Manage Users

This part assumes that your read and understood how RealOpInsight handles users and permissions.

Create a User

Proceed as hereafter to create a user:

  • Log into RealOpInsight as administrator.
  • Select the menu New User.
  • Fill in the user information:
    • The property User Role sets the profile of the user (Operator or Administrator).
    • The Password must have at least six (6) characters in two of the following classes (upper cases, lower cases, digits, special characters).
    • For an operator user, the property Dashboard Tiles Per Row sets the number of columns for his Business Operations Dashboard (BOD) grid.
    • For an operator user, the property Dashboard Display Mode allows to indicate whether the operator can have access to SLA & reporting graphs.
  • Click on Submit to save the changes.

image

List and Manage Users

As administrators you can list and manage existing users:

  • Log into RealOpInsight as administrator.
  • Select the menu All users to list existing users.
  • The list of users appears as collapsed entries for each user (see screenshot below).
  • You can expand a user entry to have access to available user management operations (e.g. update, deletion, password reset).
  • The label Built-in indicates that the user is managed by the RealOpInsight’s built-in Authentication System, as it also works with users managed by a LDAP directory

image

Update User Information

Beside administrators that can update information on all users, each user can update his information as follows:

  • Log into RealOpInsight.
  • Click on the profile menu Signed as <user>.
  • Select the menu Settings.
  • Select the menu My Account, or Change password if you rather want to change your password.
  • By default user information are displayed in read-only mode, click on Update to enable updates.
  • Proceed with the changes and click again on Update to save changes.

Delete a User

To delete a user proceed as hereafter:

  • Log into RealOpInsight as administrator.
  • Select the menu All Users.
  • Find the user entry in the list and expand it.
  • Click on the button Delete to request the deletion.
  • Confirm the deletion when prompted.
  • Check the user list to verify the deletion.

Authentication Against a LDAP Directory

RealOpInsight can authenticate users against an LDAP directory. The integration with an LDAP directory is a straightforward process, the only important points to consider is that: when the authentication with LDAP is enabled, all operator users created with the built-in user management system are disabled, the built-in administrator user works as unique administrator account for the overall system, and all users imported from LDAP are considered as operator users.

The integration with LDAP assumes that you already have a working LDAP directory service. The functionality has been tested LDAP v2 and LDAP v3. Additionally, you need to enable read access to the user base of your LDAP directory to RealOpInsight. Otherwise it will not be able to get access to those user information.

As RealOpInsight has only read access to user information in LDAP, it cannot update nor delete information of those users. Furthermore, when LDAP authentication is disabled all related users are removed from the RealOpInsight.

Enable LDAP Integration

Enable LDAP integration involves the following steps:

  • Log into RealOpInsight as administrator.
  • Select the menu Authentication to configure the authentication backend.
  • Select LDAP as authentication mode.
  • Set Server URI with endpoint of LDAP API. This must be in the form of ldap://server:port (no SSL), or ldaps://server:port (LDAP over SSL).
  • If the LDAP server uses a self-signed certificate, select Use custom SSL certificate to configure the certificate options.
  • Set the version of the LDAP protocol to use.
  • Set Bind User DN with the distinguished name (dn) of an LDAP user that has read access to the directory that RealOpInsight will bind to (see User Search Base below). This is optional if the LDAP server accepts anonymous access.
  • Set Bind User Password with the password of the bind user. This is optional if the LDAP server accepts anonymous access.
  • Set User Search Base for the LDAP directory (e.g. ou=devops,dc=company,dc=com). RealOpInsight only considers entries belonging to person class in this base.
  • Set User ID Attribute with an attribute to use as user identifier for LDAP users. If empty, the string uid will be considered. You may use mail for email-based authentication.

    If you set an attribute that does not identify users uniquely, the authentication with RealOpInsight will not work.

image

Enable LDAP users

You first need to enable LDAP authentication as described above, then you need to select users that can authenticate against the LDAP directory.

Below are steps to do that:

  • Log into RealOpInsight as administrator.
  • Select the menu LDAP Users.
  • This shall list all person in the configured LDAP directory as illustrated on the screenshot below.
  • Check the option Enable Auth for each user that you want to consider as operator in RealOpInsight.

image