAM before selecting this option.|
|Username||: The password will be set to the new Users Username. The User will be prompted to change this upon the first login. Not recommended for customer production environments. Use in Test and Development environments.|
|Custom||: The administrator chooses a custom password. This will be set for all new Users upon creation. The User will be prompted to change this upon first login|
Multiple logins for users synchronized through SCIM¶
This decides the IDP the users synchronized through SCIM will use to log in. By setting this flag to OFF, the Default IDP will be set to false for all users synchronized through SCIM.
Note: When updating a user with a changing Default IDP, the IAM user will be deleted for that particular user.
Creating a new User¶
To create a new User, navigate to the User or Users page in Solution Manager. This can be found under Users and Permissions. The "+" button is used to open the Creating a new User option.
Inside the Creating a new User option, the fields highlighted in red are mandatory fields that need to be filled in.
- Identity - A unique identifier for a User in IFS Cloud
- Directory Id - Used for System Authentication. The IAM user's username will be fetched from/matched to this ID. Hence this will be used as the username when logging in to IFS Cloud.
- Description - A user description. Normally set to the User's full name.
- User Type - Should be set to End User for normal IFS Cloud End users and Service User for users that are used for integration purposes. Service users can not log in to the IFS Cloud application directly.
- Default IDP - The option to disable the default IDP. If you are not connected to an external IDP (eg: Azure), this should always be set to ON, as users will only log in through the default IDP. If an external IDP is connected, administrators can decide which IDP to use. If this Property is set to OFF, it will only allow the particular user to log in through the External IDP. If it is ON, it allows the user to log in through both the external IDP and the default IDP. At first login, you will be asked to enter the password to validate.
- LTU User - LTU user is derived based on the permission grants that a user is given. A user that has only LTU permissions will be considered an LTU user. Otherwise they will be considered a Full User.
Preferred Language and User Email are not mandatory. If User Creation Settings are set to Email, the User needs to have an Email address connected to receive a password.
IAM User Details¶
IAM User is the entity that handles the real authentication for IFS Cloud. For a particular user, there will be a synchronized IFS IAM user, which is displayed here. IFS User's DIRECTORY_ID is equal to the username here. This is only to view the users created/synchronized automatically, and no user can be created from this page.
Unlock User: Allows administrators to unlock the user from the user details page itself. eg. When a user has got locked due to a Brute force attack. (use of incorrect password).
Delete User: Allows administrators to delete the IAM User from the user details page itself. Deleting an IAM user will not delete the IFS User. After deleting, the user can log in again as the first time login attempt.
This is for PunchOut integration. For more details refer to the PunchOut Integration page.
Connect to Person¶
The person object in the system defines information which is valid for the person and not necessarily for a user of IFS Applications, such as addresses, phone numbers and picture. You can connect a user to a person by enabling the Create Person toggle when creating a new User. This will be enabled by default.
Assigning Permission Sets¶
Permission Sets are used to grant access to Projections, Lobby Pages, Reports, Workflows and System Privileges. Permission Sets are directly granted to a User in order to give the user this access. More about the Permission Set concept can be found here.
Permission Sets can be assigned to the User by navigating to User Permissions on the left hand side.
Pressing Grant Permission Sets will toggle an assistant which allows the administrator to choose Permission Sets to grant the User.
A password can be Set or Expired by using the Set Password and Expire Password options on the User Details page. Selecting Set Password will prompt a assistant to open up. This allows the administrator to set a new Password for the User. If the Temporary switch is enabled, the user will be prompted to set a new password upon login.
Rules with regards to setting a new password can be set. More information about password policies can be found here.
To view or change which companies or sites a user operates on open the Companies tab. Set the companies and sites that should be available to the user. Selecting a site for a company which is not selected will prompt you to also select the company.