Understanding Users

Users are the individuals in an organization who have access permissions to the Manager. Users have different types of permissions for the software and the system components. When administrators create, edit, or copy users, they define the user's level of access to the Manager and the types of tasks the user can perform.

Within the Users List dashboard, you can do the following:

Add Users

  1. In the Manager, select Administration>Users>List.
  2. Click Add in the action bar to create a new user.

Edit Users

  1. In the Manager, select Administration>Users>List.
  2. In the User List select the user you want to edit and click Edit.

Copy Users

Once a user is created, administrators can use the copy feature to create more users who have similar properties, such as the company name or custom options. When you copy a user, the new user inherits all of the original user's permissions.

Delete Users

When you delete a user, you may transfer the jobs, job template libraries, or reports that the user owns to another user. You can also simply delete the user and all of the access controls and reports associated with the user.

To delete a user and all of the access controls and reports associated:

  1. In the Administration>Users>List, select the user and click Delete.
  2. If the user is associated with any objects, the Delete User dialog displays, prompting you to transfer the deleted user's job template libraries, jobs, access permissions and so on to another user. From the drop-down menu, choose a user to whom you want to transfer the deleted user's template library(s). If the user has only jobs and/or packages associated with them, a prompt appears warning you that once the user is deleted, all reporting pertaining to that user is lost. You cannot transfer jobs or packages to other users.
  3. Click OK.

Note: With Media Exchange, the following occurs when you delete a user, depending on the type of user you delete:

  • When the deleted user is a receiver on a particular job, the record of the job is removed from the sender's outbox in the Media Exchange view. However, the user remains in the main Signiant Web interface (such as in the Job Groups and Report Views), and reporting is still active.
  • If the deleted user is a sender on a particular job and you transfer the Signiant items associated with the sender to another user, the receiver still sees the package, but it appears to be sent from this newly assigned user.
  • If the deleted user is a guest user, you must transfer objects to another user, you cannot simply delete the user and their associated objects.

Deactivate or Activate Users

When you have a user that you do not wish to delete, but whose access to the Manager you want to restrict, you can deactivate them. Deactivating a user means that the user's information remains in the database, but that they can no longer login to the Signiant Manager or Media Exchange. These changes take place the next time a user tries to log on.

To deactivate or activate a user:

  1. In the Administration>Users>List, select the user and click Deactivate or Activate.
  2. Click Yes.

View a Summary of User Access

Use this option to view the selected user's permissions and access.

To view these details:

  1. Select the user in the Administration>Users>List and click Summary.
  2. In the User Access Summary dialog, from the Select an object type drop-down menu, select the object for which you want to view user summary settings. For example, to view user permissions, select User Permissions. A summary of the user's permissions and setting is displayed.
  3. Click OK.

Edit User Settings

To edit users settings such as the password settings or notification messages, select the user in the Administration>Users>List and click Settings.

The password strength checker is enforced when new accounts are created or activated and when passwords are changed. The password strength checker is bypassed for directory services passwords.

To manage password settings, use the following options:

Enable User Reactivation
This option allows locked users to be reactivated after a specified time period has expired. This setting is applicable to users who are deactivated as a result of failed login attempts. In Time To Reactivate Users (Hours) type the number of hours until reactivation occurs.

Password Strength Policy
By default, this option is configured to specify the following password requirements:

  • Minimum Characters - 8
  • Minimum Upper Case Letters - 1
  • Minimum Lower Case Letters - 1
  • Minimum Numbers and Symbols - 1

Edit these default settings to match your password policy. The settings in the Password Strength Policy control all system passwords including Media Exchange users, users created or edited with Signiant REST APIs, and users created in the Signiant Manager.

Enable Manager password expiry
To configure a password expiry for the Manager password and in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password.

Enable Media Exchange password expiry
Enable this option and, in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password. For the Media Exchange password, this applies only to users who are controlled by Default Native Authentication in Directory Services.

Note: Password reset requests are recorded in the Manager log.

Announcement Message

Used to display a message to your users once they have logged in. To only display this message to Media Exchange users, enable Display Announcement message to Media Exchange Users only.

Login Authorization Message

Used to display a message to users that displays before logging in. This typically is something such as a licensing agreement. To only display this message to Media Exchange users, enable Display Announcement message to Media Exchange Users only. There is no limit on the number of characters, but we recommend you do not exceed 2,000 characters per message. You can include HTML links to external web pages. The HTML link must be in the following format: <a href="linktosite">LinkText</a>. To stop the message from appearing,you must delete the content from the appropriate box.

Export the List of Users or a Selected User

You can choose to export your users in General or Media Shuttle format.

