Versions Compared

Old Version 7

changes.mady.by.user Shivani .

Saved on

compared with

New Version 8

changes.mady.by.user Shivani .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ref - https://tools.publicis.sapient.com/confluence/display/DOJOS/User+Management

KnowHow supports Authentication and Authorization. The default admin user in any fresh instance will be "SUPERADMIN" with the default password "SUPERADMIN@123". Please change the SUPERADMIN's default password once the installation is complete. 

Authentication

On the Login screen, the user can select Standard login or AD login to authenticate him/her-self

...

Active Directory Login

A SUPERADMIN user can configure AD server details on the KnowHOW instance.

Please Note: If Publicis Sapient teams wish to integrate Lion Login AD, please reach out to the KnowHOW for AD details.

...

  1. Provide the AD server details mentioned 

    • Bind Username (used to create a bind and validate the users)

    • Bind User Password

    • Root Distinguished Name: Root path of AD tree under which users are being searched on AD server (eg: DC=company,DC=com)

    • AD Host - URL used to connect to the server using LDAPS 

    • AD Port - port for AD (Eg: 639)

    • Domain - AD domain under which users are registered   (eg: testuser@company.com  → Domain: http://company.com )

  2. After configuring the AD details, restart the CustomAPI container to load the login configuration

  3. Once CustomAPI is up, go to the login screen select "Login With AD" and provide your AD login username and password, the user will directly get the access to KnowHow.

KnowHOW Login

Any individual can self-sign on a KnowHow instance. You can use the login page to register a user specifying user name, password, and email.

For Login Authorization please refer User Management

Active Directory Login

With AD settings login users can directly access dashboard and proceed with requesting project

PSknowHOW Login

  • Login Request

Whenever a new user account is created, the request of access is sent to all the SUPERADMIN’s of the system on their registered email and also can be seen as a notification on KnowHow PSknowHOW dashboard.

...

The SUPERADMIN user has the permission to approve or reject a request to access dashboard, whose notification is sent to the user’s registered email.

...

  • Project Access Request

After being approved from SUPERADMIN to access dashboard, user needs to get access to required project to see KPIs loaded.

...

More details about account hierarchy can be found hereKnowHOW | Technical Details .

...

  • Roles

KnowHOW offers PSknowHOW offers the following group of users which defines permission assigned to a particular group user.

Project Role

Permissions

Tips

1

ROLE_VIEWER

  • Any new user registration will be assigned ROLE_VIEWER.

  • The user will not be able to view data for any project unless given permission of the project/s.

  • Users can request access to any project with any role.

  • Users can add a new project and the user will be project admin on added project/s.

2

ROLE_PROJECT_VIEWER

  • Any user can be assigned ROLE_PROJECT_VIEWER on one or more projects.

  • Users can view dashboard/s having ROLE_PROJECT_VIEWER access on the project/s but will not be able to modify any configuration, and cannot run processor

  • User can create their own project and modify configuration, run processor, after creating a project user becomes PROJECT_ADMIN of that project and possesses all the rules of ROLE_PROJECT_ADMIN

3

ROLE_PROJECT_ADMIN

  • Any user can be a project admin on one or more projects.

  • User with ROLE_PROJECT_ADMIN access will be able to view the dashboard/s and will be able to edit the configuration of the project/s.

  • Can grant/reject the access request to the project the ROLE_PROJECT_ADMIN rolled user has access.

  • They have the permission to delete processor’s data, refer Processor Execution to delete processor’s data

4

ROLE_SUPERADMIN

  • The user of this group will have all the permission.

  • They can view all the configured projects and can change the configuration at the instance level including adding new projects.

  • Only users with ROLE_SUPERADMIN will be able to approve access requests of login raised by users.

  • Can grant/reject the access request of any project raised by users.

  • They can see/modify the role of other users.

  • They can change the projects access.

  • They have the permission to delete processor’s data, refer Processor Execution to delete processor’s data

5

ROLE_GUEST

  • Any user can be assigned ROLE_GUEST on one or more projects.

  • Users can view dashboard/s having ROLE_GUEST access on the project/s but will not be able to access the setting section.

...

After raising a request for a project, the user can see the status of the request raised, on My Requests option on Profile Mgmt. tab, as the request to access project is sent to ProjectAdmin PROJECT_ADMIN enrolled user if it has the access to that project and to SUPERADMIN rolled users.

Note: only after SUPERADMIN’s/ProjectAdmin’s approval, the user can get access.

...

Note: This option is available only in case of KnowHOW PSknowHOW Login