The Sectona platform administrator is responsible for setting up details of all the users who are permitted to assign product users. EPM users are given access according to their user role. Each user can be a member of one or more user groups. Groups define the ownership of accounts that the user is permitted to access.
The system can integrate with your corporate LDAP infrastructure like Microsoft Active Directory. LDAP groups can be mapped to Sectona discovery groups and thereby assigned permission on the system.
A user is set up in a system as a Person Data object and can subsequently be associated with other objects. All actions in the system are recorded against a unique user identity for audit purposes. It is strongly recommended to consider adding an extra layer of authentication with multi-factor authentication.
This chapter covers details about how to onboard users in the system. Sectona provides several enrollment methods to add users to the system. Users can be manually added automatically via directory sync or bulk import.
Adding a new user manually
The Sectona platform administrator can set up new users and assign them to groups. For this purpose, go to
Platform Configuration → User Management → Users → Add new user details:
Authentication type: Select one of the following types:
Sectona Authentication for enabling authentication within the application.
Directory Authentication for validating user access via Active Directory.
A user authentication system called Sectona Authentication is included. However, if your organization already uses an authentication service that incorporates Microsoft Active Directory, it is best practice to integrate the application with this service. Using one service prevents having to manage two sets of user information.
Directory store: If you have selected Directory authentication as an authentication type, choose a system-configured directory. For configuring a new directory store in the system, refer to Configuring directory service authentication.
Username: Provide a unique username in the application. If you add a directory user, you can validate the user details or skip to the user role as other details are synced from Active Directory.
Password: Provide a valid password for the user. You can set up password control in the section Authentication Providers by selecting Sectona MFA.
First Name: Provide the user's first Name (applicable for Sectona Authentication).
Last Name: Provide the user's last name (which is applicable for Sectona Authentication).
Mobile No: Provide the user's mobile no. (applicable for Sectona Authentication).
Email ID: Provide the user's email ID (which is applicable for Sectona Authentication).
- Tags: Add relevant tags to this user. Refer to Tags for more information about adding context with tags.
- User Logon policy: Under the policies tab, select user logon policy and configure policy parameters like access duration, session recordings, collaboration policy, multi-factor policy, etc.
- User Role: Under the policies tab, with this option you can select a user role configured in User Role Management.
- Company: Under the policies tab, provider user's company information (applicable for Sectona Authentication).
Department: Under the policies tab, provide the user's department (applicable for Sectona Authentication).
- Manager: Provide the user's manager details.
Devoid Security: If you tick the checkbox, the created user will always be allowed to log in without getting Locked or Dormant.
- Expiry: You can set an expiry date for the user account.
Status: By default, all users are provisioned with Active Status. You can disable the user here anytime.
Once you have completed adding a User to the Sectona Platform, you can add this User within the EPM product. Click on Manage → Manage User from the sidebar, User Management → + Add User → Select the name of the User from the drop down menu. Add the policy and activate the user from the slider.
Sync active directory user groups
IT environments with a Microsoft Active Directory domain/LDAP directory can import users with directory synchronization. This enables easy to sync with Active Directory security groups containing user information with a specific user group on the platform. User information for imported users is updated regularly to reflect the latest user status and information. Before executing this step, you must have configured Active Directory with the platform. Read more about configuring in Adding new LDAP/LDAPs directory.
To perform this step, go to Manage → Access Entitlement → Add new User groups and follow-below mentioned steps:
Group name: Provide a valid user group name
Group description: Add any additional group information
Method: Active Directory Group
Directory store: Select the directory store name preconfigured in the system
User Groups: Browse and Select User Groups fetched from the directory selected above.
Exclude Users: If you want to exclude any user from the sync process, mention the names, and they will not be onboarded with the platform.
Activate this setting to start your sync process.
User synced with active directory groups is added with default 'User Role.'
This sync process requires system services to be activated: UserManagementService
Update user attributes
You can click on the respective username to edit/change details. After selecting the user, a form appears in which you can specify the modifications. Click on the Update button, and the changes made in the form will be updated.