Panel | ||||
---|---|---|---|---|
|
...
Login Methods
Universal Controller provides a Login Method option at the user account level that allows you to select the following login methods:
- Standard
- Single Sign-On
- Both Standard and Single Sign-On
The default login method for a user depends on the user account type.
...
Account Type
...
Login Method
...
Local User Account
Local user accounts, by default, are designated with the Standard login method.
Any user account created prior to Universal Controller 6.4.6.0 is, by default, designated with the Standard login method; for example, after applying maintenance, or after importing users from an earlier release.
Any attempt by a user to use the Standard login for an account that is not designated to use Standard login method will receive the following error:
Panel |
---|
Username and/or password invalid. |
...
LDAP-Provisioned User Account
...
Any user provisioned through LDAP synchronization will be designated, by default, with the login method(s) configured in the LDAP Settings.
The designation of the login method only applies at user creation time.
...
Single Sign-On-Provisioned User Account
...
Any user provisioned through SAML Single Sign-On will be designated, by default, with the Single Sign-On login method only.
The designation of the login method only applies at user creation time.
Note | ||
---|---|---|
| ||
The local administrator account, ops.admin, is configured to allow only the Standard login method. Modification of the ops.admin account Login Method is not permitted. |
For additional details on login method enforcement, see Single Sign-On Troubleshooting.
...
Standard Login
The Universal Automation Center Login page displays automatically when you bring up the Universal Controller system and browse to its URL.
The Standard login URL is:
http(s)://<server:port>/uc/login.jsp (or simply, http(s)://<server:port>/uc/).
All Local account and AD/LDAP-authenticated accounts authenticate through this standard login URL.
...
User Name
...
The default login User name is ops.admin.
...
Password
...
For your initial login to the Controller, no password is required; the Controller prompts you to create a password.
...
Changing Your Password
Note | ||
---|---|---|
| ||
Changing your password is not applicable to users that log in using LDAP authentication. |
To change your password at any time after you have logged in:
...
Step 1
...
On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions.
...
Step 2
...
Click Change Password. The Change Password dialog pops up.
...
Step 3
...
Enter your Current Password and a New Password, and reenter your new password in Confirm New Password.
...
Step 4
...
Click the Change Password button.
Note | ||
---|---|---|
| ||
If any Password Settings have been defined for user passwords, the hint for the New Password and Confirm New Password fields, as well as the information icon pop-up for either field, will display those settings. For example: |
Password Expiration
Note | ||
---|---|---|
| ||
Password expiration is not applicable to users that log in using LDAP authentication. |
If the Password Expiration Enabled field in Password Settings has been enabled, and you reach the maximum number of days that a user password can remain unchanged, as specified by the Password Expiration in Days field in Password Settings, the following dialog displays when you enter your password on the Standard Login page:
Note | ||
---|---|---|
| ||
Below the Change Password button, the Change Password dialog will displays any characteristics and restrictions defined in Password Settings. For example: |
You must enter a new password, one that is different than your currently expired password. (To maintain a high level of security, you should never use a password that you have used before.)
- In Current Password, enter your password that has just expired.
- In New Password and Confirm New Password, enter a new, previously unused password.
- Click Change Password.
If you try to enter your currently expired password as your new password, the following error message displays on the Password Expired dialog:
Panel |
---|
Your new password cannot be the same as your current password. |
...
Single Sign-On Login
...
Panel | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Login Methods
Universal Controller provides a Login Method option at the user account level that allows you to select the following login methods:
- Standard
- Single Sign-On
- Standard/Authenticator App (TOTP)
- Both Standard or Standard/Authenticator App (TOTP) and Single Sign-On
The default login method for a user depends on the user account type.
Account Type | Login Method | ||
---|---|---|---|
Local User Account | Local user accounts, by default, are designated with the Standard login method.
| ||
LDAP-Provisioned User Account | Any user provisioned through LDAP synchronization will be designated, by default, with the login method(s) configured in the LDAP Settings. | ||
Single Sign-On-Provisioned User Account | Any user provisioned through SAML Single Sign-On will be designated, by default, with the Single Sign-On login method only. |
Note | ||
---|---|---|
| ||
The local administrator account, ops.admin, is configured to allow only the Standard login method. Modification of the ops.admin account Login Method is not permitted. |
For additional details on login method enforcement, see Single Sign-On Troubleshooting.
