User Information

Field

Description

User ID

The unique identification of a user.

Name

A concatenation of First Name and Last Name.

Home Organization Codes

The values entered for Home Organization codes are used during security authorization to authorize the user’s access to secured resources. Leaving an organization field blank implies that the user has access to all organizational values at that level.

Note: These organizational fields are not validated against the organization tables in the system. This means that it is possible for incorrect codes or incorrect combinations of codes to be entered. Special care should be taken when setting up these values.

Infer Home Department and Unit

In the event that a user has access to only a single Department or Department/Unit so that the creation of transactions should always default the Home Department and any Home Unit, this indication is the first configuration point to make that happen. The second location is Transaction Control (DCTRL). Users that access multiple Departments or multiple Units within a Department can use this feature to default a value or values, however, they will have to remember to override before or after defaulting for cases with the ‘home’ values are not desired.

When set to true, the system will infer a user's Home Department and any Home Unit defined through security configuration while creating a transaction. This can occur in a number of places: Transaction Catalog, Copy Transaction, Copy Forward Transaction, and a collection of locations with a specialized action to create a transaction based on the selected data. Of this last type of location, there are some with specialized logic that do not use this feature as there is different logic to determine a Department and Unit (for example, Matching Status). Furthermore, if a user creates a transaction through batch processing or spreadsheet upload, then the inference will not happen even if the indication is true.

Override Errors

The Override Error level assigned to a user for overriding errors. Configuration on Security Role and Access Control interact with this setting. Please see those two locations for complete override information.

Bad Logins Count

A system-maintained number of bad logins for the user since their last successful login.

Bad Password Reset Count

A system-maintained number of bad password resets for the user since their last successful reset.

Locked Out

This field represents the state of the user account with the following values:

• Active: User can login into the system.

• Locked: When the number of failed login attempts exceeds the value of Lockout Count Due To Bad Logins on the Security Configuration page, then the system locks out the user by setting the field to Locked. If the difference between the Current System Date and the Last Login Date is greater than the Security Configuration of Account Active Days, then the system locks out the user. Once set to Locked, the user cannot login into the system. A Locked user can access the Password Reset functionality (if enabled on the system) and try answering the Password Hint Questions in order to reset the password. If the number of failed attempts on providing correct answers to the Password Hint Questions during the Password Reset process exceeds the Lockout Count Due to Bad Password Resets on Security Configuration, then the system locks out the user and does not allow further attempts on answering the password hint questions.

• Disabled: When the Disable action is taken on a user record, the record is set to Disabled. A disabled user cannot login to the system or attempt a password reset.

The Locked value can be set automatically by Advantage in one of two situations:

• If the difference between the Current System Date and the Last Login Date is greater than the value in the Idle Account Active Days field on the Security Configuration (SCCNFG) page, then the Locked Out field is set to Locked by the Lock Idle User process.

• When the number of failed login attempts exceeds the value of the Lockout Count Due To Bad Logins field set on the SCCNFG page, then the system sets the Locked Out field to Locked.

Logging

When selected, the system creates a new application user from an existing LDAP user entry. When selected, the system will also log all of the user activity for the user into the security logs.

Alert Email Notification

When selected and if the user is the recipient of an Alert or Broadcast message, then the email address is used to deliver the message. When selected, the Email field is required.

Alert SMS Notification

When selected and if the user is the recipient of an Alert or Broadcast message, then the phone number is used to deliver the message. When selected, the Phone field is required.

Last Login Date

The date of the last successful login by a user as recorded by the system upon login. This date is used to edit for inactivity for the defined period of time before locking out a user.

Disable User Business Card

Select this to disable the User Business Card functionality for the user. This is useful for service accounts or when you want to protect users’ identity and contact information, such as users in public safety.

Last Password Change Date

The date of the last successful password change as recorded by the system. This date is used to compute password ages to enable prompts to reset and ultimately locking out a user if not changed.

Password

The current password for a user, which is encrypted and not displayed online.

Confirm Password

Not required unless changing a password.

Email Password

User's password for the email account specified in the Email Address Field.

Confirm Email Password

User's password for the email account specified in the Email Address Field.

Expire New Password

When selected, the new password set/reset by the administrator will expire after the user logs in for the first time. The user will have to change the password to one of their choosing before accessing the system further.

User Security Realm

This field is for protecting Web Logic resources. Each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. A user must be defined in a security realm in order to access any Web Logic resources belonging to that realm.

Applications

This section indicates what section of CGI Advantage that a user can access.

External Directory Information

The External Directory Information field uniquely identifies the user in the external user directory / repository that the application delegates the authentication function to. For example, if the external user repository is the LDAP compliant Microsoft Active Directory, then the user's record's values for attributes like ‘SamAccountName’ or ‘UserPrincipalName’ uniquely identify the user within the designated security realm and may be used. Note that the attribute used for the security realm is specified in the security configuration for the application (csf.properties).

Reporting User Information

This field captures the Reporting Application User ID used by the Advantage application to integrate reports and inquire reporting data from the Reporting application. If the Reporting User ID is blank, then the Reporting application will use the logged in Advantage User ID for Row Level Security.

For Advantage Insight Reporting, Reporting User ID is optional and can be kept blank, the logged in Advantage User ID is passed to Insight for Row Level Security.

Disable Dual Factor Authentication

This flag controls the Dual Factor Authentication (DFA) status for the user. When this check box is selected (set to true), DFA is disabled for the user; otherwise, DFA remains enabled.

Registered Email

A display of the registered email address for the user. A token is sent to this email address when the dual-factor authentication feature is enabled and the Token Preference is set to Email. If this field is left blank, then the value provided in the Email Address field on the User tab is inferred when saving.

Registered Phone

 A display of the registered phone number of the user. A token is sent to this phone number via SMS when the dual-factor authentication feature is enabled and the Token Preference is set to SMS. If this field is left blank, then the value provided in the Phone Number field on the User tab is inferred when saving. Please ensure that the number entered can receive the token via SMS.