Access Management of Apps Platform


The security of the Product name - ev sas.png platform is ensured in compliance with two principles:

  • Platform access management, used to specify the users with access to the platform and to assign a profile to each of them, e.g. platform administrator, app creator or standard platform user (for running apps).
  • Rights management for each app, used to specify the users or teams with access to each app and the operations they are authorized to perform by assigning rights, e.g. administer, modify, duplicate or run the app.

Notes

  • The platform enjoys secure access that requires users to enter a login and password. This authentication can be delegated to a trusted provider.
  • Access rights management:
    • For the platform: Only performed by the platform administrator.
    • For an app: Performed by the platform administrator and the app administrator. 
  • Access rights to apps:
    • They can be defined by team and by user. 
    • Users belonging to a team will enjoy the access rights assigned to the team as well as the access rights assigned specifically to each of them. 
    • Users authorized to create an app will automatically have all rights to it.
  • Access to apps for the logged-in user:
    • To be able to access an app, logged-in users must be authorized to access the platform and have the right to view the app.
    • The toolbar displayed next to each app in the App Gallery will vary depending on the user's access rights to the app.
    • For apps displaying Product name - ev itsm.png data, if the logged-in users are EasyVista users, then the interface is displayed in their connection language and the data shown is restricted to the default domains that these users are authorized to access. Note: The email address is used to map users in Product name - ev sas.png with those in Product name - ev itsm.png except if authentication has been delegated to a trusted provider.
  • Users can be grouped in teams:
    • A given user can belong to one or more teams.
    • In Product name - ev sas.png, a predefined team called Everyone groups all users authorized to access the platform. It cannot be deleted and is automatically updated when users are added or deleted. It appears at the top of the list of users in all access management dialog boxes.
  • For new platform users:
    • An invitation email can be sent to new users with the relevant link and their login information (email and password).
    • If the administrator does not specify a password when creating a new user, then the password will automatically be generated by the system.
    • When logging in for the first time, users can modify their password by clicking Apps - User profile.png <Nom de l'utilisateur connecté> in the toolbar.

Best Practice big icon.pngBest practice

  • To give all current or future users who are authorized to access the platform the right to access an app, select the team called Everyone.
  • By default, new users who are authorized to access the platform do not have access to apps.
    • You should manually assign new users the rights to each app they need to access. 
    • You should then send them an email with the relevant URL and login information and invite them to log in to the platform.
  • When creating multiple users, you are not required to specify a password for each of them. The system will automatically generate a different password for each new user.
  • To temporarily deactivate access to the platform for specific users, e.g. during their annual leave, you should delete all of their profiles in the platform management module. You can reactivate their profiles and authorize access again at a later time.

Screens description

Platform access management

       EVApps - Access Management - User Management.png

Access (Note: Only for the platform administrator whose profile is App Center Manager): In the App Gallery, click Apps - Gallery - User Management icon.png in the toolbar.
 

Filters: Filters for restricting the list of users using specific search criteria.

  • To search for users by profile, click the profile you want: App Center Manager, App Creator, Theme Designer, Registered User, Public User.
  • To customize the search using user names and email addresses, you can enter your criteria in the Enter text to filter field. You can then restrict your search by selecting the profile you want. 
  • To display the complete list of users and clear the filter criteria, click All users.

Name: The table displays a list of all users authorized to access the Product name - ev sas.png platform.

  • Users whose profile is App Center Manager are not displayed. They are automatically authorized to access all apps.
  • Click a user to change the user information (name, email address, profile) and define the access rights to the list of apps. 
  • Click Apps - Select all users icon.png to select or unselect all users.

Email: Email address of the user for logging in to the platform.

User/team profile (select the appropriate boxes):

  • Apps - Apps center manager Profile.png App Center Manager - Note: The App Creator and Registered User profiles will automatically be assigned to these users.
    • Users in charge of managing platform access. They have all of the rights for all apps on the platform.
    • Users authorized to create connectors other than those shipped with EasyVista IT Service Manager which are managed by Logo - EasyVista.png. They can also create aliases and execution contexts.
    • Users authorized to create and modify themes. Note: You manage access to themes in the theme editor.
  • Apps - App creator Profile.png App Creator - Note:  The Registered User profile will automatically be assigned to these users.
    • Users authorized to create new apps. They are authorized to duplicate the apps viewed even if they are not authorized to edit them. The Apps - Gallery - Create Application icon.png button is displayed in the toolbar of the App Gallery and the Apps - Rights - Duplicate icon.png icon is shown for each authorized app.
    • Users authorized to create connectors other than those shipped with EasyVista IT Service Manager which are managed by Logo - EasyVista.png.
    • Users not authorized to modify themes.
  • Apps - Theme designer Profile.png Theme Designer:
    • Users authorized to create and modify themes. Note: You manage access to themes in the theme editor.
    • Users not authorized to modify connectors, aliases or execution contexts.
  • Apps - Registered user Profile.png Registered User:
    • Users authorized to run apps whose rights they have been assigned. They are not authorized to modify, copy or create apps.
    • Users not authorized to modify connectors, aliases or execution contexts.
    • Users not authorized to modify themes.
  • Apps - Public user Profile.png Public User:
    • Users for whom certain parameters (e.g. language, domain, time zone, date and number formats) have been predefined. This user configuration is applied in the public pages of an app. Open url.png See Public mode.

