Access Managment

Shivani . (Unlicensed)

ref - https://tools.publicis.sapient.com/confluence/display/DOJOS/User+Management

KnowHow supports Authentication and Authorization. The default admin user in any fresh instance will be "SUPERADMIN" with the default password "SUPERADMIN@123". Please change the SUPERADMIN's default password once the installation is complete.

Authentication

On the Login screen, the user can select Standard login or AD login to authenticate him/her-self

Active Directory Login

A SUPERADMIN user can configure AD server details on the KnowHOW instance.

Please Note: If Publicis Sapient teams wish to integrate Lion Login AD, please reach out to the KnowHOW for AD details.

Provide the AD server details mentioned
- Bind Username (used to create a bind and validate the users)
- Bind User Password
- Root Distinguished Name: Root path of AD tree under which users are being searched on AD server (eg: DC=company,DC=com)
- AD Host - URL used to connect to the server using LDAPS
- AD Port - port for AD (Eg: 639)
- Domain - AD domain under which users are registered (eg: testuser@company.com → Domain: http://company.com )
After configuring the AD details, restart the CustomAPI container to load the login configuration
Once CustomAPI is up, go to the login screen select "Login With AD" and provide your AD login username and password, the user will directly get the access to KnowHow.

KnowHOW Login

Any individual can self-sign on a KnowHow instance. You can use the login page to register a user specifying user name, password, and email.

Login Request

Whenever a new user account is created, the request of access is sent to all the SUPERADMIN’s of the system on their registered email and also can be seen as a notification on KnowHow dashboard.

The SUPERADMIN user has the permission to approve or reject a request to access dashboard, whose notification is sent to the user’s registered email.

Project Access Request

After being approved from SUPERADMIN to access dashboard, user needs to get access to required project to see KPIs loaded.

The user should select the required projects along with the roles:

Note: if a user select option from parent level hierarchy, all the child level items will automatically get selected. User can select multiple options from drop down.

KnowHOW offers the following group of users which defines permission assigned to a particular group user.

	Project Role	Permissions
1	ROLE_VIEWER	Any new user registration will be assigned ROLE_VIEWER. The user will not be able to view data for any project unless given permission of the project/s. Users can request access to any project with any role. Users can add a new project and the user will be project admin on added project/s.
2	ROLE_PROJECT_VIEWER	Any user can be assigned ROLE_PROJECT_VIEWER on one or more projects. Users can view dashboard/s having ROLE_PROJECT_VIEWER access on the project/s but will not be able to modify any configuration.
3	ROLE_PROJECT_ADMIN	Any user can be a project admin on one or more projects. user with ROLE_PROJECT_ADMIN access will be able to view the dashboard/s and will be able to edit the configuration of the project/s.
4	ROLE_SUPERADMIN	The user of this group will have all the permission. they can view all the configured projects and can change the configuration at the instance level including adding new projects. Only users with ROLE_SUPERADMIN will be able to approve access requests raised by users. They can assign the "ROLE_SUPERADMIN" role to users.
5	ROLE_GUEST	Any user can be assigned ROLE_GUEST on one or more projects. Users can view dashboard/s having ROLE_GUEST access on the project/s but will not be able to access the setting section.

Auto Approval

SUPERADMIN has a feature to auto approve the request for projects from other set of users possessing Project Viewer, Project Admin or Guest Role