Apps and development tools - IG User Management


Functionality overview

Most of the functionality of the user management design should be rather self-explanatory. However: Here is an overview of the functions provided:

1. Menu

Main entry point to the functionalities provided.

  • Users: Opens the users list, showing all defined users
  • Groups: Opens the groups list, showing all defined user groups
  • Settings: Opens the settings editor, allowing to tweak user management settings
  • Blocked users: Allows you to view user names that are blocked bc. of too many false login attempts and to reset them. The menu item should already show the number of blocked users in a small red box if there are any.

Above the menu you also see the following buttons on the black bar:

  • Collapse: Hides the menu column for more editor space
  • Home: Returns to the homepage of the app
  • Login or <username>: Provides functionality to log in, show access level of logged in user and log out

1.1 Users list

Shows a list of defined users with the following columns:

  • Name: Primary user name
  • E-Mail: Mail address of the user
  • Enabled: Whether the user is enabled or not. Disabled users cannot be used for login.
Click any list item to open the user editor for that user.

1.2 Other Controls

  • View chooser "By name/By e-mail" on top right: Switches user list display to be ordered by user name or by the mail address
  • Filter field "Name/E-Mail" above list: Allows to specify a string by which the current order field will be filtered. Only documents will be shown whose name/e-mail starts with the given string.
  • Selection box left of every document: Check it to bring a button "Delete selection" to display. Clicking it will delete all documents that are checked.
  • Button "New User" on bottom: Click to create a new user document

2. User editor

Displayed when clicking a user in users list or clicking button "New user". Provides all fields stored on the user document, allowing to view and edit them.

2.1 Pulldown area at the top (click bar at the top to pull down):

  • Aliases: Shows all effective alias user names for this user
  • Title: Title of the document. Has no relevance for authentication.
  • Created: Date of creation of this user document plus creator user name
  • Last modified: Date of last modification of this user document plus editor user name

2.2 Readonly section at the top (gray box):

  • Unique user ID: A unique, unchangeable user id created for every user. This will stay the same even when the user name changes. Usable as alias for the user, therefor suitable for use in authorisation fields.
  • Display name: The display name of the user, as labeled name "commonname" would return it (since OpenWGA 6.1, see topic "Labeled names" in the concepts and features guide)

2.3 Base data:

  • Enabled: Checkbox deciding, whether the user is enabled or not. Disabled users cannot be used for login.
  • Primary user name: The primary, fully qualified, user name. Must be unique among all other user names and aliases.
  • User aliases: Alias names for the user, which also may be used for login and inside authorisation fields. Must be unique among all other user names and aliases.

2.4 Personal data:

  • Title: Some title which will also be part of the display name, like "Dr."
  • Given name, Surname: The actual name of the user
  • Company: Employer company of the user

2.5 Contact information:

  • E-Mail: The mail address of the user. May automatically be used as user alias, if so configured in the settings.
  • Address: Provides separate fields for address addition, street, street number, zipcode, city, region and country.
  • Phone: Telephone number
  • Fax: Fax number

2.6 Determine password:

Only shown on new users.
  • Password, Repeat password: Fields to fill in to set the password for the given user. Both fields need to be filled with the same password. Note the description of the password policy below, which is determined in the settings.

2.7 Other controls:

  • Button "Edit" in view mode, "Save" and "Cancel" in edit mode: The user editor is first opened in view mode. Button "edit" transfers it into edit mode, allowing to edit all the fields. Button "Save" saves changes, "Cancel" discards them. In case of a validation error you see the error message at the top of the editor. Also a field causing an error is displayed in red.
  • Button "Change password": Brings up a dialog to change the users password. Only available on already stored users.
  • Button "Request password change from user": Triggers the password change request functionality for this user.
  • Button "Delete": Deletes this user document

3. Groups list

Shows a list of defined user groups with the following columns:

  • Name: Group name
  • Members: First 3 member entries that group
  • Enabled: Whether the group is enabled or not. Disabled groups are not assigned to users.

Click any list item to open the group editor for that group.

