Skip Navigation LinksALVAO 10.0ALVAO Asset ManagementSystem Implementation in an OrganizationUser Management Skip Navigation Links. Skip Navigation Links Skip Navigation Links.


User Management

User authentication

Users can sign in ALVAO applications using Integrated Windows Authentication (the account they use to log in to Windows) or using the name and password set in the ALVAO Admin application. For a user to be able to sign in using Integrated Windows Authentication, the user's account must be loaded from Active Directory to the ALVAO Admin application.

LDAP Server and Default Domain

The LDAP server and default domain are used for form authentication for both the console and web applications.

They can be set during installation/upgrade in the Server Setup program or in ALVAO Admin – Manage – Settings on the Active Directory tab.

We recommend keeping the default LDAP address setting "LDAP://" – the system will connect to the root controller for user authentication. If the LDAP path is empty, no login using form authentication will be possible.

The default domain should be the most frequently used domain in your organization. Users from another domain will have to specify their domains when logging in using form authentication.

Console Applications

  • Only users imported from AD can use Integrated Windows Authentication to sign in. Both their login name and their SID are checked for compliance.
  • Logging in using form authentication is also possible.
    • When users from AD are logging in, their data are authenticated on the specified LDAP server.
      • The default domain is added to the entered login name.
      • If you need to sign in under an account from another domain, you can enter your login name as domain\login.
    • For manually created users, the login information is only authenticated in the ALVAO database.

Web Applications

  • Only users imported from AD can use Integrated Windows Authentication to sign in. Their login name is checked for compliance.
  • For form-based authentication there are again two groups of users:
    • For users from AD, the password is only checked against AD.
      • The domain specified in the "Domain" field is always added to the name entered.
    • For manually created users, the login information is only authenticated in the ALVAO database.
Warning:
If there are several users with the same login name in the database, none of them will be able to sign in. This also applies e.g. to users with user name versions with domain (e.g. company.com\mark) and without domain (mark).

Loading Users from Active Directory

We recommend importing users regularly from Active Directory, e.g. with a scheduled server task which will be performed on an hourly basis. You can use the ImportAD utility for this.

Loading your User list for the first time will add all users and groups from the path specified in LDAP. Next time you load your User list, the application will only add new users and groups and update the information about existing users and groups. Users and groups that you delete from Active Directory will not be automatically deleted from the User list. If you load users from the entire Active Directory, your User list will also contain some auxiliary user accounts, such as e.g. IUSR_..., IWAM_... etc. We recommend hiding these auxiliary accounts in the Edit – Hide accounts menu. If you remove these users with the Remove command, they would be created again next time users are loaded from Active Directory.

Loading Users from Active Directory Manually

If you want to load users in a single run, you can go to ALVAO Admin – File – Load – Users from LDAP.... This will open the Load users from LDAP window where you can specify more parameters.

Loading Users from Other Systems

If you do not use Active Directory, you can use the ImportUsersCSV utility to load users from a CSV file.

You can also create users manually in ALVAO Admin by clicking New user in the context menu above the User List.

ALVAO Administrator Permissions

Users to be equipped with Administrator permissions for the entire ALVAO system need to be added to the Administrators system group.

Follow the steps below to add users in ALVAO Admin:

  1. Go to Manage – Groups to display the list of groups.
  2. Select the Administrators group and click on the Edit command in the context menu.
  3. Switch to the General tab and click on the Add people to add users to the group.
Tip:
You can manage permissions directly in the Active Directory (AD) as follows: Create a user group in AD, e.g. "ALVAO Administrators", and add the respective user accounts to this group. Once users have been loaded from AD to ALVAO, this group will also appear in ALVAO Admin where you can insert this group as a member of the "Administrators" system group.
Warning:
The user must restart the Service Desk Console or Asset Management Console after changing the permission for the changes to take effect.

 

Did not find what you were looking for? Ask our technical support team.