Anchor | ||||
---|---|---|---|---|
|
Standard Login
The Universal Automation Center Login page displays automatically when you bring up the Universal Controller system and browse to its URL.
The Standard login URL is:
http(s)://<server:port>/uc/login.jsp (or simply, http(s)://<server:port>/uc/).
All Local account and AD/LDAP-authenticated accounts authenticate through this standard login URL.
User Name | The default login User name is ops.admin. |
---|---|
Password | For your initial login to the Controller, no password is required; the Controller prompts you to create a password. |
Anchor | ||||
---|---|---|---|---|
|
Changing Your Password
Note | ||
---|---|---|
| ||
Changing your password is not applicable to users that log in using LDAP authentication. |
To change your password at any time after you have logged in:
Step 1 | On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click Change Password. The Change Password dialog pops up. |
Step 3 | Enter your Current Password and a New Password, and reenter your new password in Confirm New Password. |
Step 4 | Click the Change Password button. |
Note | ||
---|---|---|
| ||
If any Password Settings have been defined for user passwords, the hint for the New Password and Confirm New Password fields, as well as the information icon pop-up for either field, will display those settings. For example: |
Password Expiration
Note | ||
---|---|---|
| ||
Password expiration is not applicable to users that log in using LDAP authentication. |
If the Password Expiration Enabled field in Password Settings has been enabled, and you reach the maximum number of days that a user password can remain unchanged, as specified by the Password Expiration in Days field in Password Settings, the following dialog displays when you enter your password on the 206373613 page:
Note | ||
---|---|---|
| ||
Below the Change Password button, the Change Password dialog will displays any characteristics and restrictions defined in Password Settings. For example: |
You must enter a new password, one that is different than your currently expired password. (To maintain a high level of security, you should never use a password that you have used before.)
- In Current Password, enter your password that has just expired.
- In New Password and Confirm New Password, enter a new, previously unused password.
- Click Change Password.
If you try to enter your currently expired password as your new password, the following error message displays on the Password Expired dialog:
Panel |
---|
Your new password cannot be the same as your current password. |
Anchor | ||||
---|---|---|---|---|
|
Single Sign-On Login
For information on Single Sign-On Login method and the Single Sign-On Login URL, see Single Sign-On Login on the Single Sign-On Settings page.
Standard/Authenticator App (TOTP)
Universal Controller supports the use of an Authenticator App for standard login accounts.
A user configured for Standard / Authenticator App (TOTP) as their Login Method must setup their Universal Controller account in their authenticator app during their initial login.
During the initial login, an enrollment page will be presented to the user assuming they authenticated successfully using their username and password:
You can switch to setup manually by clicking the Click to setup manually button:
Next, the user will be prompted to enter their Time-based one-time password (TOTP) to login to the controller:
After the initial login, you will only have to enter the Time-based one-time password (TOTP) after authenticated successfully using your username and password.
A user configured for Standard / Authenticator App (TOTP) will not be required to enter a TOTP code when restoring an expired session from within the application.
User Lockout
If the Lock Account After Maximum Login Attempts field in Password Settings has been enabled, and you reach the maximum number of successive login attempts that is allowed, as specified by the Maximum Failed Login Attempts field in Password Settings, your user account in Universal Controller will be locked.
(Whenever Lock Account After Maximum Login Attempts is reset from enabled to disabled, the current number of login attempts for all users is reset to 0.)
...
To unlock a locked account, your Controller system administrator must uncheck the Locked out field ion the User Details for that user account.
Anchor | ||||
---|---|---|---|---|
|
...
- The system level default for web browser access, specified by the System Default Web Browser Access Universal Controller system property, has been set to No, and the Web Browser access field in the User Details for your user account is set to -- System Default --."
- The Web Browser access field is set to No, which overrides the System Default Web Browser Access value (Yes or No).
...
