Listen 
Translate
Authentication
As a Product Admin, when any user logs into Product with his/her credentials:
- The user will be authenticated against the stored credentials.
- If found valid, then the user will be allowed to login to Product and perform their activities.
Audit Log: Login/logout action on users (AD)
- Audience & purpose
-
As a Product Administrator you want to know from Audit which and when a user logs-in or logs-out from Product so that you can keep track of their activities. This will:
- Record point-in-time data of a user who logged-in or logged-out to and from Product.
- Help in monitoring the user's activities for failed login attempts.
Description
In the Audit Log page, an audit entry will be logged when a user logs-in to or logs-out from Product. See the following data table.
Status Time Action Object name Action taken by Device Source Start time Successful <datetime> User login N/A <domain\username> <hostname> Product N/A Successful <datetime> User logout N/A <domain\username> <hostname> Product N/A
- If an error occurs during the Login/Logout operation, the status of audit entry will be set to "Unsuccessful".
- The "Action taken by" will be set to the name the user enters in the "Username" field irrespective whether that user exists or not.
- Select an Audit entry and click "View action".
- The "Details" page of the Audit entry will be displayed as shown in the following screenshot.
- For each Login/Logout user action, the "Details" page will show whether the action was "Successful" or "Unsuccessful".
- If the action was unsuccessful then it will also display the exact error message in the Results frame. See the following screenshot.
- The Audit log page will be read-only. A user can only act on the page-level toolbar.
- The breadcrumb trail will show "Audit log" → "View action".
- Click "Back" to return to the previous page.
Security
- Only authorized users will be allowed to view ALL the Audit entries and their details.
- Each user can view Audit entries that are only specific to the action taken by that user.
Audit Log: Login/logout action on users (Non-AD)
- Audience & purpose
-
As a Product Administrator you want to know from Audit which and when a user logs-in or logs-out from Product so that you can keep track of their activities. This will:
- Record point-in-time data of a user who logged-in or logged-out to and from Product.
- Help in monitoring the user's activities for failed login attempts.
Description
In the Audit Log page, an Audit entry will be logged when a user logs-in to or logs-out from Product. See the following data table.
Status Time Action Object name Action taken by Device Source Start time Successful <datetime> User login N/A <domain\username> <hostname> Product N/A Successful <datetime> User logout N/A <domain\username> <hostname> Product N/A
- If an error occurs during the Login/Logout operation, the status of audit entry will be set to "Unsuccessful".
- The "Action taken by" will be set to the name the user enters in the "Username" field irrespective whether that user exists or not.
- Select an Audit entry and click "View action".
- The "Details" page of the Audit entry will be displayed as shown in the following screenshot.
- For each Login/Logout user action, the "Details" page will show whether the action was "Successful" or "Unsuccessful".
- If the action was unsuccessful then it will also display the exact error message in the Results frame. See the following screenshot.
- The Audit log page will be read-only. A user can only act on the page-level toolbar.
- The lower-half of the page will show details of the user object when the action was performed.
- It will not show data of the date when this page is being accessed unless there was absolutely no change in the user object.
- The breadcrumb trail will show "Audit log" → "View action".
- Click "Back" to return to the previous page.
Security
- Only authorized users will be allowed to view ALL the Audit entries and their details.
- Each user can view Audit entries that are only specific to the action taken by that user.
Audit Log: Multiple login action by the same user (AD, Non-AD)
- Audience & purpose
- As an Automation Product Administrator you want to know from Audit if the same user attempts to login to Product from more than one browser or machine. This will help to identify multiple login attempts by the same user.
Description
In the "Audit log" page, an Audit entry will be logged when you login to Product from another browser or machine while you are already logged in to Product somewhere else. See the following data table.
Status Time Action Object name Action taken by Device Source Start time Successful <datetime> Multi-user login N/A <username> <hostname> Product N/A Note: If an error occurs during the login operation, the status of the Audit entry will be set to "Unsuccessful".
- Select an Audit entry and click "View action".
- The "Details" page of the audit entry will be displayed.
- For each login user action, the Details page will show whether the action was "Successful" or "Unsuccessful".
- If the action was Unsuccessful then it will also display the exact error message in the Results frame.
- The Audit log page will be read-only. A user can only act on the page-level toolbar.
- The lower half of the page will show details of the user object when the action was performed.
- It will not show data of the date when this page is being accessed unless there was absolutely no change in the user object.
- The breadcrumb trail will show "Audit log" → "View action".
- Click the "Back" button to return to the previous page.
Security
Note:
- Only authorized users will be allowed to view ALL the Audit entries and their details.
- Each user can view audit entries that are only specific to the action taken by that user.
Change password (Profile tray, Non-AD)
- Audience & purpose
- As a Non-AD Product user you want to change your old password.
Change password (Profile tray)
Use the following steps to change a password with the Profile Tray.
- Login to Product.
- Click your Profile icon.
- In the Profile Tray that opens, click "Change password".
- The "Change password" window will open as shown in the following screenshot.
- Input the Old password, New password, and Confirm new password fields. All fields will be shown as encrypted.
