Panel | ||||
---|---|---|---|---|
|
...
Account Type | Login Method | ||
---|---|---|---|
Local User Account | Local user accounts, by default, are designated with the Standard login method.
| ||
LDAP-Provisioned User Account | Any user provisioned through LDAP synchronization will be designated, by default, with the login method(s) configured in the LDAP Settings. | ||
Single Sign-On-Provisioned User Account | Any user provisioned through SAML Single Sign-On will be designated, by default, with the Single Sign-On login method only. |
...
For additional details on login method enforcement, see Single Sign-On Troubleshooting.
Anchor | ||||
---|---|---|---|---|
|
...
To change your password at any time after you have logged in:
Step 1 | On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click Change Password. The Change Password dialog pops up. |
Step 3 | Enter your Current Password and a New Password, and reenter your new password in Confirm New Password. |
Step 4 | Click the Change Password button. |
Note | ||
---|---|---|
| ||
If any Password Settings have been defined for user passwords, the hint for the New Password and Confirm New Password fields, as well as the information icon pop-up for either field, will display those settings. For example: |
...
Note | ||
---|---|---|
| ||
Password expiration is not applicable to users that log in using LDAP authentication. |
If the Password Expiration Enabled field in Password Settings has been enabled, and you reach the maximum number of days that a user password can remain unchanged, as specified by the Password Expiration in Days field in Password Settings, the following dialog displays when you enter your password on the Standard Login page:
...
Note | ||
---|---|---|
| ||
Below the Change Password button, the Change Password dialog will displays any characteristics and restrictions defined in Password Settings. For example: |
You must enter a new password, one that is different than your currently expired password. (To maintain a high level of security, you should never use a password that you have used before.)
...
For information on Single Sign-On Login method and the Single Sign-On Login URL, see Single Sign-On Login on the Single Sign-On Settings page.
Standard/Authenticator App (TOTP)
...
During the initial login, an enrollment page will be presented to the user assuming they authenticated successfully using their username and password:
You can switch to setup manually by clicking the Click to setup manually button:
Next, the user will be prompted to enter their Time-based one-time password (TOTP) to login to the controller:
After the initial enrollment, you will only have to enter the Time-based one-time password (TOTP) after authenticated successfully using your username and password.
Note |
---|
The Issuer, which the authenticator app uses for identifying the account in the app, will appear as [System Identifier@]uc.stonebranch.com. |
Note |
---|
If you are using Network Time Protocol (NTP), ensure the local time of the server where the Universal Controller is installed is synchronized with the time of the NTP server. |
Once a user has successfully logged into the application using their Authenticator App two-factor authentication, a TOTP code will not be required to restore an expired session from the Session Expired login prompt.
User Lockout
If the Lock Account After Maximum Login Attempts field in Password Settings has been enabled, and you reach the maximum number of successive login attempts that is allowed, as specified by the Maximum Failed Login Attempts field in Password Settings, your user account in Universal Controller will be locked.
(Whenever Lock Account After Maximum Login Attempts is reset from enabled to disabled, the current number of login attempts for all users is reset to 0.)
...
To unlock a locked account, your Controller system administrator must uncheck the Locked out field ion the User Details for that user account.
Anchor | ||||
---|---|---|---|---|
|
...
- The system level default for web browser access, specified by the System Default Web Browser Access Universal Controller system property, has been set to No, and the Web Browser access field in the User Details for your user account is set to -- System Default --."
- The Web Browser access field is set to No, which overrides the System Default Web Browser Access value (Yes or No).
...
If you log in to the Controller and your Controller license is about to expire within one week, the following informational message displays in the Console:
Panel |
---|
Universal Controller license for node <node_id> will expire in N days. Please contact Stonebranch customer support to avoid service interruption. |
If you log in to the Controller and your Controller license already has expired, the following error message displays in the Console:
Panel |
---|
Universal Controller license for node <node_id> has expired and the Controller has been suspended. Licensed Number of Days: N Actual Number of Days: N Please contact Stonebranch customer support to restore services. |
In each case, the Console will remain open until you manually close it.
Additionally, if you have configured the Controller for System Notifications, system notifications are sent when the Controller license will expire in seven days and if the license already has expired.
...
Anchor | ||||
---|---|---|---|---|
|
Login Disclaimer
The Login Disclaimer Universal Controller system property lets you define multi-lines of free-form text that will display at the bottom of the Universal Automation Center Login page when you attempt to login.
...
Anchor | ||||
---|---|---|---|---|
|
Login Notification
The Login Notification Universal Controller system property lets you define a message that displays in the Console when you login to the Controller.
...
Anchor | ||||
---|---|---|---|---|
|
Show Last Login
If the Show Last Login Universal Controller system property = true, the last login time is shown in the console when logging into the user interface. The format of the message is as follows.
...
To log out of your Universal Controller session:
Step 1 | On the User Task Bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click Logout. You are logged out of this session, and the Universal Automation Center Login page displays. |
...
If you attempt to close the browser or navigate away from the user interface before logging out, and the Confirm Exit Universal Controller system property is set to true, the following pop-up dialog displays:
...
For information on SAML Single Logout, see Single Logout in Single Sign-On Settings.
Anchor | ||||
---|---|---|---|---|
|
...
All user login and logout activity, whether via the user interface or a Universal Controller remote interface, is logged and audited (as a single audit type: User Login).
Anchor | ||||
---|---|---|---|---|
|
...
Note | ||
---|---|---|
| ||
The IP Address of the user is not logged or audited for login activity via the Command Line Interface (CLI). |
Anchor | ||||
---|---|---|---|---|
|
...
Note | ||
---|---|---|
| ||
This action requires the ops_admin role or the ops_user_admin role. |
To display a list of currently authenticated user sessions (logged in users):
Step 1 | On the User task bar, click the User Actions drop-down list arrow to display a menu of user actions. |
---|---|
Step 2 | Click User Sessions to display the User Sessions list of currently authenticated user sessions. |
...
Column | Description |
---|---|
User | User Id of the user. (You can click a User Id to display the User Details for that user.) |
Remote Address | Address of the machine from where the user logged in. |
Creation Time | Date and time that the user initially logged in; in other words, when the user session was created. |
Last Accessed Time | Last date and time that the client (browser) sent a request associated with this user session.. |
...
Note | ||
---|---|---|
| ||
If the following error appears in the Console while you are using the User Sessions feature, you may need to manually configure the opswise.mbean.catalina.manager.name Universal Controller start-up property: |
...
The Controller will auto-generate the email Subject in the following format:
Message from system_identifier Universal Controller Administrator (user_id@cluster_node_id)
The Reply-To address for the email will be the email address of the sender.
An administrator must ensure that an Email Connection exists with the Use for System Notifications option enabled. The Email Address specified in the Email Connection Details will appear as the From email address.
...
Note | ||
---|---|---|
| ||
This action requires the ops_admin role or the ops_user_admin role. |
To expire (log out) one or more currently authenticated user sessions (logged in users):
Step 1 | Click User Sessions in the User Actions drop-down list on the User Task Bar. The User Sessions list then displays a list of currently authenticated user sessions. |
---|---|
Step 2 | Select one or more users on the list and right-click any of the selected users. The User Sessions actions menu displays: |
Step 3 | Click Expire Session to expire the user sessions of the selected users. A confirmation pop-up then displays. |
Step 4 | Click OK to confirm that you want to expire the selected user sessions. |
...