To export your Media Exchange users:

  1. In the list of users, select the users you want to export (Shift + Click for multiple) and click Export or to export all users, click Export.
  2. In the Export Users dialog, select the Export Type. General is the standard Media Exchange output and Media Shuttle is formatted for Media Shuttle. (See below for specific Media Shuttle formatting options.)
  3. Click Export.
  4. Open the file with Microsoft Excel or Save File.

To be imported by Media Shuttle, the first line of the CSV file must include the following header row:"emailAddress","firstName","lastName","info","expiryDate","sendPermission","receivePermission"

  • emailAddress: This field cannot contain Unicode characters. This is a mandatory field.
  • firstName: This is an optional field.
  • lastName: This is an optional field.
  • info: This is an optional field.
  • expiryDate: This must be in the following format: yyyy-mm-dd. This is an optional field.
  • sendPermission: Must be either TRUE or FALSE. This is an optional field.
  • receivePermission: Must be either TRUE or FALSE. This is an optional field.

User List Columns

User list columns can be displayed or hidden by clicking the arrow icon beside the column label and selecting the desired columns. The column order can be changed by clicking-and-dragging a column to a new location.

The available columns are:

  • Name (last,first): The user's name.
  • User Name: The user name you defined.
  • Organization: The user's organization.
  • Status: This displays the user status, options are Activated or Deactivated.
  • Guest: "Yes" indicates that this is a guest user.
  • Media Exchange Enabled: Yes indicates that this user has Media Exchange access.
  • Media Exchange Agent: The Media Exchange-enabled agent associated with the user.
  • Last Login Attempt: The date and time of the last login attempt. This includes both successful and unsuccessful login attempts.
  • Last Successful Login: The date and time of the last successful login.
  • Last Login Result: Displays Success or Failure, based on the login result.
  • MX Job Group: Displays the user's associated Media Exchange job group.

Configuring User Properties

This section describes how to add a user to the Signiant Manager.

General

To specify general properties:

  1. On the General tab, type the user details.

  2. In Username, type the user's username. The characters: <, >, and = are not permitted.

  3. From the Organization drop-down menu, choose the organization to associate with the user.

  4. In the Password section, type the user's Password and again in Confirm Password.

    Ensure this password conforms to the password policy specified in Users>List>Settings. Enable Use directory password to avoid setting a password for users who use third party directory service authentication. This allows all other user configuration settings to be saved without the requirement of entering a password value. When you change a user password, you are changing the password in native authentication mode. Changing a user password does not change a user's LDAP or Active Directory password if those modes of authentication are being used to log in to the Manager UI. If a user has not logged in using native authentication, a message is displayed indicating this and that setting/changing this password does not affect third party directory service authentication. As an administrator you cannot change your own password. To change an administrative password, you must use the Welcome <user> / Preferences selection.

  5. In the Administration section, set the following custom information:

    Maximum Failed Login Attempts
    The number of consecutive failed login attempts within the failed login time period before the account is automatically disabled. Once the account is disabled, it remains disabled until a user with the appropriate privileges enables it. An acceptable range for this value is a number between 1-100.

    Failed Login Time Period (hours)
    The amount of time (in hours) in which the user can have failed login attempts. An acceptable range for this value is a number between 1-24. If the maximum failed login attempts specified is, for example, three, and the failed login period is two hours, a user can login incorrectly twice during that two-hour time period, but after that two hours passes, the maximum failed login attempts allowed resets to three.

    Improve web service API performance with reduced security auditing
    Enable this option to prevent the logging of successful logins and failed login attempts.

  6. Click OK.

Roles

As an administrator, you need to determine the roles to assign to your users. You will need to first create users who have administrative responsibilities such as installing agents and creating job template libraries. By default, the installation creates two default users: Admin and System. When creating a new user, the user's access to the menu items in the UI can be defined.

Caution: DO NOT DELETE THE SYSTEM USER, as this user is associated with maintenance templates that allow administrators to perform routine maintenance tasks on the Manager.

To specify a user's role:

  1. Select the Roles tab, and set the user type to Full User or Guest User.

    For a Full User, enable the role(s) you want to assign to the user. By default Administration Interface Login is enabled.

    For a Guest User, in Account activates at, specify the date and time when the guest user account is valid and in Account expires at, specify the date and time when the account expires.

Full User Roles

Organization Administrator
allows administrators access to users, user groups, agents, agent groups and Managers within their associated organization(s). By default, when the System Administrator role is selected, the Organization Administrator role is selected and cannot be disabled.

System Administrator
This role gives the user access to all organizations, users, jobs, views and any other objects.

Workflow Administrator
This user has full Workflow privileges. This means this user can create, edit, manage, and schedule Workflows and users.

Workflow Supervisor
This user has limited Workflow privileges and is limited to editing Workflows, assigning users to Workflows and scheduling Workflows. This user cannot access the Job Template Library Service. On an upgrade, non-administrative users have this role enabled.

