5.6.32. `Admin-GCenter- Accounts` screen of the legacy web UI

After pressing the `Accounts` command from the `Admin-GCenter` menu, the following screen is displayed.
This screen enables:

  • Managing users and related roles

  • The history of authentications, permissions, and user management

  • Linking with an LDAP server

This screen includes the following parts:

Section `Password Policy`

Function

Description

`Authentications history`

Audit trail

History of all authentications

`Creations/Deletions history`

Audit trail

History of all user creations or deletions

`Permissions history`

Audit trail

History of all user permissions

`Users management`

Local user management

Creation of new users and management of existing users

`LDAP configuration`

LDAP / ActiveDirectory integration

Management of the connection between the GCenter and the LDAP server

`API Keys`

Token management

Token creation and management of existing tokens

`Password Policy`

Password policy

Management of password policy settings

5.6.32.1. The `Authentications history` section of the `Accounts` submenu

The `Authentications history` window displays the history of all authentications on the GCenter.

../../_images/AUTHENT-01.PNG
This window displays the connections (1) in order from most recent to oldest.
The arrows (4) enable navigating between the different pages.
For each connection, the following information is displayed:

  • `Username` field (2): name of the person who logged in/out

  • `Action` field (3): login or logout

  • `timestamp` field (5) date and time of login / logout in the format (d , mm yyyy hh: mm: ss)

5.6.32.2. The `Creations/Deletions history` section of the `Accounts` submenu

The `Creations/Deletions history` window displays the history of all GCenter users created or deleted.

../../_images/CREATION-HIST-01.PNG
This window displays the creations or deletions (1) in order from most recent to oldest.
The arrows (3) enable loading the next page.
For each connection, the following information is displayed:

  • `Username` field (2): name of the person who created the account

  • `Log Message` field (4): the account name followed by the created or deleted action

  • `timestamp` field (5) : date and time of login / logout in the format (d , mm yyyy hh: mm: ss)

5.6.32.3. The `Permissions history` section of the `Accounts` submenu

The `Permissions history` window displays a history of all changes to user rights on the GCenter.

../../_images/PERMISSIONS-HIST-01.PNG
This window displays the changes in rights (1) in order from most recent to oldest.
The arrows (3) enable loading the next page.
For each connection, the following information is displayed:

  • `Username` field (2): the name of the administrator who changed the rights of the account

  • `Log Message` field (4): the name of the account whose rights were changed and the action taken.
    Changes in rights are made by changing the affiliation of a particular role.

  • `timestamp` field (5) : date and time of changes to the format (d , mm yyyy hh: mm: ss)

5.6.32.4. The `Users management` section of the `Accounts` submenu

The `Users management` window is composed of two areas:

  • The area for creating a new user (1)

  • The area for managing existing users (11)

../../_images/ACCOUNT_01.PNG
Area for creating a new user (1)

Item

Name

Description

2

`Username`

Full name of the new user. This value can only contain letters, numbers, and characters [@/./+/-/-/_.**].

3

`Email address`

Email address: optional field

4

`Active`

Enable or disable the account

5

`Operator`

Once the box is ticked, the user has the rights of the operator group

6

`Password`

Password.

7

`First name`

User's first name: optional field

8

`Administrator`

Once the box is ticked, the user has the rights of the administrator group

9

`Password confirmation`

Password is the same as the password field

10

`Last name`

User's name: optional field
Area for managing existing users (11)

Item

Name

Description

12

`Edit` button

Enables editing of the relevant profile

13

`Enabled`

Field indicating whether the account is enabled or disabled

14

`Operator`

Membership in the operator group - a tick indicates membership, a cross indicates non-membership

15

`Administrator`

Membership in the administrator group - a tick indicates membership, a cross indicates non-membership

16

`Email`

Field specifying the e-mail address

17

`Username`

Field indicating the user's name

18

`operator` User

The items indicated horizontally provide the information for the `operator` account

19

`administrator` user

The items indicated horizontally provide the information for the `administrator` account

20

`admin` user

The items indicated horizontally provide the information for the `admin` account

5.6.32.5. The `LDAP configuration` section of the `Accounts` submenu

../../_images/LDAP-01.PNG
The `LDAP configuration` window enables managing the connection between the GCenter and the LDAP server
To do so, this screen contains the following fields:

  • The `LDAP interconnection status` area (1)

  • The `LDAP authentication settings` area (2)

  • The `LDAP server binding settings` area (5)

  • The `LDAP users and groups mapping` area (7)

  • The `LDAP advanced settings` area (9)

5.6.32.5.1. The `LDAP interconnection status` area (1)

This area displays the connection status.
For the implementation, refer to Displaying of the connection status between the GCenter and the LDAP server.

5.6.32.5.2. The `LDAP authentication settings` area (2)

This field enables connecting to a remote authentication server.
For the implementation, refer to Enable the connection between the GCenter and the LDAP server.

5.6.32.5.3. The `LDAP server binding settings` area (5)

Note

The displayed area can be expanded to view and change settings using the arrows (6).

This area enables entering the connection information to a remote authentication server.
For a list of parameters and implementation, see the Configuring the connection between the GCenter and the LDAP server.

5.6.32.5.4. The `LDAP users and groups mapping` area (7)

Note

The displayed area can be expanded to view and change settings using the arrows (6).

This area enables specifying the mapping of users and groups between the GCenter and the remote authentication server.
For a list of parameters and implementation, see the Configuring the users and groups defined on LDAP / ActiveDirectory.

5.6.32.5.5. The `LDAP advanced settings` area (9)

Note

The displayed area can be expanded to view and change settings using the arrows (6).

This area enables advanced configuration of the connection to a remote authentication server.
For a list of parameters and implementation, see the Configuring the connection between the GCenter and the LDAP server.

5.6.32.6. The `API Keys` section of the `Accounts` submenu

The `API Keys` screen manages the API access tokens.

../../_images/API_KEYS-01.PNG

Item

Area

Item

1

`Add a new API access token`: area to add a new API access token

2

`Name`: field to enter the name of the new token

3

`Permissions`: field to select the account and therefore the rights of the new token

4

`Expiration date`: field to enter the expiration date of the new token

5

`Add`: button to add the new token

9

`The API Token list`: field to display the list of existing tokens

8

`Name`: field to display the name of the new token

7

`Permission`: field to display the account and hence the rights

6

`Expiration`: field for displaying the expiration date

For the implementation, see the Adding an API access token.

5.6.32.7. The `Password Policy` section of the `Accounts` submenu

The `Password Policy` screen displays 2 types of settings:

  • General settings

  • Specific password settings

5.6.32.7.1. General settings

If the `GENERAL` button (1) is selected, the following screen is displayed:

../../_images/POLICY-01.PNG

Item

Setting

Default Value

Default Value

5

Records the hashes of previous passwords

disabled

5 if enabled

6

Validity period

disabled

90 days if enabled

The validity period starts when the password is created, not when the functionality is enabled.

5.6.32.7.2. Password settings

If the `PASSWORD` button (2) is selected, the following screen is displayed:

../../_images/POLICY-02.PNG

Item

Setting

Default value

7

At least one upper case letter

enabled

8

At least one digit (0 to 9)

enabled

9

Minimum password length

12 characters

10

At least one lower case letter

enabled

11

At least one symbol (i.e. neither a number nor a letter)

enabled

For the implementation, see the Managing the password policy.