3.2 Other Controls

  • Filter field "Name" above list: Allows to specify a filter string. Only documents will be shown whose name starts with the given string.
  • Selection box left of every document: Check it to bring a button "Delete selection" to display. Clicking it will delete all documents that are checked.
  • Button "New Group" on bottom: Click to create a new group document

4. Group editor

Shown when clicking a group in the groups list or clicking button "New group". Provides all fields stored on the group document, allowing to view and edit them.

4.1 Pulldown area at the top (click bar at the top to pull down):

  • Title: Title of the document. Has no relevance for authentication.
  • Created: Date of creation of this group document plus creator user name
  • Last modified: Date of last modification of this group document plus editor user name

4.2 Editor area:

  • Group name: Name of the group, as it will appear in the groups list of an authenticated user
  • Enabled: Checkbox determining whether the group is enabled or not. Disabled groups are not assigned to users
  • Members: Member entries of the group, each one representing a user name, alias or name of another group

4.3 Other controls:

  • Button "Edit" in view mode, "Save" and "Cancel" in edit mode: The group editor is first opened in view mode. Button "edit" transfers it into edit mode, allowing to edit all the fields. Button "Save" saves changes, "Cancel" discards them. In case of a validation error you see the error message at the top of the editor. Also a field causing an error is displayed in red.
  • Button "Delete": Deletes this group document
  • Button "Lookup members" in edit mode: Brings up the member lookup dialog, useful for querying the app for users and groups to add to this group.

4.4 Lookup members dialog

A utility to lookup user and group names from this app that should be added to the group. The workflow to use it  is:

  • Query for user and groups that you may want to add to the group, using the "Search for" field and/or the buttons on the right of it. The results will be seen in field "Found".
  • Move those user and group names that should be added to the group from field "Found" to field "Members to add" using the buttons "Add all" or "Add selected".
  • Click button "Add members" to close the dialog and let the names form field "Members to add" be added to the field "Members" on the group document.

The controls in detail:

  • Field "Search for": Specify a string that should be used to find users and groups. The click button "Find names" or "Fulltext search".
  • Button "Find names": Will search for user and group names which begin with the string specified in field "Search for".
  • Button "Fulltext search": Will search for users and groups whose document contains the string specified in field "Search for" anywhere in its items.
  • Button "Load all": Simply loads all defined user and groups. Field "Search for" is not used.
  • Field "Found": Contains primary names of users and groups that are found by the functionalties above.
  • Button "Add all": Adds all entries from field "Found" into field "Members to add", removing them from the previous field.
  • Button "Add selected": Adds selected entries from field "Found" into field "Members to add", removing them from the previous field.
  • Field "Members to add": Contains primary names of users and groups, who are added to the group document on clicking "Add members".
  • Button "Remove all": Removes all entries from field "Members to add".
  • Button "Remove selected": Removes selected entries from field "Members to add".
  • Button "Add members": Closes the dialog and adds entries from "Members to add" to the field "Members" on the group document

5. Settings editor

Offering settings for global configuration of this app.

5.1 Application behaviour

  • Password policy: Determines the strengh of passwords that is requested for user passwords. Three settings are available:
    • "Minimum 6 characters including special characters" (where special characters may be everything not alphanumeric)
    • "Minimum 6 characters"
    • "No policy"
  • Mail addresses of users: Determines the usage of e-mail addresses on users. Two settings are available:
    • "Store as field" with no special usage
    • "Store as field, usable as name alias" which will add the e-mail address automatically to the user aliases, meaning it can be used for login and authorisation fields.

5.2 Advanced functionalities

6. Blocked users list

OpenWGA blocks the usage of user names on which a number of false login attempts have been performed (5 by default) to prevent their password from being disclosed in a brute force attack. This means that the user name cannot be used for login even if the correct password is given. This list displays user names that are currently blocked, with the following columns:

  • Username: The name that is blocked. Does not actually have to be the name of a real user.
  • Blocked since: The time that this user name was blocked.
  • Reset button: Reset the current user name and make it available for login again

6.1 Other Controls

  • Button "reset All" on the bottom panel: Reset all blocked users