Component Editor
This role allows the user to edit and develop Workflow components for use in the Signiant Workflow canvas. Users who do not have Component Editor privileges can only build workflows; they cannot edit components.

Administration Interface Login
This role allows users to login to the Signiant Manager Web Interface.

Monitor User
Designates the user who is associated with all external jobs for tracking and monitoring purposes in the system. By default, this is the Admin user.

Note: External jobs are those from imported agents associated with other Managers. Only one Monitor User can exist in the system.

Guest User Roles

Guest
A guest user is a user whose access to the Signiant software is limited by a user-defined time. The guest user is designed primarily for use with the Signiant Media Exchange application, but can be used for non Media-Exchange users, if desired.

Unregistered Users (Media Exchange-only)
Unregistered users are created by existing Media Exchange-enabled users when they send packages to a user who is not a Signiant Media Exchange user. As soon as the Media Exchange package is sent to the unregistered user, the user appears in the Signiant user list, in the Manager UI. The user is identified as "New Guest User" and their user name is the email address specified in the Send To field in the Media Exchange package creation screen. The user's status is listed as "deactivated" until they respond to their Media Exchange delivery notification email and activate themselves. Once activated, they appear in the Signiant user list as activated, with the name they specified. Their username remains their email address. They now have access to the Media Exchange software, as well as limited access to the Signiant UI for a default period of 30 days.

Groups

A user group is a collection of users who share identical access privileges. User groups make it easier to assign identical access privileges to large numbers of users, and also assist in the use of the directory integration feature.

To add a user to a user group:

  1. Select the Groups tab.
  2. In Available User Groups select the appropriate group and click Select. This adds the group to the Selected User Groups list.

To remove a user from a user group:

  1. Select the Groups tab.
  2. Click the user group(s) in the Selected User Groups region and click Delete or drag and drop the group(s) to the Available User Groups region.

Permissions

Permissions allow administrators to control user and group access to management objects.

Access permissions include Read, Edit, and Delete. By default, all users are able to read and edit their own properties.

To add permissions:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Once you create a user, you can set access to the menu items. Note that when you're editing a user's settings you see only menu items explicitly assigned to that user. When the user logs in, he or she may see additional menu items that are the result of being a member of groups configured to provide additional access.

To assign menu items to users, select the Menu tab and select/deselect menu items as appropriate.

Media Exchange

To give a user access to Media Exchange:

  1. Navigate to Administration>Users>List.

  2. Click Add to create a new user or click Edit to modify an existing user.

  3. Select the Media Exchange tab and on the General tab.

  4. Select Media Exchange Enabled.

  5. Specify additional information required for agent browsing, transfer, privileges, and email notification.

    • Agent: The Media Exchange-enabled agent to be associated with the user.
    • Allow Agent Browsing: Check this box to enable a user to browse agent directories.
    • Base Directory: Specify the base directory on the selected agent.
    • Transfer Job Group: Select the job group associated with the user's Media Exchange jobs.
    • Default Upload/Download Profile: A transfer profile is a combination of networking protocols and bandwidth settings used to define a service level for Media Exchange package transfers.
    • Enable Transfer Debug Logging: Enable this option to create transfer debug logs that can be used to troubleshoot upload and download issues. When this option is enabled, all transfers run in debug mode. These logs are stored in the local user's %TEMP% directory. To prevent the transfer debug log from growing too large, this logging is disabled after 24 hours. To continue transfer debug logging after 24 hours, you must enable this option again.
    • Privileges: Place a check in the box beside the appropriate user privilege.
    • Allowed to create guest users (Guest users are external users that are allowed limited access to a Media Exchange network for a specific period, and are created when a registered user enters an email address that does not currently exist in the system. Guest users are automatically added to the Media Exchange Guest Users group when created. Accounts that have never been activated are removed from the system upon 30 days default expiry.)
    • Allowed to send packages
    • Allowed to send packages
    • Allowed to forward packages
    • Allowed to subscribe to automatic delivery to the desktop
    • Notify interested parties when this user receives or downloads packages: Check to enable, and enter the email addresses in the corresponding Email box (semicolon delimited).
  6. Select the Notifications tab to configure user notifications when a user sends and receives a package.

    In Package User sends, enable user notifications when a user sends a package.

    By default the following options are selected:

    • Have been distributed
    • Notify user of failures
    • Have been downloaded

    In Package User receives, enable user notifications when a user receives a package.

    By default the following options are selected:

    • Are delivered to user inbox
    • Notify user for specified Channels only
  7. Expand Channels and select the channels to which you want to subscribe the user. You do not need to select the sub-channels - these are automatically selected once you have saved your changes. Upon opening the Notifications tab a second time, you will see that the sub-channels for all selected channels are selected. When a new sub-channel is added, this is automatically selected for subscription as well. You do not need to continuously update channel subscriptions - this is done automatically for you and your users.

  8. Click OK.