...

Login Methods

Universal Controller provides a Login Method option at the user account level that allows you to select the following login methods:

• Standard
• Single Sign-On
• Both Standard and Single Sign-On

The default login method for a user depends on the user account type.

...

Account Type

...

Login Method

...

Local User Account

Local user accounts, by default, are designated with the Standard login method.
 
Any user account created prior to Universal Controller 6.4.6.0 is, by default, designated with the Standard login method; for example, after applying maintenance, or after importing users from an earlier release.
 
Any attempt by a user to use the Standard login for an account that is not designated to use Standard login method will receive the following error:
 

Username and/or password invalid.

...

LDAP-Provisioned User Account

...

Any user provisioned through LDAP synchronization will be designated, by default, with the login method(s) configured in the LDAP Settings.
 
The designation of the login method only applies at user creation time.

...

Single Sign-On-Provisioned User Account

...

Any user provisioned through SAML Single Sign-On will be designated, by default, with the Single Sign-On login method only.
 
The designation of the login method only applies at user creation time.
 

For additional details on login method enforcement, see Single Sign-On Troubleshooting.

...

Standard Login

The Universal Automation Center Login page displays automatically when you bring up the Universal Controller system and browse to its URL.

The Standard login URL is:

http(s)://<server:port>/uc/login.jsp (or simply, http(s)://<server:port>/uc/).

All Local account and AD/LDAP-authenticated accounts authenticate through this standard login URL.
 

Image Removed
 

...

User Name

...

The default login User name is ops.admin.

...

Password

...

For your initial login to the Controller, no password is required; the Controller prompts you to create a password.

...

Changing Your Password

To change your password at any time after you have logged in:
 

...

Step 1

...

...

Step  2

...

...

Step 3

...

Enter your Current Password and a New Password, and reenter your new password in Confirm New Password.

...

Step 4

...

Click the Change Password button.

Password Expiration

If the Password Expiration Enabled field in Password Settings has been enabled, and you reach the maximum number of days that a user password can remain unchanged, as specified by the Password Expiration in Days field in Password Settings, the following dialog displays when you enter your password on the Standard Login page:
 

Image Removed
 

You must enter a new password, one that is different than your currently expired password. (To maintain a high level of security, you should never use a password that you have used before.)

1. In Current Password, enter your password that has just expired.
2. In New Password and Confirm New Password, enter a new, previously unused password.
3. Click Change Password.

If you try to enter your currently expired password as your new password, the following error message displays on the Password Expired dialog:

Your new password cannot be the same as your current password.

...

Single Sign-On Login

...

Login Methods

Universal Controller provides a Login Method option at the user account level that allows you to select the following login methods:

• Standard
• Single Sign-On
• Standard/Authenticator App (TOTP)
• Both Standard or Standard/Authenticator App (TOTP) and Single Sign-On

The default login method for a user depends on the user account type.

Username and/or password invalid.

For additional details on login method enforcement, see Single Sign-On Troubleshooting.

Standard Login

The Universal Automation Center Login page displays automatically when you bring up the Universal Controller system and browse to its URL.

The Standard login URL is:

http(s)://<server:port>/uc/login.jsp (or simply, http(s)://<server:port>/uc/).

All Local account and AD/LDAP-authenticated accounts authenticate through this standard login URL.
 

Image Added
 

Changing Your Password

To change your password at any time after you have logged in:
 

Password Expiration

If the Password Expiration Enabled field in Password Settings has been enabled, and you reach the maximum number of days that a user password can remain unchanged, as specified by the Password Expiration in Days field in Password Settings, the following dialog displays when you enter your password on the 206373613 page:
 

Image Added
 

You must enter a new password, one that is different than your currently expired password. (To maintain a high level of security, you should never use a password that you have used before.)

1. In Current Password, enter your password that has just expired.
2. In New Password and Confirm New Password, enter a new, previously unused password.
3. Click Change Password.

If you try to enter your currently expired password as your new password, the following error message displays on the Password Expired dialog:

Your new password cannot be the same as your current password.

