This document explains the user and role management options provided by the UPSSO application.

TYPES OF USERS

UPSSO can have the following two types of users

  • LDAP User

  • UPSSO User

LDAP USER

An LDAP user record will be automatically created/updated in the UPSSO application whenever an LDAP user successfully signed in to the portal or via a RADIUS authentication request. An LDAP user’s password will not be stored in the UPSSO application as he/she will be always authenticated against the LDAP server.

The SOURCE of LDAP users will be always “LDAP” as shown in the example below.

Please visit, LDAP INTEGRATION AND CONFIGURATION for more information on LDAP.

UPSSO USER

A UPSSO user can be created/updated by the administrator using UI and stored in the UPSSO database

HOW TO CREATE AN UPSSO USER

  1. Login into the UPSSO portal as an administrator.

  2. Click on the “Users” from the left side navigation menu.

  3. Click on the “New Record” Plus button as highlighted below

4. Enter the user details as described below.

E-Mail: Unique Email ID of the user

Mobile Number: Unique mobile number of the user

Username: Unique username of the user to login to the UPSSO application.

Firstname: FIrst name of the user

Lastname: Last name of the user

Two-Factor Auth Method: The created user will receive the OTP messages using this selected method.

Select Role: Select a Role for the user. (We will discuss the Roles in the following sections)

Select Source: The source should be “UPSSO” (Note: If the Source is “LDAP” then the user will be treated as an LDAP user and he/she will be always authenticated against the LDAP server. The system will not send an invitation email to the LDAP user as the password is not maintained by UPSSO)

Set Timezone: Select the timezone according to the location.

Is Admin: Select this checkbox if you want to create this user as a UPSSO administrator.

Please look at the following screenshot for reference,

 5. Click on the “SAVE” button

6. The system will send an invitation email to the user-created with username & password as below.

7. Upon receiving the email the user can log in to the UPSSO portal

CREATING UPSSO ROLE

A UPSSO Role can be created to control access to the applications and devices for certain users. A user will be only allowed to access the applications and devices associated with his role.

Here are the steps to create a role

  1. Login to the UPSSO portal as an administrator.

  2. Click on the “Roles” from the left side navigation menu.

  3. Click on the “New Record” Plus button.

  4. Enter a unique “Role Name” (Example: IT ADMIN GROUP)

  5. Enter a description (Example: IT Administrator group)

6. Click on the “SAVE” button

ASSIGNING APPLICATIONS TO ROLE

Here are the steps to assign the applications to the role.

  1. Login to the UPSSO portal as an administrator.

  2. Click on the “Roles” from the left side navigation menu.

  3. Search for your Role.

  4. Click on the “ASSIGN APPLICATIONS” button as shown below.

5. Move the required applications from left to right

6. Click on the “SAVE” button

ASSIGNING DEVICES TO ROLE

Here are the steps to assign the devices to the role.

  1. Login to the UPSSO portal as an administrator.

  2. Click on the “Roles” from the left side navigation menu.

  3. Search for your Role.

  4. Click on the “ASSIGN DEVICES” button as shown below.

5. Move the required devices from right to left.

6. Click on the “SAVE” button.

ASSIGNING ROLE TO THE USER

  1. Login into the UPSSO portal as an administrator.

  2. Click on the “Users” from the left side navigation menu.

  3. Search for your user.

  4. Click on the “EDIT” button as shown below.

5.  Select the required role in the “Select Role” combo box as shown below.

6. Click on the “SAVE” button.

DISABLING THE USER

A disabled user cannot log in or access the UPSSO application

  1. Login into the UPSSO portal as an administrator.

  2. Click on the “Users” from the left side navigation menu.

  3. Search for your user.

  4. Click on the “DISABLE USER” button.


5. Click on the “Yes” button in the confirmation popup

6. The user will be disabled and can not log in

RESETTING THE PASSWORD FOR A USER

Suppose if a UPSSO user forgets his/her password, the administrator can send a new invitation. This operation will reset the user’s password and send the updated credentials by mail.

  1. Login into the UPSSO portal as an administrator.

  2. Click on the “Users” from the left side navigation menu.

  3. Search for your user.

  4. Click on the “RESET PASSWORD” button.

5. Click on the “Yes” button in the confirmation popup

6. The system will send an invitation email with the newly generated password

DISABLE MFA FOR A USER

UPSSO provides an option to disable/enable OTP for a particular user.

  1. Login into the UPSSO portal as an administrator.

  2. Click on the “Users” from the left side navigation menu.

  3. Search for your user.

  4. Click on the “Disable MFA” button.

5. Click on the “Yes” button in the confirmation popup