Managing Users

Users are people in an organization with access to the Manager software. The main Administrator user account is created during Manager installation and is assigned permissions that allow or restrict access to the Manager, systems, and tasks.

To add, edit or copy a user:

  1. Navigate to Administration > Users > List.
  2. Click Add, or select an existing user and click Edit or Copy.

You can use the copy feature to create additional users with the same properties and permissions.

User list columns can be displayed or hidden by clicking the arrow icon beside the column label and selecting the desired columns. The column order can be changed by clicking and dragging a column to a new location.

Deactivating or Activating Users

Deactivating a user restricts their access to the manager without deleting their account. The user's information remains in the database, but they cannot log into the Manager or Media Exchange until they are reactivated.

To deactivate or activate a user:

  1. Navigate to Administration > Users > List, select the user and click Deactivate or Activate.
  2. Click Yes.

Deleting Users

When you delete a user, can choose to delete the user’s reports and access controls, or transfer the data to another user, along with jobs, job template libraries, and reports created by the user.

To delete a user:

  1. In Administration > Users > List, select the user and click Delete. If the user is associated with any objects, you are prompted to transfer the deleted user's job template libraries and access permissions to another user.
  2. Select a user to whom you want to transfer the deleted user's template libraries. You cannot transfer jobs or packages to other users.
  3. Click OK.

In Media Exchange, when the deleted user is a receiver on a particular job, the record of the job is removed from the sender's outbox in the Media Exchange view. However, the user remains in the Manager, and reporting is still active. If the deleted user is a sender on a particular job and you transfer the items associated with the sender to another user, the receiver still sees the package, but it appears to be sent from this newly assigned user. If the deleted user is a guest user, you must transfer objects to another user, you cannot delete the user and their associated objects.

Editing Password Settings

Passwords are checked against the Password Strength Policy set in the user settings. You can edit user password policies by selecting Settings in the Administration > Users > List.

The password strength checker is enforced when new accounts are created or activated and when passwords change. Directory services passwords are not checked for strength.

To specify password settings:

Enable User Reactivation
Enable this option to allow locked users to be reactivated after a specified time period. This setting is applicable to users who are deactivated as a result of failed login attempts. In Time To Reactivate Users (Hours), enter the number of hours until reactivation occurs.

Password Strength Policy
You can edit default password settings to match your password policy. The settings in the Password Strength Policy control all system passwords for users created or edited in the Manager, in Media Exchange, or using REST APIs.

Enable Manager password expiry
To configure a password expiry for the Manager password and in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password.

Enable Media Exchange password expiry
Enable this option and, in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password. For the Media Exchange password, this applies only to users who are controlled by Default Native Authentication in Directory Services.

Note: Password reset requests are recorded in the Manager log.

Creating User Notification Messages

Customized user notification messages can be created under Settings in the Administration > Users > List. It is recommended that you not exceed 2,000 characters per message. To stop a message from appearing, you must delete the content from the appropriate box.

Your message can include HTML links to external web pages.

<a href="https://example.com">Example User Notification Link</a>

You can choose to display an announcement or login authorization message to Media Exchange users only.

Announcement Message
This message appears once users log in.

Login authorization message
Users see this message prior to logging in. A typical message is a licensing agreement.

Exporting a List of Users or a Selected User

From the Administration > Users > List, you can choose to export users in General or Media Shuttle format. Once exported, you can save the created CSV file or open it with Microsoft Excel.

To be exported to Media Shuttle, the first line of the CSV file must include a header row in CSV format:

"emailAddress","firstName","lastName","info","expiryDate","sendPermission","receivePermission"

  • emailAddress: This field cannot contain Unicode characters. This is a mandatory field.
  • firstName
  • lastName
  • info
  • expiryDate (yyyy-mm-dd)
  • sendPermission (TRUE or FALSE)
  • receivePermission (TRUE or FALSE)

Configuring User Properties

To add a user, select Administration > Users > List and click Add.

The following sections detail the user properties to configure on each tab.

General

Enter the user's identifying information. The characters  <, >, and = are not permitted in the Username.

Password

Ensure that passwords conform to the password policy specified in Users > List > Settings.

Enable Use directory password to avoid setting a password for users who use third-party directory service authentication. This allows all other user configuration settings to be saved without the requirement of entering a password value. When you change a user password, you are changing the password in native authentication mode.

Changing a user password does not change a user's LDAP or Active Directory password if those modes of authentication are being used to log in to the Manager UI. If a user has not logged in using native authentication, a message is displayed indicating this and that setting/changing this password does not affect third-party directory service authentication.

As an administrator you must change your password in the Account menu under Preferences.

Password Change Menu

Administration

Failed Login Time Period (hours)
The amount of time (in hours) in which the user can have failed login attempts. This value can be a number between 1-24. If the maximum failed login attempts specified is, for example, three, and the failed login period is two hours, a user can log in incorrectly twice during that two-hour time period, but after that two hours passes, the maximum failed login attempts allowed resets to three.

Maximum Failed Login Attempts
The number of consecutive failed login attempts within the Failed Login Time Period before the account is automatically disabled. Once the account is disabled, it remains disabled until the Failed Login Time Periods has elapsed, or a user with the appropriate privileges re-enables login. This value can be a number between 1-100.

Improve web service API performance with reduced security auditing
Enable this option to prevent the logging of successful logins and failed login attempts.

Roles

As an administrator, you can determine roles assigned to your users. You will need to first create users who have administrative responsibilities such as installing Agents and creating job template libraries. By default, the installation creates two default users: Admin and System. When creating a new user, the user's access to the menu items in the UI can be defined.

Note: Do not delete the System User, as this user is associated with maintenance templates that allow administrators to perform routine maintenance tasks on the Manager.