Last connection: The date/time that the user last logged in to the platform.

Already Invited: The date/time that the user first logged in to the platform. Note: Once you have created new users, you should send an email inviting them to log in to the platform using Invite Users.

Creating a new user

EVApps - Access Management - Add User icon.png: Used to create a new user authorized to access the platform. Note: Click Batch Users Creation if you want to create multiple users using a CSV file. 

       EVApps - Access Management - Create User.png

Name: Name of the new user.

Email: Email address of the new user for logging in to the platform.

Profile: Profile of the new user (select the appropriate boxes):

  • App Center Manager: User in charge of platform access management.
  • App Creator: User authorized to create new apps.

Predefined Password: Default password assigned to the new user for logging in to the platform for the first time.

App table: Select the apps the new user will be authorized to access and specify the access rights to each of them:

  • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
  • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
  • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.

Inviting users

(Note: Accessible as long as users have not logged in to the platform, i.e. when there is no value in the Already Invited column): Used to create an email from a template to invite selected users to log in to the platform.
         EVApps - Access Management - Send Email.png

  • Tags can be inserted within the text. These tags contain variables that are added dynamically when the email is sent. To insert tags, click EVApps - Access Management - Insert Tags icon.png in the toolbar.
    • Name: Used to insert the name of the new user - #[NAME]#
    • Password: Used to insert the password of the new user for logging in to the platform - #[PASSWORD]#
    • Email: Used to insert the email of the new user for logging in to the platform - #[EMAIL]#
    • Link: Used to insert the URL for logging in to the platform - #[LINK_TO]#
  • [ UNDO ]: Used to undo all modifications and display the original text of the email.
  • [ SAVE AS DEFAULT ]: Used to save the email as a new email invitation template.
  • [ SEND EMAIL ]: Used to send the invitation email to the selected users.
     

Deleting users

Used to delete the users selected from the list of users authorized to access the platform. Their login information will automatically be deactivated.
 

Creating users in a batch

Used to create a group of users authorized to access the platform using a CSV file that contains user names and email addresses.
         EVApps - Access Management - Batch Users Creation.png

Choose the file to upload: Used to select the CSV file using the Open dialog box. Note: You can also select the file using a drag and drop.

Example documentation icon EN.png EVApps - Access Management - Batch Users Creation - Example.png

Download icon.png

Columns: Used to indicate if the first row in the file contains column headers (the Columns Have Headers box is checked) or if it contains values (box is not checked).

Profile: Profile of all users listed in the CSV file. Select the options you want: 

  • App Center Manager: User in charge of platform access management.
  • App Creator: User authorized to create new apps.

Predefined Password: Default password assigned to all users listed in the CSV file.

Best Practice icon.png You are not required to specify this value. The system will automatically generate a different password for each user.

App table: Select the apps that all users listed in the CSV file will be authorized to access and define specific access rights for each of them:

  • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
  • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
  • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.
     

Managing teams

Used to display the list of teams. Each team contains a group of users with the same access rights, authorized to access the same apps. Click a team to change the team information (name, email address, users) and define the access rights to the list of apps.
         EVApps - Access Management - Manage Teams.png

[ ADD TEAM ]: Used to create a new team.
         EVApps - Access Management - Manage Teams - Creation.png

Team Designation: Name of the team.

Email: Email address of the team.

Team Member list: List of users belonging to the team.

Non-Team Member list: List of users not belonging to the team.

  • To add users to a team, select the users you want from the Non-Team Member list. To select several users at the same time, press Ctrl + right-click or Ctrl + Shift. Next, click EVApps - Access Management - Copy to a List - Left icon.png.
  • To remove users from a team, select the users from the Team Member list and click EVApps - Access Management - Copy to a List - Right icon.png.

