user_management
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
user_management [2019/03/01 14:00] – lucy | user_management [2019/08/02 12:07] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Introduction ===== | + | ====== Introduction |
- | LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within the user settings. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular LUCY functions. | ||
- | ===== Where can you configure | + | LUCY offers a role-based access control (RBAC), restricting system access to authorized users. The permissions to perform certain operations are assigned to specific roles within |
+ | ===== Where can you configure the user settings? ===== | ||
In LUCY you will find the user settings under " | In LUCY you will find the user settings under " | ||
Line 12: | Line 12: | ||
===== Is there a limitation on how many users can access LUCY? ===== | ===== Is there a limitation on how many users can access LUCY? ===== | ||
+ | |||
No. You have the ability to create as many LUCY users that can access the web console as you want. | No. You have the ability to create as many LUCY users that can access the web console as you want. | ||
Line 19: | Line 20: | ||
- | * **User**: this user role created by the admin user can be given individual rights for each LUCY feature. The user can later be added to a specific campaign. | + | ==== User ==== |
+ | |||
+ | This user role created by the admin user can be given individual rights for each LUCY feature. The user can later be added to a specific campaign. | ||
{{ usr_mng_1.png? | {{ usr_mng_1.png? | ||
Line 25: | Line 28: | ||
{{ usr_mng_2.png? | {{ usr_mng_2.png? | ||
- | * **Supervisor**: Maintain the overview with access to the campaign specifications. | + | ==== Supervisor |
+ | |||
+ | Maintain the overview with access to the campaign specifications. | ||
{{ usr_mng_4.png? | {{ usr_mng_4.png? | ||
Line 31: | Line 36: | ||
You have the ability to define a supervisor who is able to START/STOP the campaign which was created by a user. To do so add a user to a campaign with all permissions selected, add his supervisor to the same campaign with " | You have the ability to define a supervisor who is able to START/STOP the campaign which was created by a user. To do so add a user to a campaign with all permissions selected, add his supervisor to the same campaign with " | ||
- | * **Administrators**: The LUCY admin can save all settings within LUCY and run the campaign. This is the user that you need to perform your awareness campaigns. You cannot segregate administrators in a way, that an admin A doesn' | + | ==== Administrators |
- | * **View Only Users**: The View Only User can only see certain statistics of the campaign. This user cannot start/stop a campaign. The user also has no rights in viewing or changing any of the campaign settings. First, you need to create a client name. The client name is always associated with a campaign. Then you can associate that user with the client. As a result, the View Only User will only see all the campaigns which belong to that specific client. | + | |
+ | The LUCY admin can save all settings within LUCY and run the campaign. This is the user that you need to perform your awareness campaigns. You cannot segregate administrators in a way, that an admin A doesn' | ||
+ | |||
+ | |||
+ | ==== View Only Users ==== | ||
+ | |||
+ | The View Only User can only see certain statistics of the campaign. This user cannot start/stop a campaign. The user also has no rights in viewing or changing any of the campaign settings. First, you need to create a client name. The client name is always associated with a campaign. Then you can associate that user with the client. As a result, the View Only User will only see all the campaigns which belong to that specific client. | ||
{{ usr_mng_5.png? | {{ usr_mng_5.png? | ||
Line 39: | Line 50: | ||
{{ usr_mng_6.png? | {{ usr_mng_6.png? | ||
+ | |||
+ | ===== How to convert users to LDAP-based? ===== | ||
+ | |||
+ | Lucy has the ability to convert the account to LDAP-based, so existing user can be logged in through LDAP. You can convert multiple accounts at once by selecting the necessary users and clicking the button " | ||
+ | |||
+ | {{: | ||
+ | |||
+ | //Note:// Lucy admin should configure the connection to Active Directory service to be able to use this feature. Please find more information about LDAP Integration [[ldap_integration|here]]. | ||
===== Can I enforce a password policy or strong authentication? | ===== Can I enforce a password policy or strong authentication? | ||
Line 45: | Line 64: | ||
Please find more [[password_policies_login_protection_strong_authentication|here]]. | Please find more [[password_policies_login_protection_strong_authentication|here]]. | ||
+ | |||
+ | ===== Can I authenticate administrative users via SSO? ===== | ||
+ | |||
+ | Yes. It is possible using the AD Federation service and authenticate the users automatically. See [[sso_authentication|chapter SSO.]] | ||
+ | |||
+ | |||
+ | ===== How to set up a multitenant capable administration ===== | ||
+ | |||
+ | To set up a multitenant capable administration, | ||
+ | |||
+ | **Use case 1**: You create a campaign for your customer, but want to give your customer access to the statistics within the campaign. It must be ensured that the customer only sees his own data and cannot intervene in the campaign configuration. | ||
+ | |||
+ | {{ rolebased_acces_view.png? | ||
+ | |||
+ | |||
+ | **Solution use case 1:** You create a view-only account (1) in " | ||
+ | |||
+ | |||
+ | **Use case 2:** You have a customer who wants to create their own campaigns. However, the customer should only have access to his statistics and not see other customers. | ||
+ | |||
+ | {{ rolebased_acces_view2.png? | ||
+ | |||
+ | **Solution use case 2:** You create an account with the status " |
user_management.txt · Last modified: 2021/09/07 12:57 by lucysecurity