Introduction

User management is performed from JS7 - Identity Services within the scope of JS7 - Identity and Access Management.

• The Identity Service Type determines if user accounts are managed from JOC Cockpit or from the Identity Provider, for example from an LDAP Server.
  • The JS7 - JOC Identity Service provides management of user accounts.
  • The JS7 - HashiCorp® Vault Identity Service provides management of user accounts if the VAULT-JOC-ACTIVE Identity Service Type is used.
• Operations for managing user accounts include:
  • add a user account by assigning a name, password and roles,
  • modify a user account by modifying the name, password or role assignments,
  • delete a user account,
  • enable/disable a user account,
  • force password change for the next login of the user account,
  • reset password for the user account.
    • An initial password is applied that can be configured from JS7 - Identity Services, chapter: Global Settings.
    • The default value for the initial password is: initial
  • assign roles to the user account.
• Bulk operations are available for applying changes to a number of user accounts.

Navigation

The manage user accounts function is available from Identity Services that offer this option.

The Manage Identity Services page holds the list of the available Identity Services. By default the list is populated from the JS7 - JOC Identity Service. Users can add new Identity Services. From this page users can select an Identity Service to manage user accounts associated with the Identity Service.

To select the JOC Identity Service users click the name JOC. This brings up the following sub-view for managing accounts when selecting the Accounts sub-view:

Operations

Add User Account

• The required sequence of tasks is to first create roles that are assigned permissions and then to add user accounts, as described in the JS7 - Manage Roles and Permissions article.
• Using the Add Account button brings forward the following popup window:
  
  

• The name of the user account has to be added.
• A password can be specified and has to be repeated.
  • If a password is specified then it's hashed value is stored in the JS7 - Database.
  • If no password is specified then the initial password is applied:
    • The initial password can be configured from JS7 - Identity Services, chapter: Global Settings.
    • The default value for the initial password is: initial

Modify User Account

The operation to modify a user account is available from the account's action menu like this:

Choosing the Edit action menu item causes the following popup window to open:

Explanation:

• The popup window allows modification of the account name, password, role assignment etc.
• For the handling of passwords see Add User Account.
• Checkboxes to Force Password Change and to Disable the user account correspond the operations explained below.

Delete User Account

The delete a user account operation is available from the account's action menu like this:

Enable/Disable User Account

The disable a user account operation is available from the account's action menu like this:

Explanation:

• A disabled user account cannot be used for login.

If a user account is disabled then its action menu provides the option of enabling the account like this:

Force Password Change

The operation to force a user account to change its password with the next login is available from the account's action menu like this:

Reset Password

The operation to reset a user account's password is available from the account's action menu like this:

Explanation:

• The user account's password is reset to the initial password.
• The initial password can be configured from JS7 - Identity Services, chapter: Global Settings. The default value for the initial password is: initial
• On their next login the user has to change the password. The initial password cannot be used as the new password during password change.

Assign Roles

The operation to assign roles to a user account is available from the account's Edit action menu item, see Modify User Account:

Explanation:

• A user account can be assigned any number of available roles.

Bulk Operations

Bulk operations act on a number of user accounts.

• Such operations become available when selecting one or more user accounts by use of the checkboxes left to the user account's action menu.
• Checking the checkbox left to the header column Action selects all user accounts displayed.
  
  

Explanation:

• With one or more user accounts being selected a number of buttons becomes available that suggest bulk operations to
  • Reset Password
  • Force Password Change
  • Enable Disable User Account
    • The bulk operation is available based on the selection of user accounts:
      • If any selected user accounts are enabled then the Disable bulk operation is available.
      • If any selected user accounts are disabled then the Enable bulk operation is available.
      • If selected user accounts are partly enabled and partly disabled then no bulk operation is available.
  • Delete User Account