Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
organisationcloud/usermanagement [2018_01_30 17:23] – external edit 127.0.0.1 | organisationcloud:usermanagement [2024_03_05 19:19] – steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Adding / Managing Users ====== | ||
+ | ##### last updated on March 16, 2022 | ||
+ | Organizations using an Access Anywhere installation are able to allow users to sign in to their organisation. | ||
+ | The Access Anywhere supports a few identity sources for an organisation. | ||
- | ====== Adding / Managing Users ====== | + | * Built-in identity source |
+ | * Active Directory identity source | ||
+ | * SAML identity source | ||
+ | Administrators can, and do, have the flexibility to use one or more of the above identity sources within the context of a single organisation. This allows customers to federate multiple identity sources, as well as providing, if required, access to users who are not part of an existing domain or realm. | ||
- | \\ \\ This section of the Wiki describes | + | This document covers |
- | ===== 1 Adding new users (web) ===== | + | If you are interested in how our integration with your other identity sources works, please see [[organisationcloud/ |
+ | ===== Adding new users (web) ===== | ||
+ | {{: | ||
+ | New users can be added by the Team Administrator after logging into team account as the Administrative user and choosing the ' | ||
+ | <WRAP center round info 100%> | ||
+ | User names can contain any displayable characters except '<' | ||
+ | </ | ||
+ | \\ By default, when a user a is added, each user is given private storage space on the primary storage provider (ie. the storage provider that is set as default). Only the user can access this space and if the amount of storage space given needs to be controlled this can be done using [[organisationcloud/ | ||
+ | As a user requires a 'user name' and an email address, in the event that a service account is being used for a user that does not have an email address consider using the User Principle Name (UPN) i.e the name of a system user in an email address format. | ||
- | {{:/ | + | ===== User Count Limits ===== |
- | New users can be added by the Team Administrator after logging into team account as the Administrative user and choosing the ' | + | As of version 2106 Access Anywhere enforces numeric limits |
+ | {{ : | ||
- | ===== 2 Importing from Active Directory ===== | + | As described in the following sections, the number of users is controlled by a combination of the numbers in the license key, the user limits in User Packages and org.-specific overrides of the User Package numbers. |
+ | ==== Personal Accounts ==== | ||
+ | * Has its own control number in the license key. | ||
+ | * No package user limit considerations. | ||
+ | ==== Organization Accounts ==== | ||
+ | * Includes | ||
+ | * Has its own control number in the license key. | ||
+ | * Bound per org. by user limit if set on org. admin user record else by package limit. | ||
+ | * Where applicable, package limit is applied per org. using the package. | ||
+ | * License key limit applies to total cross all orgs. | ||
+ | * Inactive users don’t count against this limit. | ||
- | {{:/ | + | ==== External Accounts ==== |
+ | * Has its own control number in the license key. | ||
+ | * User limit in package applies. | ||
+ | * Control number in key limits total across all orgs. | ||
+ | * Allocated first-come-first-served. | ||
+ | * Inactive users don’t count against this limit. | ||
- | The [[organisationcloud/ | + | ===== User Roles ===== |
+ | {{:/ | ||
- | ===== 3 User Roles ===== | + | If more than one admin is required for Access Anywhere, another user can have his role changed to that of an Admin. Once nominated a user with the Admin role will be able to do anything a the main Administrator can do except to promote other users to also be an administrator. |
+ | ===== Security ===== | ||
+ | User accounts that are created within Access Anywhere using the Built-in identity source are local users. Their credentials are stored in a hashed and salted manner using SHA-256. 2-factor authentication can be enabled for users of the platform to further enhance security. | ||
- | {{:/ | + | The Access Anywhere also supports an integration with the KeyCloak Identity platform. Please contact us if you would like to learn more. |
+ | |||
+ | ===== Administrators Can Log In as Other Users ===== | ||
+ | |||
+ | To help administrators provide support to users, Access Anywhere optionally allows administrators to log in as other users. Specifically: | ||
+ | * If impersonation is enabled by the appliance administrator in Site Functionality then she can log in as the organization administrator or as any member in any organization. | ||
+ | * If impersonation has been enabled by the appliance administrator in the package assigned to an organization then the organization administrator or any member with the Administrator role can log in as any member of the organization. | ||
+ | |||
+ | In both cases the login is recorded in the audit logs. | ||
- | If more than one admin is required for a Cloud File Server account, another | + | To log in as a different |
+ | {{ : | ||
- | ===== 4 Access control ===== | + | or the " |
+ | {{ : | ||
+ | ===== Role Permissions and Users Maintenance ===== | ||
+ | * The organization administrator can create and remove users and assign roles to members and remove roles from members. | ||
+ | * Members with the " | ||
+ | * Members with the " | ||
+ | * Members with the " | ||
+ | * Members with the " | ||
- | {{:/ | + | ===== Access Control ===== |
- | For user Access Control, please see the [[organisationcloud/ | + | For user Access Control, please see the [[organisationcloud/ |
+ | ===== Deleting users ===== | ||
+ | Information about deleting users can be found [[organisationcloud/ | ||
+ | \\ \\ **Next Section:** [[organisationcloud/ | ||