Single Sign-On Login

For information on Single Sign-On Login method and the Single Sign-On Login URL, see Single Sign-On Login on the Single Sign-On Settings page.

Standard/Authenticator App (TOTP)

Universal Controller supports the use of an Authenticator App for standard login accounts.

A user configured for Standard / Authenticator App (TOTP) as their Login Method must setup their Universal Controller account in their authenticator app during their initial login.

During the initial login, an enrollment page will be presented to the user assuming they authenticated successfully using their username and password:

Image Added

You can switch to setup manually by clicking the Click to setup manually button:

Image Added

Next, the user will be prompted to enter their Time-based one-time password (TOTP) to login to the controller: 

Image Added

After the initial login, you will only have to enter the Time-based one-time password (TOTP) after authenticated successfully using your username and password.

A user configured for Standard / Authenticator App (TOTP) will not be required to enter a TOTP code when restoring an expired session from within the application.

User Lockout

If the Lock Account After Maximum Login Attempts field in Password Settings has been enabled, and you reach the maximum number of successive login attempts that is allowed, as specified by the Maximum Failed Login Attempts field in Password Settings, your user account in Universal Controller will be locked.

(Whenever Lock Account After Maximum Login Attempts is reset from enabled to disabled, the current number of login attempts for all users is reset to 0.)

...

To unlock a locked account, your Controller system administrator must uncheck the Locked out field ion the User Details for that user account.

...

1. The system level default for web browser access, specified by the System Default Web Browser Access Universal Controller system property, has been set to No, and the Web Browser access field in the User Details for your user account is set to -- System Default --."
2. The Web Browser access field is set to No, which overrides the System Default Web Browser Access value (Yes or No).

...

If you log in to the Controller and your Controller license is about to expire within one week, the following informational message displays in the Console:

Universal Controller license for node <node_id> will expire in N days. 
 
Please contact Stonebranch customer support to avoid service interruption.

If you log in to the Controller and your Controller license already has expired, the following error message displays in the Console:

Universal Controller license for node <node_id> has expired and the Controller has been suspended.
 
Licensed Number of Days: N
Actual Number of Days: N 
 
Please contact Stonebranch customer support to restore services.

In each case, the Console will remain open until you manually close it.
 

Additionally, if you have configured the Controller for System Notifications, system notifications are sent when the Controller license will expire in seven days and if the license already has expired.
 

...

Login Disclaimer

The Login Disclaimer Universal Controller system property lets you define multi-lines of free-form text that will display at the bottom of the Universal Automation Center Login page when you attempt to login.

...

Login Notification

The Login Notification Universal Controller system property lets you define a message that displays in the Console when you login to the Controller.

...

Show Last Login

If the Show Last Login Universal Controller system property = true, the last login time is shown in the console when logging into the user interface. The format of the message is as follows.

...

To log out of your Universal Controller session:

...

If you attempt to close the browser or navigate away from the user interface before logging out, and the Confirm Exit Universal Controller system property is set to true, the following pop-up dialog displays:
 

...

For information on SAML Single Logout, see Single Logout in Single Sign-On Settings.

...

All user login and logout activity, whether via the user interface or a Universal Controller remote interface, is logged and audited (as a single audit type: User Login).

...

...

To display a list of currently authenticated user sessions (logged in users):

...

...

From the Users Sessions list, you also can:

• Send an Email to one or more (or all) logged in users.
• Expire the user session of one or more users.
   

...

From the User Sessions list, you can send an Email to:

• All users on the list.
• One or more users on the list.

The Controller will auto-generate the email Subject in the following format:

Message from system_identifier Universal Controller Administrator (user_id@cluster_node_id)

The Reply-To address for the email will be the email address of the sender.

An administrator must ensure that an Email Connection exists with the Use for System Notifications option enabled. The Email Address specified in the Email Connection Details will appear as the From email address.
 

...

...

To expire (log out) one or more currently authenticated user sessions (logged in users):

...