The Users page can be found in the administration menu under Security. The user's page lists all the users in Continua and provides the functionality for managing all users.
When using LDAP or Mixed authentication mode, a link icon is used to denote users that are linked to a Windows user account.
Windows Users vs Standard Login Users
WIthin Continua, there are two types of users:
- Windows users. Windows users do not need to login to Continua CI as their Windows credentials and authentication are automatically passed in. Windows users are only available when Continua authentication mode is configured to either LDAP or Mixed modes. All windows users are denoted in the users list by a blue chain icon.
- Standard login users. These users are created completely within Continua and require the user logs in to Continua with their own unique username and password. Standard login users are only available when Continua's authentication mode is configured to either Forms or Mixed modes.
Creating a Windows user in LDAP or Mixed authentication modes
There are two ways that Windows users can be created within Continua CI. During installation, an admin group was specified that linked Continua to an associated Active Directory administration group. This was designed so that when any user within this Active Directory administration group attempts to login to Continua, they will automatically be created as a user with administration privileges.
If a user is not present in the Active Directory administration group mentioned above, they will need to be created as a Continua user before they can access Continua's environment. When creating a Windows user, the matching Ldap Username must be selected.
Continua synchronises its user and group lists with Active Directory every 30 minutes so if a change has been made to Active Directory and it isn't being reflected within Continua, you can use the Synchronise LDAP functionality to force Continua to update its LDAP lists.
Creating a standard login user
Apart from the initial administrator and guest user, every standard login user must be explicitly created by a Continua administrator.
Guest User Account
A special Guest user account is created within Continua which allows administrators to control the level of access of users that do not have login credentials for Continua. By default, the guest account has no permissions and cannot do anything within the Continua environment, however this can be changed so that non-logged in users can access everything, nothing, or somewhere in between.
While the guest account cannot be deleted, it can be disabled. By disabling the guest account, no user will be able to access Continua without a login.
Disabling User Accounts
User accounts can be disabled to deny a particular user access to Continua. If a user account is disabled, they will not be able to login to Continua as that user. However, if the guest account is active, they will still be able to access the Continua environment as a guest user (including all permissions that belong to the guest account). If the guest account has been disabled then a disabled user will be completely locked out of the Continua environment.
Creating a User
(Creating a standard login user)
(Creating a windows user)
The fields displayed will depend on the current authentication mode. In LDAP or Mixed mode, the 'Ldap username' selection box is available which will allow you to link the user to an existing Windows user. If an Ldap username is selected, the Username and a Password fields are removed. If a standard login user is being created, the Ldap Username MUST be set to None.
All displayed fields are required except for the Xmpp Id. You can also optionally choose to add the user to a group by selecting the group or groups from the "Member Of" section. NOTE: you cannot add a user to a group which is linked to an LDAP group here. Membership of LDAP groups can be managed via Windows Administration tools.
The list of available Ldap users and their group membership is automatically synchronised with Windows every 30 minutes. This process can be triggered immediately by clicking on the 'Synchronise LDAP' link.
Editing a User
(editing a standard login user)
(editing a windows user)
The edit options are the same as the options provided when creating a user. The only difference being that the password field is locked. To change a users password, click the edit icon to the right of the password field (which unlocks the password) and specify the new password.
Once a Windows user has been created, the linked Active Directory user cannot be changed.