Parameters of the users
In the table below see an overview of the user parameters.
|
Parameter |
Mandatory |
Description |
|---|---|---|
|
License Type |
N/A |
Only displayed when the seat license is in use and shows the seat licenses available for the user |
|
User ID |
Yes |
User identifier (must be unique and cannot be changed) |
|
Choose Language |
Yes |
System language of the user |
|
Display Name |
Yes |
Display name of the user |
|
Department |
No |
Name of the department |
|
|
No |
E-mail address of the user |
|
Authentication |
Yes |
You must select either one of the following:
For related details see below: Authentication and certificates |
|
Password |
Yes, if a new user is being created |
The password of the user Once the password is changed, the Password Expiry value is reset to the current date in order to force the user to change the password at the next login. For related details see below: Passwords |
|
Password Confirmation |
Yes, if the Password field is not empty |
Must coincide with the password |
|
Password Expiry |
Yes |
Last date of password validity Use a date / time picker to enter value, see chapter Date / time pickers for details. When changing the password or when creating a new user, the password expiry field is always filled with the current date automatically in order to force the user to change the password on first login. This feature is disabled for system users. |
|
Password Validity (in hours) |
No |
Password validity time in hours The new password can only be entered within the time span starting from the update time. The user has to log in and change the password within the defined time. The default value is 120 hours. This feature is disabled for system users. |
|
System User |
No |
Select to define a user as a system user. The password expiry definition does not apply for system users. System users can be used only via web services, they are not allowed to log in using the ImageMaster client. |
|
User Locked |
No |
Select to lock a user. The lock marker will be displayed for the corresponding user in the hit list. If the user account is locked, then when a user tries to log in with the correct password, an error message is shown. |
|
Expiration Date |
No |
Last date of user account validity Use a date / time picker to enter a value (see chapter Date / time pickers for details). When a user account has expired, a corresponding error message will be displayed on the login page. This feature is disabled for system users. |
|
Two-Factor Authentication |
N/A |
Status of the two-factor authentication For more information on how to set the two-factor verification see the corresponding chapter Editing user information in [UM WorkplaceClient]. The following options are available:
|
|
Assigned Roles |
No |
The roles assigned to the user |
|
Assigned Groups |
No |
The groups assigned to the user |
|
Table 35: Users, roles, groups – users: properties description |
||
Authentication and certificates
The web services support basic authentication and authentication via SSL certificates. Both authentication methods can be used in the same ImageMaster system.
-
If the client provides an SSL certificate and the application server trusts this certificate, SSL authentication is performed.
-
In all other cases, basic authentication is used.
By default, an ImageMaster user is authenticated with basic authentication based on the username and password.
-
A user can be configured to have an SSL certificate (via AdminClient or SOAP web service).
The SSL (X.509) certificate must be in PEM format.
-
Once a user has an associated SSL certificate, the login via username and password will be denied for that user.
-
Web service access for that user then requires the SSL certificate for access.
The certificate presented by the web service client must be included in the ImageMaster system’s truststore. It must be a version 3 certificate with the extended key usage for client authentication1.
If external authentication is configured, the internal password is disabled, and the corresponding field can be left empty – see chapter Authentication settings for details.
If the field is not empty, a security policy for the password applies which prohibits simple passwords and may require a certain minimum length and a mixture of upper and lower case letters with numbers (see chapter Operational settings, section To add a password policy).
If a user has an active temporary password, an information message is displayed above the password fields.
When entering a password, the password strength bar estimates the effectiveness of a password in resisting guessing and brute-force attacks. The bar shows a function of length, complexity, and unpredictability of a password in 3 options: “weak”, “good”, and “strong”.