Employee Access Management


Definition

Employee access management enables you to specify the authentication information (login) and authorization information (domains/profiles) for Service Manager users. These users can include corporate employees as well as external service providers.

EndDefinition
  • The login and password are used to secure access to Service Manager. Open url.png See Password management.
  • Domains define the data that employees are authorized to access.
  • Profiles grant access rights to menus.

Notes

  • You can manage employee access using an LDAP directory or an SSO tool. In this case:
    • Employees in the LDAP directory or SSO tool will automatically be created in Service Manager. Their Service Manager credentials must be identical to those in the LDAP directory or SSO tool in order to establish a link between both applications.
    • The passwords defined in the LDAP directory or SSO tool will be used instead of those defined in Service Manager.
    • Only passwords for external service providers authorized to access Service Manager should be defined via employee access management.
    • In Other Parameters, you should activate the parameter called {ADMIN} Enable double authentication to check whether users missing from the LDAP directory or SSO tool are defined in Service Manager.
  • Administrative information and information on user activity in Service Manager (lists of incidents, requests, problems, etc.) can be found in the Employee Directory.
  • Users with no profile can log in to Service Manager using the default profile defined in Other Parameters > {ADMIN} Default Profile ID. They can access only one menu, Self Service.

Caution

  • If no domain is associated with users, they will automatically log in to the default domain, Whole Company. They will then be able to access all of the records in the database without any restriction.
  • If users are authorized to access a domain structured using Tree fields such as location or equipment type, they will be able to access all of the parent and child records.

Best Practice

  • You can manage employee access using an LDAP directory or an SSO tool:
    • Create only the external service providers authorized to access Service Manager. Open url.png See the procedure.
    • In Other Parameters, activate the parameter called {ADMIN} Enable double authentication.
  • View the employee access history for all Service Manager accounts deployed on the server in the BO_ACTION_LOG table in the BACKOFFICE database.
             BO_ACTION_LOG table.png
    • ACTION_DATE_TIME: Date and time of user connection in UT.
    • IP_ADDRESS: IP address of the equipment.
    • ACCOUNT: Account used.
    • ACTION_TYPE_ID: Type of action.
      • 10001 = Login
      • 10002 = Logout
      • 10003 or 5 = Timeout
    • ACTION_1: Login used.
    • ACTION_2: Name of employee.

Menu access

Administration > Access Management > Employees

Description of tabs

        Employee.png

TabUpdateRules_After2016Versions

Open url.png See the general principles for updating tabs.

Create a new item Delete an item or association with a related item

Run the New wizard at the top of the tab

Fundamentals - Form - New wizard.png

Move the cursor over the corresponding item and click Trash icon.png

Fundamentals - Form - Delete wizard.png

Details

Name, Employee Number, Email, Phone, Mobile: Information for contacting employees within the company. 

Login: Login of the employee, used for connecting to Service Manager.

Profile: Profile associated with the employee.

  • Update: Use the Update Profile wizard.

Interface Language: Service Manager display language when users log in.

Default Domain: Domain that employees access when they log in to Service Manager.

Domains

List of domains that employees are authorized to access. 

  • Update: Use the Update Domains wizard. 

Procedure and Wizards

How to create a user

Note: Only for creating users not managed in an LDAP directory or SSO tool. 

Step 1: Create the Employee form.

1. Select Administration > Access Management > Employees in the menu.

2. Create the Employee form.

  • Click + New in the top banner.
  • Enter the main information on the user.

3. (optional) Click Assign an Equipment to specify the equipment assigned to the user.

4. Click Finish.

Step 2: Assign a profile.

1. Run the Update Profile wizard.

2. Select the user profile.

Step 2: Assign the domains.

1. Run the Update Domains wizard.

2. Select the domains the user will be authorized to access.

3. Select the default domain.

Step 3: Assign a password.

1. Run the Change Password wizard.

2. Enter and confirm the password to be assigned to the user.

3. Click Finish.

An invitation email will be sent to the new user with the relevant password for logging in to Service Manager.

Wizards

Assign to a Group: Used to associate an employee with the Service Desk group or Change Management group.

Link to a CI: Used to assign a configuration item (CI) to employees so that they can be alerted if an incident occurs for the item.

example You want to alert all users of the Expense account app that the app is unavailable due to a problem on the database server.

ChangePassword_Wizard

Change Password: Used to change a user's password.

  • Caution: For security reasons, only the administrator can access this wizard.
  • Only passwords for users who are not managed in an LDAP directory or SSO tool can be changed.
  • Passwords must comply with constraints in the Employee password policy. By default, there must be six characters minimum and any character is accepted.
  • Users can click Password close icon.png to change their own password in the user information zone provided that authentication is not performed via an LDAP directory or SSO tool.
EndChangePassword_Wizard

Definition of Password Policies: Used to define a password management policy with constraints for defining passwords.

  • Caution: The configuration defined in the wizard applies automatically to all users, even if you only make a partial selection of users in the list of employees.
  • Password definition rules only apply to users who are not managed in an LDAP directory or SSO tool.
Move_Wizard

Move: Used to define the employee's new role and equipment after a transfer to a new team within the company. It is also used to assign new equipment to the employee.

EndMove_Wizard
Departure_Wizard

Departure: Used to indicate the date on which the employee leaves the company.

  • You can specify what will happen to the equipment previously assigned by modifying its status, location or department.
  • The Employee form will be archived.
EndDeparture_Wizard
ExecuteScript_Wizard

Execute Script: Used to run scripts related to the employee.

  • You can configure the wizard by selecting Administration > Parameters > Script in the menu.
EndExecuteScript_Wizard
AccessMessageFrontOffice_Wizard

Access Message to Front Office: Used to send an email to users informing them that they are authorized to access the Self Service menu on the user portal.

EndAccessMessageFrontOffice_Wizard
Update_Wizard

Update: Used to update employee-related information. 

EndUpdate_Wizard
UpdateDomains_Wizard

Update Domains: Used to assign domains to each employee and define the default domain.

EndUpdateDomains_Wizard
UpdateProfile_Wizard

Update Profile: Used to assign a profile to each user.

  • Users can assign their own profile and any lower-level profile belonging to their master profile.
EndUpdateProfile_Wizard

Email Template for Forgotten Passwords: Used to define the contents of the email template that will be sent to users who have forgotten their password. 

  • The email is sent to users when they click Forgot your Password? in the Service Manager login window

Reassign: Used to update the employee's location and/or department. Equipment forms associated with the employee will also be updated.

ExcelSeparator_Wizard

Excel Separator: Used to specify the character to be used as a delimiter when exporting records in CSV files, i.e. semicolon, comma or tab.  

  • The character selected (i.e. semicolon, comma or tab) must correspond to the character specified in the List separator field in the Windows Control Panel > Regional and Language Options.
EndExcelSeparator_Wizard
Tags:
Last modified by Unknown User on 2021/04/06 10:23
Created by Administrator XWiki on 2013/03/25 18:09

Shortcuts

Recent changes
•  EV Service Manager
•  Service Apps
•  EV Self Help
•  Service Bots

Powered by XWiki ©, EasyVista 2021