User management
Responsible for user management, the Senior User Manager (SGU) is a fundamental resource when using the Senior X Platform with the Senior systems it has, since user management of this type is done directly by the SGU, while the platform only has the functionality of notifying changes to this user management.
Editing users and groups
Users
When there is a change in user data in the Senior User Manager, the procedure is to first remove the data and insert it updated into the database. Checking this, the integrator works with a change window. Thus, when this exclusion and inclusion is identified in the same window, an update is sent to the platform (transparent process).
However, if this deletion and insertion are done in independent windows, it is possible that the user will be excluded for a few seconds until they are inserted back into the platform.
Groups
For changes to groups, the operation is the same as for changes made to user data, with their role (group) updated transparently on the platform. The difference occurs when deletion and insertion are done in independent windows, as the role that represents the group is deleted in the senior X Platform and when recreated, the permissions defined before no longer exist. In other words, it is necessary to assign them again.
Permissions
The permissions assigned in the Senior systems have no relationship with the permissions existing on the platform. Therefore, if any changes are made to the system, the platform is only impacted when a user is assigned to another group. In this case, the user is replicated and also belongs to a new group on the senior X Platform.
Access
Access periods
The platform does not have a policy for integrated access periods to the solutions. Therefore, when it is necessary to have an access period, it is recommended to use authentication models based on LDAP/AD or SAML/ADFS. If this configuration already exists in the system and the integration is working with the platform, it is possible that login will be unavailable for users within the established deadlines.
Change password
When performed on the system, replication is done in a few seconds on the senior X Platform. However, when there is G5 type authentication and allows password change through the platform, if the user changes the password, forgets it and requests a new password, it is mandatory that this new password be different from the previous one or, preferably, a Random. If this is not done, the password is not updated on the platform.
User validation
The question policy is only used to access or recover passwords on systems. This feature is not replicated across the platform.
Operating system user
When there is integration between the platform and any Senior solution, do not select the optionAllow login with Operating System user
, in Senior User Manager > Security > Login with Operating System user.
Regardless of the authentication method chosen, do not use spaces in the user name to access the platform.
Policies
Account Block
The Senior system account blocking policy is not present on the platform. Therefore, if you wish to use this type of policy on the platform, it is recommended to use LDAP/AD or SAML/ADFS.
However, when this policy is enabled and activated on the senior X Platform, the user is blocked, as there is user replication. Therefore, it is recommended that when there is an integration between solution and platform, the account blocking policy is not enabled. Therefore, when there is, the user with the blocked account will need to unblock it in the system itself. The same situation happens when the user is configured to be blocked every month, with this integration the user's values will also be replicated on the platform.
Passwords
The system password format policy is not integrated with the platform password policy. Therefore, it is recommended that when using it, it is similar to what already exists in the system, in order to avoid possible problems during its integration. In other words, it is mandatory that the Senior User Manager also has this policy, so that passwords are properly integrated.
Users with a password that is out of format will not be integrated, so it is up to each company to adjust all passwords after configuration and then carry out the integration or configure the new password format and reinstate the adjusted users little by little.
Note
On the senior X Platform there is a restriction that does not allow passwords shorter than five characters in the cloud.
For the forgotten password policy, the behavior is the same as for the password format policy: no integration between Senior User Manager and the platform. This way, when the user requests password recovery through one of these two places, the model used will be different.
- SGU: occurs regardless of the configuration made on the senior X Platform. When changed in this location, it is immediately replicated on the platform;
- senior X Platform: Occurs when tenant settings, on the Authentication tab, the option check boxAllow changing password is enabled. However, it is not recommended to use this feature when there is integration with a Senior system, as this replication is unilateral (from system to platform). In other words, changing your password on the platform is not replicated in the SGU. When the request is made by senior
Note
The behavior for the account lockout policy is the same as for the password lifetime and old password control policies.
Data base
When you have more than one Senior solution, it is essential that the bases are unified to use this option.
To identify whether there is more than one database, access the Senior Configuration Center and check the Database item to see if there is more than one item listed.
Non-unified bases
When there are non-unified databases, it means that there are different users and/or with different information in their registration for email and password items between the Senior systems. This situation is very common, as users generally only use the Senior system related to their role and not all those installed in the company. Understanding this concept of what non-unified bases mean, you can follow the steps below to precisely identify the differences between users of each system.
To identify the differences between users of each system, check that:
- The user information that must be considered for synchronization is: username, password and email. However, for security reasons, it is not possible to export and compare user passwords from Senior systems databases, so each company must identify whether users with the same name have different passwords between systems;
- As a suggestion, generate reports in .CSV of usernames and emails from all existing databases. By comparing this information in an Excel spreadsheet, for example, it will be possible to identify which users exist in one system and not in another, or even users with the same name in different systems but who perform functions and have different permissions.
At this point it is important to decide which system will have its base synchronized, as it is only possible to synchronize one.
To decide whether to unify the bases manually or opt for another form of authentication, check some factors, such as the number of differences and the time spent to adjust them all, and even the impact of changing the form of authentication on the company.
Observation
It is not necessary to replicate all users on all systems, but rather choose the base that will contain all of them.
Unify bases
When choosing to unify the bases to eliminate differences, based on the information generated in the .CSV report, access the system and adjust the different information, if necessary, create the missing users in the chosen system to have the base integrated with the senior X Platform.