- Click Save changes.
- The Profile tray will close and a toast notification will be displayed.
Validations
Note:
- If no changes are made, the Close button will be shown.
- Otherwise, the Cancel button will be displayed.
- The Save changes button will be disabled until all fields are input.
The current password is incorrect, or someone changed your password.
Type Reason Message Notes Error Current password is incorrect. Unable to continue because your current password is incorrect.
This may be due to a misspelling or because your Caps Lock is on.
Please retype your current and new password.Erase all three password fields. The new password must meet the "allowed characters" requirement.
Type Reason Message Error New password doesn’t meet requirements. Unable to continue because your new password does not meet our requirements.
The length must be 8-64 characters.
In addition to alphabetical and numerical characters, only these other characters are allowed: @ - _ ! # $ % . &
To continue, please create a new password which includes only these characters.Both passwords must match.
Type Reason Message Error New password fields don’t match. Unable to continue because the information in the Password and Confirm Password fields do not match.
To continue, please retype your password.New password cannot be the same as the old password
Type Reason Message Error New password and old password are the same. Unable to continue because the information in the Old Password and New Password fields are same.
To continue, please change your New Password.
Audit log
An audit entry will be logged when the password is reset.
Create or change password (first login, forgot password, Non-AD)
- Audience & purpose
- As a Non-AD Product user, you want to change your password when you login to Product for the first time so that only you know your password (Admin created my password). This is used to ensure that a user's password is private, and no one except the user knows his/her password.
Change password on first login (SMTP disabled)
Prerequisite: A user account is created and the user has not yet logged in to Product.
- Login to Product using valid credentials.
- On the first successful login to Product, a "Welcome" page wizard with two tabs will be displayed as shown in the following screenshot.
- Change password
- Security questions
- On the "Change Password" page input the old password, the new password, and confirm the same.
- The password text will be shown as encrypted.
- Once all fields are input, the "Next" button will become enabled.
- Click "Next" to display the "Security questions" tab.
- The previous tab should display the "Username" and "Password" in encrypted form below the tab name.
- Refer to Security Q&A (Non-AD) for security questions.
- Click "Back" in the "Security questions" page to display the previous page.
- Once all required inputs are made, click "Save" and "Login" to display the "Dashboard" → "Home" page.
Create password on first login (SMTP enabled)
Prerequisite: A user account is created and the user has not yet logged-in to Product.
- Open the email sent for "User account creation".
- Click the link provided in the email to change the password.
- A "Welcome" page wizard with two tabs will be displayed as shown in the following screenshot.
- Change password
- Security questions
- On the "Create Password" page, input the new password and confirm the same.
- The password text will be shown as encrypted.
- Once all fields are input, the "Next" button will be enabled.
- Click "Next" to display the "Security questions" tab.
- The previous tab will display the "Username" and "Password" in encrypted form below the tab name.
- Refer to Security Q&A (Non-AD) for security questions.
- Click "Back" in the "Security questions" page to display the previous page.
- Once all required inputs are made, click "Save" and "Login" to display the "Dashboard" → "Home" page.
Create password or forgot password (SMTP enabled)
Prerequisite: The user exists in Product but has not yet logged in to Product (at least once).
- Launch the Product "Login" dialog box.
- Input a "Username" and click "Forgot password".
- Click the link provided in the mail to change the password.
- Clicking the link in the email will display the "Change Password" page. The wizard will not be shown.
- On the "Change Password" page, input the new password and confirm the same.
- The password text will be shown as encrypted.
- Once all fields are input, the "Next" button will be enabled.
- Click "Next" to display the "Dashboard" → "Home" page.
Validations
The "Save" and "Login" buttons will be disabled until all required fields are input.
A new password must meet the allowed characters requirement. Type Reason Message Error New password doesn’t meet requirements. Unable to continue because your new password does not meet our requirements.
The length must be 8-64 characters.
In addition to alphabetical and numerical characters, only these other characters are allowed: @ - _ ! # $ % . &
To continue, please create a new password which only includes these characters.
Roboth passwords must match. Type Reason Message Error New password fields do not match. We were unable to continue because the information in the "Password" and "Confirm Password" fields do not match.
To continue, please retype your password.
New password cannot be the same as the old password. Type Reason Message Error New password and old password are the same. We were unable to continue because the information in the "Old Password" and "New Password" fields are the same.
To continue, please change your "New Password".
Audit
An Audit entry will be logged when the password is reset.
Note
Refer to the Restrict client login if unlicensed topic for password policy.
Forgot password (Non-AD, SMTP disabled)
- Audience & purpose
- As a Non-AD Product user, you want to reset your password so that you can continue using Product with a new password.
Admin user forgot password (SMTP disabled)
Use the following guidelines for this task.
- Launch Product in your browser.
- In the "Login" page, input an Admin or non-Admin username and click "Forgot password".
- If the username is valid, then a "Forgot Password" page with three security questions and answers will be displayed as shown in the following screenshot.
- The embedded help will display:
Username: <username> To reset your password, please answer the security questions that were created when you logged in for the first time. If you cannot remember the answers to your security questions, please contact your system administrator.