If you log in to the Controller and your Controller license is about to expire within one week, the following informational message displays in the Console:
Panel |
---|
Universal Controller license for node <node_id> will expire in N days. Please contact Stonebranch customer support to avoid service interruption. |
If you log in to the Controller and your Controller license already has expired, the following error message displays in the Console:
Panel |
---|
Universal Controller license for node <node_id> has expired and the Controller has been suspended. Licensed Number of Days: N Actual Number of Days: N Please contact Stonebranch customer support to restore services. |
In each case, the Console will remain open until you manually close it.
Additionally, if you have configured the Controller for System Notifications, system notifications are sent when the Controller license will expire in seven days and if the license already has expired.
...
Anchor | ||||
---|---|---|---|---|
|
Login Disclaimer
The Login Disclaimer Universal Controller system property lets you define multi-lines of free-form text that will display at the bottom of the Universal Automation Center Login page when you attempt to login.
...
Anchor | ||||
---|---|---|---|---|
|
Login Notification
The Login Notification Universal Controller system property lets you define a message that displays in the Console when you login to the Controller.
...
Anchor | ||||
---|---|---|---|---|
|
Show Last Login
If the Show Last Login Universal Controller system property = true, the last login time is shown in the console when logging into the user interface. The format of the message is as follows.
...
To log out of your Universal Controller session:
Step 1 | On the User Task Bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click Logout. You are logged out of this session, and the Universal Automation Center Login page displays. |
Anchor | ||||
---|---|---|---|---|
|
...
If you attempt to close the browser or navigate away from the user interface before logging out, and the Confirm Exit Universal Controller system property is set to true, the following pop-up dialog displays:
...
For information on SAML Single Logout, see Single Logout in Single Sign-On Settings.
Anchor | ||||
---|---|---|---|---|
|
...
All user login and logout activity, whether via the user interface or a Universal Controller remote interface, is logged and audited (as a single audit type: User Login).
Anchor | ||||
---|---|---|---|---|
|
...
Note | ||
---|---|---|
| ||
The IP Address of the user is not logged or audited for login activity via the Command Line Interface (CLI). |
Anchor | ||||
---|---|---|---|---|
|
...
Note | ||
---|---|---|
| ||
This action requires the ops_admin role or the ops_user_admin role. |
To display a list of currently authenticated user sessions (logged in users):
Step 1 | On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click User Sessions to display the User Sessions list of currently authenticated user sessions. |
...
Column | Description |
---|---|
User | User Id of the user. (You can click a User Id to display the User Details for that user.) |
Remote Address | Address of the machine from where the user logged in. |
Creation Time | Date and time that the user initially logged in; in other words, when the user session was created. |
Last Accessed Time | Last date and time that the client (browser) sent a request associated with this user session.. |
...
From the Users Sessions list, you also can:
- Send an Email to one or more (or all) logged in users.
- Expire the user session of one or more users.
Note | ||
---|---|---|
| ||
If the following error appears in the Console while you are using the User Sessions feature, you may need to manually configure the opswise.mbean.catalina.manager.name Universal Controller start-up property: |
...
From the User Sessions list, you can send an Email to:
- All users on the list.
- One or more users on the list.
The Controller will auto-generate the email Subject in the following format:
Message from system_identifier Universal Controller Administrator (user_id@cluster_node_id)
The Reply-To address for the email will be the email address of the sender.
An administrator must ensure that an Email Connection exists with the Use for System Notifications option enabled. The Email Address specified in the Email Connection Details will appear as the From email address.
...
Step 1 | Click the Email All button on the User Sessions 206373613 list. An Email pop-up dialog displays. |
---|---|
Step 2 | Enter a Message and click the Send button. |
...
Note | ||
---|---|---|
| ||
This action requires the ops_admin role or the ops_user_admin role. |
To expire (log out) one or more currently authenticated user sessions (logged in users):
Step 1 | Click User Sessions in the User Actions drop-down list on the User Task Bar. The User Sessions list then displays a list of currently authenticated user sessions. |
---|---|
Step 2 | Select one or more users on the list and right-click any of the selected users. The User Sessions actions menu displays: |
Step 3 | Click Expire Session to expire the user sessions of the selected users. A confirmation pop-up then displays. |
Step 4 | Click OK to confirm that you want to expire the selected user sessions. |
...