Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

ref - https://tools.publicis.sapient.com/confluence/display/DOJOS/User+Management

KnowHow supports Authentication and Authorization. The default admin user in any fresh instance will be "SUPERADMIN" with the default password "SUPERADMIN@123". Please change the SUPERADMIN's default password once the installation is complete. 

Authentication

On the Login screen, the user can select Standard login or AD login to authenticate him/her-self

Active Directory Login

A SUPERADMIN user can configure AD server details on the KnowHOW instance.

Please Note: If Publicis Sapient teams wish to integrate Lion Login AD, please reach out to the KnowHOW for AD details.

  1. Provide the AD server details mentioned 

    • Bind Username (used to create a bind and validate the users)

    • Bind User Password

    • Root Distinguished Name: Root path of AD tree under which users are being searched on AD server (eg: DC=company,DC=com)

    • AD Host - URL used to connect to the server using LDAPS 

    • AD Port - port for AD (Eg: 639)

    • Domain - AD domain under which users are registered   (eg: testuser@company.com  → Domain: http://company.com )

  2. After configuring the AD details, restart the CustomAPI container to load the login configuration

  3. Once CustomAPI is up, go to the login screen select "Login With AD" and provide your AD login username and password, the user will directly get the access to KnowHow.

KnowHOW Login

Any individual can self-sign on a KnowHow instance. You can use the login page to register a user specifying user name, password, and email.

  • Login Request

Whenever a new user account is created, the request of access is sent to all the SUPERADMIN’s of the system on their registered email and also can be seen as a notification on KnowHow dashboard.

The SUPERADMIN user has the permission to approve or reject a request to access dashboard, whose notification is sent to the user’s registered email.

  • Project Access Request

After being approved from SUPERADMIN to access dashboard, user needs to get access to required project to see KPIs loaded.

The user should select the required projects along with the roles.

Note: if a user select option from parent level hierarchy, all the child level items will automatically get selected. User can select multiple options from drop down.

More details about account hierarchy can be found hereKnowHOW | Technical Details .

  • Roles

KnowHOW offers the following group of users which defines permission assigned to a particular group user.

Project Role

Permissions

Tips

1

ROLE_VIEWER

  • Any new user registration will be assigned ROLE_VIEWER.

  • The user will not be able to view data for any project unless given permission of the project/s.

  • Users can request access to any project with any role.

  • Users can add a new project and the user will be project admin on added project/s.

2

ROLE_PROJECT_VIEWER

  • Any user can be assigned ROLE_PROJECT_VIEWER on one or more projects.

  • Users can view dashboard/s having ROLE_PROJECT_VIEWER access on the project/s but will not be able to modify any configuration.

3

ROLE_PROJECT_ADMIN

  • Any user can be a project admin on one or more projects.

  • User with ROLE_PROJECT_ADMIN access will be able to view the dashboard/s and will be able to edit the configuration of the project/s.

  • Can grant/reject the access request to the project the ROLE_PROJECT_ADMIN rolled user has access.

  • They have the permission to delete processor’s data

4

ROLE_SUPERADMIN

  • The user of this group will have all the permission.

  • They can view all the configured projects and can change the configuration at the instance level including adding new projects.

  • Only users with ROLE_SUPERADMIN will be able to approve access requests of login raised by users.

  • Can grant/reject the access request of any project raised by users.

  • They can see/modify the role of other users.

  • They can change the projects access.

  • They have the permission to delete processor’s data

5

ROLE_GUEST

  • Any user can be assigned ROLE_GUEST on one or more projects.

  • Users can view dashboard/s having ROLE_GUEST access on the project/s but will not be able to access the setting section.

After raising a request for a project, the user can see the status of the request raised, on My Requests option as the request to access project is sent to ProjectAdmin user if it has the access to that project and to SUPERADMIN rolled users.

Note: only after SUPERADMIN’s/ProjectAdmin’s approval, the user can get access.

SUPERADMIN user only has a permission to see Access Mgmt. option in Profile Mgmt., as he/she can revoke/grant/modify any access to any project and role of the user as per requirement.

  • Auto Approval

SUPERADMIN has a feature to automatically approve the projects access request from other set of users possessing Project Viewer, Project Admin or Guest Role

FORGOT PASSWORD

If users forgot their password, they can reset it, User provides their email address while creating account and password reset link will be available after forgot password request. Users who submitted a password reset request through a “Forgot Password” form will receive an email containing a link of “Reset your password” from the no-reply@speedy.com 

Note: This option is available only in case of KnowHOW Login

  • No labels

© 2022 Publicis Sapient. All rights reserved.