People need to be identified (authenticated) before they can be authorised to use all the different modules in Ambience. If you already have an authentication system, such as an SSO, LDAP or Active Directory, then it is possible to use that as the authentication mechanism. However if you do not have a mechanism, or want to keep Ambience separate, an identities module is provided which handles the authentication part of the login process. This identities system is built upon OAuth2, which is what makes it possible to plug in alternate authentication providers.
The Identities module provides a simple mechanism for authentication (determining who is logging in). The Users module provides the corresponding mechanism for authorisation (determining what each authenticated user can access).
The Identities module provides a simple interface to manage user identities. Once the user identity has been created, it can be assigned roles and privileges through the Users module. The Identities module also allows you to enable or disable, edit details and reset the password of a user, as well as resetting their Two Factor Authentication (2FA).
You can arrange/sort the list of users in ascending or descending order by clicking on the desired field. By default, the list is sorted by the “Name” field in ascending order.
After performing actions on the browser/tab, the list is reloaded to display the list of users. The manual “Refresh” button is available and is particularly useful if there are others making changes on the same page.
The “Refresh” button is found on the upper right corner of the page. Clicking on it reloads the list of users.
To add a user, click on the “Add” button on the upper right corner of the page.
In the “Add” panel, enter the name and email of the user to be created. Ensure that the “Enabled” box is checked to enable the user. The enabled user is indicated with a green tick, while a disabled user is indicated with a red cross in the “Enabled” column in the main page.
Click on the “Save” button on the upper right corner of the page. Clicking on the “Cancel” aborts the action.
If an email server has been set up, an email will be sent to the user with a password.
In the event where the new user to be added conflicts with the existing user in the list, an error message will appear and the action will be aborted.
Instead of adding users one at a time, you can upload a list of users using a file. To do so, click on the “Upload” button on the upper right corner of the page. The Upload Identities dialog box appears to prompt you to browse for a JSON file. After selecting the file, click on the “OK” button to upload the file. Click on the “Cancel” button to abort the action.
Upon successfully uploading, a notification will appear for about 5 seconds.
During uploading, if there is any conflict (e.g., user already exist), an error message will appear and the action will be aborted.
To edit a user identity, click on the “Edit” icon under the “Actions” column corresponding the desired user.
In the “Edit” panel, you can change the name and/or email of the user or enable/disable a user. Click on the “Save” button to save the changes or click on the “Cancel” button to abort the action.
Note that the name of the user must be unique, is case-sensitive and can be made up of alphanumeric characters and/or special characters (such as dash (-), at sign (@), underscore (_), full stop (.)). Other special characters and symbols are not allowed.
To reset the password of a user, click on the “Reset Password” icon under the “Actions” column corresponding to the desired user.
A notification will appear for about 5 seconds to inform you that the password has been reset. If an email server has been set up, an email will be sent to the user notifying them of the password reset and supplying them with the new password.
Users who have enabled their 2FA are represented as a green tick under the 2FA column and a “Reset 2FA” icon in the Actions column in the Identity Management page. Those with disabled 2FA are represented with a red cross.
To reset or disable 2FA, click on the “Reset 2FA” icon under the “Actions” column corresponding the desired user.
Do note that once 2FA is reset, if the user needs the 2FA, it can be set up again using the User Settings module.
To delete a user, click on the “Delete” icon under the “Actions” column corresponding the desired user.
There is an option to undo the deletion. A notification with an “Undo” button appears right after clicking on the “Delete” icon.
Upon clicking on the “Undo” button, the deleted user is restored and is added back to the list of users. Do note that the notification will disappear after 5 seconds.
There is a cross-field search function for the list of users. It is located at the upper left corner of the page.
This provides an easy way to search through the user list. It is case-insensitive and displays files that have the entered search value in any of the values of the fields below: