Login Accounts
The Administration > Login Accounts page is used to manage the various login accounts which are permitted access to the system.
-
The first login account available in every system is the account which was configured in the Setup Wizard during the installation process. This account is given the "Administrator" role.
-
Credentials can be stored in a local database for each login account or a login can be linked to an external Microsoft Active Directory domain user account if an external Login Provider has been configured
- If a login is linked to an external domain account then it will be listed in the Linked Domain Account column and any credentials previously stored in the local database will be treated as invalid
Add or Edit Login
Login accounts can be created and modified using the Administration > Login Accounts page.
- Each login must have a unique Username
- Logins require a strong Password containing at least one uppercase letter, one lower case letter, one number, and one special character
- Each login must be assigned a Role
Configure External Login Provider
To reduce the number of logins that must be maintained by system administrators, it is possible to link each login to an account within a local Microsoft Active Directory server.
To configure an external login provider, browse to the Administration > Login Provider page and then choose to Enable Sign In with Domain Account.
- If an external login provider is configured, an additional option will be available for every account to Sign In with Domain Account
- Enable Sign In with Domain Account cannot be disabled when there are login accounts configured to use domain authentication
- The Administration > Login Accounts page cannot be used to modify information stored in an external directory
- Deleting a login has no effect on the Linked Domain Account in its external login provider
Roles
Every Login Account has one of three roles: Administrator, Manager, or User. This role determines what pages and features a Login Account has access to.
The following table summarizes the pages and functionality each Role has access to:
| Page / Functionality | Administrator | Manager | User |
|---|---|---|---|
| Workflows | Yes | Yes | Yes |
| Workflow History | Yes | Yes | Yes |
| Adapters | Yes | Yes | Yes |
| Triggers | Yes | Yes | Yes |
| Adapter Types | Yes | Yes | Yes |
| Export Configuration | Yes | Yes | Yes |
| Import Configuration | Yes | Yes | Yes |
| About | Yes | Yes | Yes |
| About > Upgrade | Yes | No | No |
| Login Accounts | Yes | No | No |
| Login Provider | Yes | No | No |
| Logging Events | Yes | Yes | Yes |
| Logging Packages | Yes | Yes | Yes |
| Client Access | Yes | No | No |
| Trusted CA | Yes | Yes | Yes |
| Workflow Admin | Yes | Yes | Yes |
| License | Yes | Yes | Yes |
| License > Import | Yes | No | No |
| Services | Yes | Yes | Yes |
| Backup and Restore | Yes | Yes | No |
Reset Lost UIP Login Account Password
If for any reason the password(s) of all UIP administrator logins are unknown, there is a password reset utility which can be used to regain access to UIP. To access the utility you must have root/sudo access to the UIP host machine.
The password reset utility can only reset passwords that are stored in UIP's Identity Server. It cannot reset the password of a login which is linked to an external domain account.
-
Connect a terminal to the UIP host machine and login using an account with root or sudo access.
-
Execute into a bash shell in the NEC Identity Server container.
sudo docker exec -it $(sudo docker ps --filter name=nap-apps_identity_server -q) /bin/bash
-
Run the List-Users command to list Login Accounts. The list is restricted to logins which are not linked to a domain account.
dotnet Host.dll list-users
-
To reset a password, run the Reset-Password command.
dotnet Host.dll reset-password <username> <password>