Managing Users

To manage user accounts, select the Users tab. User accounts are listed by account name. and selecting one of the accounts will display user details, user memberships and the effective permissions of the user.

User details

The details section at the top of the right-hand panel allows you to configure full name, contact details and other properties related to the user account.

Status

This field displays the status of the user, Active, Locked or Inactive.

Locked

Accounts are locked if you have Account Protection enabled, and the user fails to log in a number of times in a row. You can unlock accounts using the Unlock User button in the toolbar.

_Inactive_Accounts become inactive when they own collateral like reports when you delete them. Instead of deleting all the owned collateral, the account is deleted but the user profile remains as owner of the collateral.

Account type

Account type determines the identity authority of the account.

External

External accounts are replicated from and authenticated by an external authority, such as WSS or a database. (The precise authentication method is defined in the system configuration file, security service section). This account type is suitable for users who have an account with the underlying system that OmniFi is attached to.

External accounts are suitable for users that have individual accounts with a supported external authority, and should be allowed to query or modify data in the underlying data provider, e.g. TRM.

Credential management for external accounts is performed with the external authority. Credentials provided by the user are used as-is when accessing the underlying data source.

Password

Password accounts are native OmniFi accounts, and authenticated without involvement of any 3rd party authority.

This account type is suitable for users who don’t have individual accounts with the underlying data provider, such as READ users, or for any kind of user of data provider where you can configure Account Mapping in OmniFi Administration.

Credentials for password accounts are managed within OmniFi, in either the User Administration page, the OmniFi Administration application or by the user, using the My Account page.

Windows

The Windows account type uses Kerberos authentication with a Windows domain to authenticate the user. This is a very secure way of authenticating users. You can configure Account Mapping in OmniFi Administration to provide access to data sources to Windows account users.

❗️

Verify your license agreements

Users that don't have individual accounts and licenses with the underlying data provider aren't generally allowed to directly use APIs, or access and modify information in the data provider. Make sure to carefully consult your license agreements with the vendor of the data source to make sure your setup is compatible with the license terms.

Password

Password and Confirm password are enabled for Password accounts. To change the account password, enter the same password in both fields and save the user.

License type

Most OmniFi users will have a FULL license. There are however exceptions, where some users will only be able to run test cases during a test project. These users should be assigned a TEST RUN license.

License key

The license key is supplied by SkySparc, individually per account, during onboarding.

Member Of

The Member Of tab shows all the selected user's memberships recursively, i.e. all groups that the user belongs to, at any level.

The Member Via column displays the immediate parent group that links to the displayed parent (Name). If the user is an immediate member of the displayed parent, Member Via is empty, and the relationship can be deleted using the delete button at the far right of the row.

If the user is a member of a group because of relations with more than one intermediate groups, all groups are displayed on the same row.

In the example above, Administrator is member of Back Office Group and Admin, which in turn are all member of the All group. This is displayed on the last row, indicating that Management is member of All via multiple relations.

If Administrator is also a direct member of All, this relation is displayed on a separate row, that can be deleted.

Effective Permissions

The Effective Permissions tab displays all permissions assigned to the user, or any of its parent groups.

The Permitted By column shows the parent group or groups that provide the permission. If Permitted By is blank, the permission is assigned directly to the user.

If a permission is assigned via relation to multiple parent groups, all parent groups are shown in Permitted By on the same row.