Employee Access Management

Last modified on 2023/05/04 16:54
Contents

   The password management has security against brute force attacks.

Definition

Employee access management enables you to specify the authentication information (login) and authorization information (domains/profiles) for Service Manager users. These users can include corporate employees as well as external service providers.

EndDefinition

 

  • The login and password are used to secure access to Service Manager. Open url.png See Password management.
  • Domains define the data that employees are authorized to access.
  • Profiles grant access rights to menus.

Notes

  • You can manage employee access using an LDAP directory or an SSO tool. In this case:
    • Employees in the LDAP directory or SSO tool will automatically be created in Service Manager. Their Service Manager credentials must be identical to those in the LDAP directory or SSO tool in order to establish a link between both applications.
    • The passwords defined in the LDAP directory or SSO tool will be used instead of those defined in Service Manager.
    • Only passwords for external service providers authorized to access Service Manager should be defined via employee access management.
    • In Other Parameters, you should activate the parameter called {ADMIN} Enable double authentication to check whether users missing from the LDAP directory or SSO tool are defined in Service Manager.
  • Administrative information and information on user activity in Service Manager (lists of incidents, requests, problems, etc.) can be found in the Employee Directory.
  • Users with no profile can log in to Service Manager using the default profile defined in Other Parameters > {ADMIN} Default Profile ID. They can access only one menu, Self Service.

Caution

  • If no domain is associated with users, they will automatically log in to the default domain, Whole Company. They will then be able to access all of the records in the database without any restriction.
  • If users are authorized to access a domain structured using Tree fields such as location or equipment type, they will be able to access all of the parent and child records.

Best Practice

  • You can manage employee access using an LDAP directory or an SSO tool:
    • Create only the external service providers authorized to access Service Manager. Open url.png See the procedure.
    • In Other Parameters, activate the parameter called {ADMIN} Enable double authentication.
  • View the employee access history for all Service Manager accounts deployed on the server in the BO_WEB_ACTION_LOG table in the BACKOFFICE database.
Example Fields
BO_ACTION_LOG table.png
  • ACTION_DATE_TIME: Date and time of user connection in UT.
  • IP_ADDRESS: IP address of the equipment.
  • ACCOUNT: Account used.
  • ACTION_TYPE_ID: Type of action.
    • 10001 = Login
    • 10002 = Logout
    • 10003 or 5 = Timeout
  • ACTION_1: Login used.
  • ACTION_2: Name of employee.

Menu access

Administration > Access Management > Employees

Description of tabs

        Employee.png

TabUpdateRules_After2016Versions

Create a new item Delete an item or association with a related item

Run the New wizard at the top of the tab

Fundamentals - Form - New wizard.png

Move the cursor over the corresponding item and click Trash icon.png

Fundamentals - Form - Delete wizard.png

Details

Name, Employee Number, Email, Phone, Mobile: Information for contacting employees within the company. 

Login: Login of the employee, used for connecting to Service Manager.

Profile: Profile associated with the employee.

Interface Language: Service Manager display language when users log in.

Default Domain: Domain that employees access when they log in to Service Manager.

Domains

List of domains that employees are authorized to access.

  • Update: Use the Update Domains wizard.

Procedure and Wizards

How to create a user

Note : Only for creating users not managed in an LDAP directory or SSO tool.

Step 1: Create the Employee form.

1. Select Administration > Access Management > Employees in the menu.

2. Create the Employee form.

  • Click + New in the top banner.
  • Enter the main information on the user.

3. (optional) Click Assign an Equipment to specify the equipment assigned to the user.

4. Click Finish.

Step 2: Assign a profile.

1. Run the Update Profile wizard.

2. Select the user profile.

Step 3: Assign the domains.

1. Run the Update Domains wizard.

2. Select the domains the user will be authorized to access.

3. Select the default domain.

Step 4: Assign a password.

1. Run the Change Password wizard.

2. Enter and confirm the password to be assigned to the user.

3. Click Finish.

An invitation email will be sent to the new user with the relevant password for logging in to Service Manager.

How to modify the email template for forgotten passwords

   The email template is used both in Service Manager and in Service Apps.

Note: Only for an authorized profile

1. Select Administration > Access Management > Employees in the menu.

2. Launch the Email Template for Forgotten Passwords wizard.

3. Modify the contents of the email template that will be sent to users who have forgotten their password.

Note: The default email content is the one displayed in the Email Template for Forgotten Passwords other parameter.

Hello #[CUSTOM_TAGS.Title]# #[CUSTOM_TAGS.Name]#,

Please find below a link to reset your password. Please note that this link is only valid for 15 minutes.
Login: #[CUSTOM_TAGS.Login]#
Link to change your password: #TEMP_PASSWORD#

4. Click Finish.

The Email Template for Forgotten Passwords other parameter will automatically be updated with the new value. Note: This parameter is accessible only in consultation.

Wizards

Assign to a Group
Link to a CI
Change Password
Definition of Password Policies
Move
Departure
Execute Scripts
Access Message to Front Office
Update
Update Domains
Update Profile
Email Template for Forgotten Passwords
Reassign
Excel Separator

Tags:
Powered by XWiki © EasyVista 2022