To specify a user's role, on the Roles tab, select Full User or Guest User.

For a Full User, enable the roles you want to assign to the user. By default Administration Interface Login is enabled.

Full User Roles

Organization Administrator
Allows administrators access to users, user groups, Agents, Agent groups and Managers within their associated organizations. By default, when the System Administrator role is selected, the Organization Administrator role is selected and cannot be disabled.

System Administrator
This role gives the user access to all organizations, users, jobs, views and any other objects.

Workflow Administrator
This user has full Workflow privileges. This means this user can create, edit, manage, and schedule Workflows and users.

Workflow Supervisor
This user has Workflow privileges limited to editing, scheduling, and assigning users to Workflows. This user cannot access the Job Template Library Service.

Note: On an upgrade, non-administrative users have this role enabled.

Component Editor
This role allows the user to edit and develop Workflow components for use in the Signiant Workflow canvas. Users who do not have Component Editor privileges can build workflows but cannot edit components.

Administration Interface Login
This role allows users to log into the Signiant Manager Web Interface.

Monitor User
Designates the user who is associated with all external jobs for tracking and monitoring purposes in the system. By default, this is the Admin user.

Note: External jobs are those from imported Agents associated with other Managers. Only one Monitor User can exist in the system.

Guest User Roles

A guest user is a user whose access to the Signiant software is limited by a user-defined time. The guest user is designed primarily for use with the Signiant Media Exchange application, but can be used for non Media-Exchange users, if desired.

For a Guest User, in Account activates at, specify the date and time when the guest user account is valid and in Account expires at, specify the date and time when the account expires.

Unregistered Users (Media Exchange-only)
Unregistered users are created by existing Media Exchange-enabled users when they send packages to a user who is not a Signiant Media Exchange user. As soon as the Media Exchange package is sent to the unregistered user, the user appears in the Signiant user list, in the Manager UI. The user is identified as New Guest User and their user name is the email address specified in the Send To field in the Media Exchange package creation screen. The user's status is listed as deactivated until they respond to their Media Exchange delivery notification email and activate themselves. Once activated, they appear in the Signiant user list as activated, with the name they specified. Their username remains their email address. They now have access to the Media Exchange software, as well as limited access to the Signiant UI for a default period of 30 days.

Groups

A user group is a collection of users who share identical access privileges. User groups make it easier to assign identical access privileges to large numbers of users, and also assist in the use of the directory integration feature. For more information, see Understanding User Groups.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Edit, Delete, and Schedule Jobs. By default, all users are able to read and edit their own properties.

To assign user or group permissions:

  1. In the Available Users/Groups panel, select users or groups to add and move them to the Current Permissions list by double-clicking or dragging them, or by clicking Select.
  2. Select the appropriate check boxes beside the corresponding permissions.

To remove permissions, select the user or group in the Current Permissions list and click Remove.

To view a summary of a user's permissions:

  1. Navigate to Administration > Users > List, select the user and click Summary.
  2. Select an object type for which you want to view a summary.
  3. Click OK.

Once you create a user, you can set access to the menu items. When editing a user's settings you see only menu items assigned to that user. When the user logs in, they may see additional menu items associated with group membership.

To assign menu items to users, select the Menu tab and select/deselect menu items as appropriate.

Media Exchange

To give a user access to Media Exchange:

  1. Navigate to Administration > Users > List.

  2. Click Add, or select an existing user and click Edit.

  3. Select the Media Exchange tab and on the General tab.

  4. Select Media Exchange Enabled.

  5. Specify additional information required for Agent browsing, transfer, privileges, and email notification.

    • Agent: The Media Exchange-enabled Agent to be associated with the user.
    • Allow Agent Browsing: Check this box to enable a user to browse Agent directories.
    • Base Directory: Specify the base directory on the selected Agent.
    • Transfer Job Group: Select the job group associated with the user's Media Exchange jobs.
    • Default Upload/Download Profile: A transfer profile is a combination of networking protocols and bandwidth settings used to define a service level for Media Exchange package transfers.
    • Enable Transfer Debug Logging: Enable this option to create transfer debug logs that can be used to troubleshoot upload and download issues. When this option is enabled, all transfers run in debug mode. These logs are stored in the local user's %TEMP% directory. To prevent the transfer debug log from growing too large, this logging is disabled after 24 hours. To continue transfer debug logging after 24 hours, you must enable this option again.
    • Privileges: Place a check in the box beside the appropriate user privilege.
    • Allowed to create guest users (Guest users are external users that are allowed limited access to a Media Exchange network for a specific period, and are created when a registered user enters an email address that does not currently exist in the system. Guest users are automatically added to the Media Exchange Guest Users group when created. Accounts that have never been activated are removed from the system upon 30 days default expiry.)
    • Allowed to send packages
    • Allowed to send packages
    • Allowed to forward packages
    • Allowed to subscribe to automatic delivery to the desktop
    • Notify interested parties when this user receives or downloads packages: Check to enable, and enter the email addresses in the corresponding Email box (semicolon delimited).
  6. Select the Notifications tab to configure user notifications when a user sends and receives a package.

    In Package User sends, enable user notifications when a user sends a package.

    By default the following options are selected:

    • Have been distributed
    • Notify user of failures
    • Have been downloaded

    In Package User receives, enable user notifications when a user receives a package.

    By default the following options are selected:

    • Are delivered to user inbox
    • Notify user for specified Channels only
  7. Expand Channels and select the channels to which you want to subscribe the user. You do not need to select the sub-channels - these are automatically selected once you have saved your changes. Upon opening the Notifications tab a second time, you will see that the sub-channels for all selected channels are selected. When a new sub-channel is added, this is automatically selected for subscription as well. You do not need to continuously update channel subscriptions - this is done automatically for you and your users.

  8. Click OK.