Skip Navigation LinksALVAO 10.2ALVAO Asset ManagementSystem Implementation in an OrganizationUser Management Skip Navigation Links. Skip Navigation Links Skip Navigation Links.


User Management

User authentication

Users can sign in ALVAO applications using Integrated Windows Authentication (the account they use to log in to Windows) or using the name and password set in Management (WebApp – Management). For a user to be able to sign in using Integrated Windows Authentication, the user's account must be loaded from Active Directory to the application.

LDAP Server and Default Domain

The LDAP server and default domain are used for form authentication for both the console and web applications.

They can be set during installation/upgrade in the Server Setup program or in ALVAO WebApp – Management – Settings – Active Directory.

We recommend keeping the default LDAP address setting "LDAP://" – the system will connect to the root controller for user authentication. If the LDAP path is empty, no login using form authentication will be possible.

The default domain should be the most frequently used domain in your organization. Users from another domain will have to specify their domains when logging in using form authentication.

Console Applications

  • Only users imported from AD can use Integrated Windows Authentication to sign in. Both their login name and their SID are checked for compliance.
  • Logging in using form authentication is also possible.
    • When users from AD are logging in, their data are authenticated on the specified LDAP server.
      • The default domain is added to the entered login name.
      • If you need to sign in under an account from another domain, you can enter your login name as domain\login.
    • For manually created users, the login information is only authenticated in the ALVAO database.

Web Applications

  • Only users imported from AD can use Integrated Windows Authentication to sign in. Their login name is checked for compliance.
  • For form-based authentication there are again two groups of users:
    • For users from AD, the password is only checked against AD.
      • The domain specified in the "Domain" field is always added to the name entered.
    • For manually created users, the login information is only authenticated in the ALVAO database.
Notification:
If there are several users with the same login name in the database, none of them will be able to sign in. This also applies e.g. to users with user name versions with domain (e.g. company.com\mark) and without domain (mark).

Loading Users from Active Directory

We recommend importing users regularly from Active Directory, e.g. with a scheduled server task which will be performed on an hourly basis. You can use the ImportAD utility for this.

Loading your User list for the first time will add all users and groups from the path specified in LDAP. Next time you load your User list, the application will only add new users and groups and update the information about existing users and groups. Users and groups that you delete from Active Directory will not be automatically deleted from the User list. If you load users from the entire Active Directory, your User list will also contain some auxiliary user accounts, such as e.g. IUSR_..., IWAM_... etc. We recommend hiding these auxiliary accounts by using the Hide command. If you remove these users with the Remove command, they would be created again next time users are loaded from Active Directory.

Loading Users from Active Directory Manually

If you want to load users in a single run, you can go to ALVAO Admin – File – Load – Users from LDAP.... This will open the Load users from LDAP window where you can specify more parameters.

Loading Users from Other Systems

If you do not use Active Directory, you can use the ImportUsersCSV utility to load users from a CSV file.

Alternatively, you can create a user manually under WebApp – Management by using the New user command.

ALVAO Administrator Permissions

Users to be equipped with Administrator permissions for the entire ALVAO system need to be added to the Administrators system group.

Follow the steps below to add users in WebApp – Management:

  1. Display the Groups page.
  2. Select the Administrators group and use the Edit – Members command.
  3. Add relevant users to the group by using the Add command.
Tip:
You can manage permissions directly in the Active Directory (AD) as follows: Create a user group in AD, e.g. "ALVAO Administrators", and add the respective user accounts to this group. Once users have been loaded from AD to ALVAO, this group will also appear under WebApp – Management where you can insert this group as a member of the "Administrators" system group.
Notification:
The user must restart the Service Desk Console or Asset Management Console after changing the permission for the changes to take effect.

 

Did not find what you were looking for? Ask our technical support team.