App table: Select the apps the users in the team will be authorized to access and define specific access rights for each of them:

  • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
  • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
  • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.
     

[ DELETE TEAM ]: Used to delete the selected team(s). Note: When a team is deleted, users belonging to the team will lose the access rights to apps defined for the team. However, they will retain the access rights defined specifically for each of them as well as the access rights defined for other teams to which they may belong.

Managing app rights

EVApps - Access Management - Applications Rights.png

Access: In the App Gallery, click Apps - Gallery - User Management icon.png next to the app. Note: Only for app administrators (Admin) or platform administrators (App Center Manager profile).
 

Name: The table displays a list of all users authorized to access the platform. The EVApps - Access Management - Team icon.png icon represents a team (Note: Teams are always displayed at the start of the list). The EVApps - Access Management - User icon.png icon represents a user. 

Access rights to the app (select the appropriate boxes):

  • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
  • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
  • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.

    Note

  • Users authorized to create an app will automatically have all rights to it.
  • Platform administrators (App Center Manager profile) do not appear in the table because they have all of the rights for all of the apps.
  • The access rights assigned to users are taken into account if, at the very least, they have been assigned the Registered User profile.

Procedures

How to manage access rights to the platform

1. Log in to the platform using the App Center Manager profile and click Apps - Gallery - User Management icon.png in the App Gallery toolbar.

2. Define access rights to the platform for users: 

  • To create access for a new user, click EVApps - Access Management - Add User icon.png.
  • To define user access rights, click the user and make the required changes. Note: If you only want to assign the Registered User profile, return to the list of users and unselect the App Center Manager and App Creator profiles.
  • To remove user access to the platform, select the users and click Delete Users. Their login information will automatically be deactivated. Note: To temporarily deactivate access to the platform for specific users, you should not delete them. Instead, you should unselect all of their Profile boxes.

3. Close the User Management window by clicking [ OK ].

How to assign a new user access to the platform

1. Log in to the platform using the App Center Manager profile and click Apps - Gallery - User Management icon.png in the App Gallery toolbar.

2. Create the new user:

  • Click EVApps - Access Management - Add User icon.png.
  • Specify the user information (name, email address, profile, password).
  • Select the apps the user is authorized to access and define specific access rights for each of them:
    • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
    • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
    • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.
  • Click [ OK ]. You will return to the list of users.

3. Define the access rights to the platform. In the list of users, select the Profile boxes you want:

  • Apps - Apps center manager Profile.png App Center Manager: Users are authorized to administer the platform.
  • Apps - App creator Profile.png App Creator: Users are authorized to create apps.
  • Apps - Theme designer Profile.png Theme Designer: Users are authorized to create themes.
  • Apps - Registered user Profile.png Registered User: Users are authorized to run apps.
  • Apps - Public user Profile.png Public User: Public users.

4. Send an invitation email to the new users informing them that they are now authorized to access the platform.

  • Select Invite Users.
  • If required, modify the text of the email template. Click EVApps - Access Management - Insert Tags icon.png to insert predefined tags.
  • Click [ SEND EMAIL ].

5. Close the User Management window by clicking [ OK ].

How to define access rights to an app

1. Log in to the platform using the App Center Manager profile or as the Admin for the app.

2. Click Apps - Rights - Administer icon.png next to the app you want.

3. Assign access rights to the app.

  • Select the users you want and define their access rights to the app:
    • Apps - Rights - Administer icon.png Admin: Users are authorized to administer the app but cannot modify or run it.
    • Apps - Rights - Edit icon.png Edit: Users are authorized to edit the app in the graphic editor.
    • Apps - Rights - Execute icon.png Execute: Users are authorized to run the app but cannot modify it.
  • Click [ OK ].

Note

  • If you select a team, the access rights you define will apply to all of the users in the team.
  • To assign access rights in a batch, click Apps - Select all users icon.png in the first column to select all of the users. You can then narrow down your selection by unselecting the users you do not want. Specify access rights for one of the users. These access rights will automatically be assigned to all of the selected users. If required, you can then modify these rights for specific users.
Tags:
Last modified by Christine Daussac on 2018/09/19 09:31
Created by Administrator XWiki on 2014/09/02 12:25

Shortcuts

Recent Updates

Haven't been here in a while? Here's what changed recently:

-   Product name - ev itsm.png
-   Product name - ev sas.png

Interesting Content

How to Automate Integration
Add a Shortcut to an App
History
Quick Dashboard
Full text search - Stop Words

Powered by XWiki ©, EasyVista 2018