OCIO » Enterprise A&A Home Page » Enterprise A&A User Guide » Enterprise A&A Administration

Enterprise A&A Administration

Last modified by Matthew Harshbarger on 2015/11/09 11:05

 In addition to the Common Interface, Enterprise A&A also offers an administrative website.  This is for application owners and system administrators to manage A&A accounts and privileges.  The admin website also provides audit data for tracking user activity by date, action, Account ID and other fields, depending on your level of access.

Contents

Logging Into A&A Admin

Log In
Go to the A&A Admin Website in your browser (see example at right). 

Enter your credentials and select the application you're trying to administer. Click "Log On" to continue. 

Note: If you see a slightly different page from the example, follow those instructions instead or click the "click here" link in the blue heading to change the page you're using.

entaaadminlogon.png

 

Admin Options
After logging in, you'll see some or all of the buttons shown in the example at right.

entaaadminmain.png

 

Managing User Privileges

To assign or remove privileges from a specific user, follow these steps (after logging into A&A Admin, above):

Enter Account ID
Enter the user's Account ID in place of your own. 

Click "Privileges" to continue.

entaaadminmain.png

 

User Privileges
Privileges in the "Available" list are not granted to the user, and those in the "User Privileges" list are currently granted. 

Add or remove user privileges using the "<" and ">" buttons, and click "Save User Privileges" to save your changes.

Administrative privileges can be granted or revoked by checking or unchecking the boxes found in the "Select A&A Administrative privileges" section.  An admin can only grant or revoke privileges that they themselves have privileges for.  The "A&A Administrator" privilege is something that only a very select few have and is not needed for application owner or service desk support.

Note:  Changes to user privileges take effect the next time the user logs in.  If they're already logged in when you make your changes, there will be no change to their authorizations until they log out and log back in.

entaaadminprivassign.png

 

System Privileges

Enterprise A&A provides several different system privileges for each application automatically.  These privileges appear as checkboxes in the User Privileges Admin page.  Depending on your level of administrative access, some or all of these may be grayed out, preventing you from granting these privileges to others.

These system privileges affect user accounts directly. Since user accounts do not belong to individual applications, these privilege are not normally granted to anyone but app owners and service desk staff.

  • A&A Administrator - Has complete control over all privilege and account management functions. *Not to be granted to application users.  Only used by OCIO A&A Administrators.
  • Account Manager - Can lock and unlock user accounts.
  • Password Manager - Can reset and change user passwords.
    These system privileges are almost always granted to at least one customer staff member.  Depending on the situation, there may be several staff members with one or more of these privileges.  Staff can also handle any of these functions as part of normal support.
  • Application Owner - Can define new privileges and edit existing ones.
  • Privilege Manager - Can add and remove privilege assignments to users.
  • Self-Reg Account Creator - This is generally granted only to computer accounts, for applications that need to register users automatically, without using the common interface to do so.

Creating and Editing Privileges

To create or edit privileges for the application, follow these steps (after logging into A&A Admin, above):

Manage Privileges
Click the "Manage Privileges" button from the administrative group at the bottom of the page. 

You should see a listing like the example at right.

Use the appropriate link or button to add, edit or remove application privileges.

Note:  If you delete a privilege for your application, it is also removed from all users.

List Users

You can list all of the users who have a given application privilege.  Click the "List Users" link for the privilege.

entaaadminprivmgmt.png

 

Self-Registration Administration

Enterprise A&A can notify the appropriate administrators when a new user requests and/or confirms their account.  If the user came from your application to the Common Interface, their account registration process is considered to be taking place for your application.

Note: This does not change the fact that accounts are outside of individual applications.  However, since almost all users will register in order to use a specific application first, it is often valuable for the application owner to be aware of these events.

To set up this feature in A&A, contact us.

 

Notification Basics

Depending on the notification choices you make, you'll receive notifications about each new user when they request and/or confirm their new account.  The e-mail notification will go to everyone with the proper system privilege.  You can use this notification to contact the user and/or grant them application privileges proactively, so that your application will give new users the right level of access from the start.

Many application owners end up getting flooded with these e-mails.  While you may want to see them all at first, eventually you might want to create an Outlook rule and move them to a special folder for later processing.

 

Self-Registration Speed Limits

In addition to notifying administrators about new registrations, Enterprise A&A can also be configured with a speed limit for each hour and/or day's worth of registrations for a given application.  When new registrations reach 80% of the configured hourly or daily limit, staff are automatically notified and can take appropriate action.  When this limit is reached, new registrants receive a message to try back later. 

If you expect heavy traffic, we can set the speed limit higher for a given day or week to allow for the higher volumes.  The speed limit helps the State avoid possible hacking or spamming threats, while maintaining a high level of availability for real users.

Contact us for more information on configuring your self-registration speed limits.

 

 

Tags:
Created by Administrator on 2011/05/10 17:08

This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 3.0.36132 - Documentation