UPSSO ADMINISTRATION – USER AND ROLE MANAGEMENT
This document explains the user and role management options provided by the UPSSO application.
TYPES OF USERS
UPSSO can have the following two types of users
LDAP User
UPSSO User
LDAP USER
An LDAP user record will be automatically created/updated in the UPSSO application whenever an LDAP user successfully signed in to the portal or via a RADIUS authentication request. An LDAP user’s password will not be stored in the UPSSO application as he/she will be always authenticated against the LDAP server.
The SOURCE of LDAP users will be always “LDAP” as shown in the example below.
Please visit, LDAP INTEGRATION AND CONFIGURATION for more information on LDAP.
UPSSO USER
A UPSSO user can be created/updated by the administrator using UI and stored in the UPSSO database
HOW TO CREATE AN UPSSO USER
Login into the UPSSO portal as an administrator.
Click on the “Users” from the left side navigation menu.
Click on the “New Record” Plus button as highlighted below
4. Enter the user details as described below.
E-Mail: Unique Email ID of the user
Mobile Number: Unique mobile number of the user
Username: Unique username of the user to login to the UPSSO application.
Firstname: FIrst name of the user
Lastname: Last name of the user
Two-Factor Auth Method: The created user will receive the OTP messages using this selected method.
Select Role: Select a Role for the user. (We will discuss the Roles in the following sections)
Select Source: The source should be “UPSSO” (Note: If the Source is “LDAP” then the user will be treated as an LDAP user and he/she will be always authenticated against the LDAP server. The system will not send an invitation email to the LDAP user as the password is not maintained by UPSSO)
Set Timezone: Select the timezone according to the location.
Is Admin: Select this checkbox if you want to create this user as a UPSSO administrator.
Please look at the following screenshot for reference,
5. Click on the “SAVE” button
6. The system will send an invitation email to the user-created with username & password as below.
7. Upon receiving the email the user can log in to the UPSSO portal
CREATING UPSSO ROLE
A UPSSO Role can be created to control access to the applications and devices for certain users. A user will be only allowed to access the applications and devices associated with his role.
Here are the steps to create a role
Login to the UPSSO portal as an administrator.
Click on the “Roles” from the left side navigation menu.
Click on the “New Record” Plus button.
Enter a unique “Role Name” (Example: IT ADMIN GROUP)
Enter a description (Example: IT Administrator group)
6. Click on the “SAVE” button
ASSIGNING APPLICATIONS TO ROLE
Here are the steps to assign the applications to the role.
Login to the UPSSO portal as an administrator.
Click on the “Roles” from the left side navigation menu.
Search for your Role.
Click on the “ASSIGN APPLICATIONS” button as shown below.
5. Move the required applications from left to right
6. Click on the “SAVE” button
ASSIGNING DEVICES TO ROLE
Here are the steps to assign the devices to the role.
Login to the UPSSO portal as an administrator.
Click on the “Roles” from the left side navigation menu.
Search for your Role.
Click on the “ASSIGN DEVICES” button as shown below.
5. Move the required devices from right to left.
6. Click on the “SAVE” button.
ASSIGNING ROLE TO THE USER
Login into the UPSSO portal as an administrator.
Click on the “Users” from the left side navigation menu.
Search for your user.
Click on the “EDIT” button as shown below.
5. Select the required role in the “Select Role” combo box as shown below.
6. Click on the “SAVE” button.
DISABLING THE USER
A disabled user cannot log in or access the UPSSO application
Login into the UPSSO portal as an administrator.
Click on the “Users” from the left side navigation menu.
Search for your user.
Click on the “DISABLE USER” button.
5. Click on the “Yes” button in the confirmation popup
6. The user will be disabled and can not log in
RESETTING THE PASSWORD FOR A USER
Suppose if a UPSSO user forgets his/her password, the administrator can send a new invitation. This operation will reset the user’s password and send the updated credentials by mail.
Login into the UPSSO portal as an administrator.
Click on the “Users” from the left side navigation menu.
Search for your user.
Click on the “RESET PASSWORD” button.
5. Click on the “Yes” button in the confirmation popup
6. The system will send an invitation email with the newly generated password
DISABLE MFA FOR A USER
UPSSO provides an option to disable/enable OTP for a particular user.
Login into the UPSSO portal as an administrator.
Click on the “Users” from the left side navigation menu.
Search for your user.
Click on the “Disable MFA” button.
5. Click on the “Yes” button in the confirmation popup