Managing Users

Users are people in an organization with access to the Manager software. The main Administrator user account is created during Manager installation and is assigned permissions that allow or restrict access to the Manager, systems, and tasks.

To add, edit or copy a user:

1. Navigate to Administration > Users > List.
2. Click Add, or select an existing user and click Edit or Copy.

You can use the copy feature to create additional users with the same properties and permissions.

User list columns can be displayed or hidden by clicking the arrow icon beside the column label and selecting the desired columns. The column order can be changed by clicking and dragging a column to a new location.

Deactivating or Activating Users

Deactivating a user restricts their access to the Manager without deleting their account. The user's information remains in the database, but they cannot log into the Manager until they are reactivated.

To deactivate or activate a user:

1. Navigate to Administration > Users > List, select the user and click Deactivate or Activate.
2. Click Yes.

Deleting Users

When you delete a user, can choose to delete the user’s reports and access controls, or transfer the data to another user, along with jobs, job template libraries, and reports created by the user.

To delete a user:

1. In Administration > Users > List, select the user and click Delete. If the user is associated with any objects, you are prompted to transfer the deleted user's job template libraries and access permissions to another user.
2. Select a user to whom you want to transfer the deleted user's template libraries. You cannot transfer jobs or packages to other users.
3. Click OK.

Editing Password Settings

Passwords are checked against the Password Strength Policy set in the user settings. You can edit user password policies by selecting Settings in the Administration > Users > List.

The password strength checker is enforced when new accounts are created or activated and when passwords change. Directory services passwords are not checked for strength.

To specify password settings:

Enable User Reactivation
Enable this option to allow locked users to be reactivated after a specified time period. This setting is applicable to users who are deactivated as a result of failed login attempts. In Time To Reactivate Users (Hours), enter the number of hours until reactivation occurs.

Password Strength Policy
You can edit default password settings to match your password policy. The settings in the Password Strength Policy control all system passwords for users created or edited in the Manager or using REST APIs.

Enable Manager password expiry
To configure a password expiry for the Manager password and in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password.

Note: Password reset requests are recorded in the Manager log.

Creating User Notification Messages

Customized user notification messages can be created under Settings in the Administration > Users > List. It is recommended that you not exceed 2,000 characters per message. To stop a message from appearing, you must delete the content from the appropriate box.

Your message can include HTML links to external web pages.

<a href="https://example.com">Example User Notification Link</a>

Announcement Message
This message appears once users log in.

Login authorization message
Users see this message prior to logging in. A typical message is a licensing agreement.

Exporting a List of Users or a Selected User

From the Administration > Users > List, you can choose to export users in General or Media Shuttle format. Once exported, you can save the created CSV file or open it with Microsoft Excel.

To be exported to Media Shuttle, the first line of the CSV file must include a header row in CSV format:

"emailAddress","firstName","lastName","info","expiryDate","sendPermission","receivePermission"

• emailAddress: This field cannot contain Unicode characters. This is a mandatory field.
• firstName
• lastName
• info
• expiryDate (yyyy-mm-dd)
• sendPermission (TRUE or FALSE)
• receivePermission (TRUE or FALSE)

Configuring User Properties

To add a user, select Administration > Users > List and click Add.

The following sections detail the user properties to configure on each tab.

General

Enter the user's identifying information. The characters  <, >, and = are not permitted in the Username.

Password

Ensure that passwords conform to the password policy specified in Users > List > Settings.

Enable Use directory password to avoid setting a password for users who use third-party directory service authentication. This allows all other user configuration settings to be saved without the requirement of entering a password value. When you change a user password, you are changing the password in native authentication mode.

Changing a user password does not change a user's LDAP or Active Directory password if those modes of authentication are being used to log into the Manager UI. If a user has not logged in using native authentication, a message is displayed indicating this and that setting/changing this password does not affect third-party directory service authentication.

As an administrator you must change your password in the Account menu under Preferences.

Administration

Failed Login Time Period (hours)
The amount of time (in hours) in which the user can have failed login attempts. This value can be a number between 1-24. If the maximum failed login attempts specified is, for example, three, and the failed login period is two hours, a user can log in incorrectly twice during that two-hour time period, but after that two hours passes, the maximum failed login attempts allowed resets to three.

Maximum Failed Login Attempts
The number of consecutive failed login attempts within the Failed Login Time Period before the account is automatically disabled. Once the account is disabled, it remains disabled until the Failed Login Time Periods has elapsed, or a user with the appropriate privileges re-enables login. This value can be a number between 1-100.

Improve web service API performance with reduced security auditing
Enable this option to prevent the logging of successful logins and failed login attempts.

Roles

As an administrator, you can determine roles assigned to your users. You will need to first create users who have administrative responsibilities such as installing Agents and creating job template libraries. By default, the installation creates two default users: Admin and System. When creating a new user, the user's access to the menu items in the UI can be defined.

Note: Do not delete the System User, as this user is associated with maintenance templates that allow administrators to perform routine maintenance tasks on the Manager.

To specify a user's role, on the Roles tab, select Full User or Guest User.

For a Full User, enable the roles you want to assign to the user. By default Administration Interface Login is enabled.

Full User Roles

Organization Administrator
Allows administrators access to users, user groups, Agents, Agent groups and Managers within their associated organizations. By default, when the System Administrator role is selected, the Organization Administrator role is selected and cannot be disabled.

System Administrator
This role gives the user access to all organizations, users, jobs, views and any other objects.

Workflow Administrator
This user has full Workflow privileges. This means this user can create, edit, manage, and schedule Workflows and users.

Workflow Supervisor
This user has Workflow privileges limited to editing, scheduling, and assigning users to Workflows. This user cannot access the Job Template Library Service.

Note: On an upgrade, non-administrative users have this role enabled.

Component Editor
This role allows the user to edit and develop Workflow components for use in the Signiant Workflow canvas. Users who do not have Component Editor privileges can build workflows but cannot edit components.

Administration Interface Login
This role allows users to log into the Signiant Manager Web Interface.

Monitor User
Designates the user who is associated with all external jobs for tracking and monitoring purposes in the system. By default, this is the Admin user.

Note: External jobs are those from imported Agents associated with other Managers. Only one Monitor User can exist in the system.

Groups

A user group is a collection of users who share identical access privileges. User groups make it easier to assign identical access privileges to large numbers of users, and also assist in the use of the directory integration feature. For more information, see Understanding User Groups.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Edit, Delete, and Schedule Jobs. By default, all users are able to read and edit their own properties.

To assign user or group permissions:

1. In the Available Users/Groups panel, select users or groups to add and move them to the Current Permissions list by double-clicking or dragging them, or by clicking Select.
2. Select the appropriate check boxes beside the corresponding permissions.

To remove permissions, select the user or group in the Current Permissions list and click Remove.

To view a summary of a user's permissions:

1. Navigate to Administration > Users > List, select the user and click Summary.
2. Select an object type for which you want to view a summary.
3. Click OK.

Menu

Once you create a user, you can set access to the menu items. When editing a user's settings you see only menu items assigned to that user. When the user logs in, they may see additional menu items associated with group membership.

To assign menu items to users, select the Menu tab and select/deselect menu items as appropriate.