The Users page can be found in the administration menu under Security. The user's page lists all the users in Continua and provides the functionality for managing all users.
When using LDAP or Mixed authentication mode, a link icon is used to denote users which are linked to a Windows user account.
Windows Users vs Standard Login Users
WIthin Continua, there are two types of users:
- Windows users. All windows users do not need to login to Continua CI as their Windows credentials and authentication are automatically passed in. Windows users are only available when Continua authentication mode is configured to either LDAP or Mixed modes. All windows users are denoted in the users list by a blue chain icon.
- Standard login users. These users are created completely within Continua and require the user logs in to Continua with their own unique username and password. Standard login users are only available when Continua's authentication mode is configured to either Forms or Mixed modes.
Creating a Windows user in LDAP or Mixed authentication modes
There are two ways that Windows users can be created within Continua CI. During installation, an admin group was specified that linked to an associated Active Directory administration group. This is designed so that any user within this Active Directory administration group attempts to login to Continua, they will automatically be created as a user with administration privileges.
If a user is not present in the Active Directory administration group mentioned above, they will need to be created as a Continua user before they can access Continua's environment. When creating a Windows user, the matching Ldap username must be selected.
Continua synchronises its user and group lists with Active Directory every 30 minutes so if a change has been made to Active Directory and it isn't being reflected within Continua, you can use the Synchronise LDAP functionality to force Continua to update its LDAP lists.
Creating a standard login user
Apart from the initial administrator and guest user, every standard login user must be explicitly created by a Continua administrator.
Guest User Account
A special Guest user account is created within Continua which allows administrators to control the level of access for users that do not have login credentials for Continua. By default, the guest account has no permissions and cannot do anything within the Continua environment however this can be changed so that non-logged in users can access everything, nothing, or somewhere in between.
This guest account cannot be deleted, however it can be disabled. By disabling the guest account, no user will be able to access Continua without a login.
Disabling User Accounts
User accounts can be disabled to deny a particular user access to Continua. If a user account is disabled, they will not be able to login to Continua as that user. However, if the guest account is active, they will still be able to access the Continua environment as a guest user (including all permissions that belong to the guest account). If the guest account has been disabled then a disabled user will be completely locked out of the Continua environment.
Creating a User
Clicking the "Create" link will pop up a dialog with all the input fields needed to create a new user.
The fields displayed will depend on the current authentication mode. In LDAP or Mixed mode, the 'Ldap username' selection box is available which will allow you to link the user to an existing Windows user. If an Ldap username is selected, the Username and a Password fields are removed.
All displayed fields are required except for the Xmpp Id. You can also optionally choose to add the user to a group by selecting the group or groups from the "Member Of" section. NOTE: you cannot add a user to a group which is linked to an LDAP group here. Membership of LDAP groups can be managed via Windows Administration tools.
The list of available Ldap users and their group membership is automatically synchronised with Windows every 30 minutes. This process can be triggered immediately by clicking on the 'Synchronise LDAP' link.
Editing a User
Clicking the "Edit" link at the end of each row will pop up a dialog with all the input fields needed to edit the selected user.
Clicking the "Delete" link at the end of each row will pop up a confirmation prompt. Click 'Yes' to delete the user.