- Note: The "answers" are not case sensitive.
- The three security questions will be displayed as they were entered during your first login.
- Input the correct answers to each of these questions.
- Click "Back" to return to the "Login" page.
- Click "Next" to take you to the "Change password" page if the answers are correct.
- Note: The "Next" button will be disabled until all answers are filled in.
Validation
If the user exists and:
- Has not created his security questions and answers, when the "Forgot Password" link is clicked the following error message will be displayed.
Type Reason Message Error Security question answers are not created by user. Unable to continue because the security questions for password reset have not been created for this account.
To continue, please contact your system administrator.- If any of the security answers is incorrect then the following error message will be displayed:
Type Reason Message Error Security question answers are incorrect. One or more of your answers is incorrect.
This may be due to a spelling error.
To continue, please retype your answers.
If you continue to see this message, please contact your system administrator.- Otherwise, if the user does not exist, then clicking the "Forgot password" link will display the following error message.
Type Reason Message Error User does not exist. An email has been sent to you.
To reset your password, please go to your email and click on the link.
If you have not received this email, please contact your system administrator.
Forgot password (Non-AD, SMTP enabled)
- Audience & purpose
- As a Non-AD Product user you want to be able to reset your password if you forget it, so you can continue using Product with a new password.
Using forgot password (SMTP enabled)
Use the following guidelines regarding this action.
- Launch Product in your browser.
- On the "Login" page, input an Admin or non-Admin username and click "Forgot password". See the following screenshot.
- if the "username" is valid, a "Forgot password" page will be displayed as shown in the following screenshot.
- An email will be sent to your registered user's email address.
- Click the link provided in that email to reset your password.
- Roboth Admins and normal users will see this page.
- On password reset, you will see the Dashboard → Home page.
- Clicking "Back" will return you to the Login page.
Validation
- If the username is invalid, then for security reasons when the "Forgot password" link is clicked the "Forgot password" page will still be displayed as if the user exists.
- However, on the "Forgot password" page, the email address will not be displayed. See the following screenshot.
- If the user exists but has not verified their email address, then the "Reset password" mail will still be sent to the user (since the user is going to change their password).
- Once the user sets their password, they will be marked as "Verified" in Product.
Security
The "Reset password" link will become inactive once the password is reset by the user.
If the user makes a subsequent attempt to click the "Forgot Password" link, then each time a reset password link is sent to the user, the previous reset password link will become inactive.
Login to Product (AD)
- Audience & purpose
- As a Product AD User, you want to login to Product using your AD (Active Directory) credentials to access the Product application to perform various operations. This is also used to authenticate Product Users and to restrict unauthorized access to Product.
Login for Product AD Users
All criteria are the same as in the "Login to Product (Non-AD)" topic (directly following this topic), except that there is no "Forgot password" link.
See the following screenshot.
Logging to Product
Non-Admin login to Product
- If the license expired, then a message to contact the system administrator will be displayed.
- Otherwise, the "Dashboard" → "Home" page will be displayed.
Admin login to Product
- If Product is on a "Trial license", refer to the "Display days remaining for license expiry" topic.
- If the Product license has expired, then refer to the Restrict Product access if license expired and install a new license topic.
- Otherwise, a "Dashboard" → "Home" page will be displayed.
Note: Unlike the 10 LTS version, there is an explicit "Login" page for AD (Active Directory) login. In the 10 LTS version, the current Windows credentials were used to login to Product.
Login to Product (Non-AD)
- Audience & purpose
- This applies to Product Users who want to login to Product, access it, and perform various operations. This is also used to authenticate Product users and to restrict unauthorized access to Product.
- Prerequisites
-
- Product is installed and properly configured.
- The required users have been created in the Product database.
Login a user
Use the following steps to perform a user login.
- Launch Product in your browser.
- A Login page is displayed in the following screenshot.
- Input the Username and Password in their respective text boxes.
- Click Login.
- If the user's login credentials are found valid the user will be allowed to login, and the Product Dashboard → Home page will be displayed.
- The input credentials will be authenticated with the stored credentials in Product database.
- Otherwise, the following error messages will be displayed:
Type Reason Message title Message body Error Username or Password is incorrect. Either your username or your password is incorrect. This may be due to a misspelling or because your Caps Lock is on.
To continue, please retype your username and password.
Note: This will clear the Password field, but not the Username field.Information The session expired and they are returned to the Login page. Your session expired. To be safe, we logged you out. Please login again. Error User account is disabled. Your account is disabled. You cannot log in with a disabled account.
Please contact your system administrator.Error The user has not verified their email address on account creation or change of email address. Your email address is not verified. Please check your email and click on the verify link.
If you have not received an email, please contact your system administrator.
Remember my username checkbox
Use the following steps for the "Remember my username" checkbox.
- Launch Product and input the user credentials.
- Select Remember my username and click Login.
- Note: By default the checkbox is unselected.
- Logout of Product.
- Close the browser tab in which Product launched, or
- Exit Product by closing the browser.
- Launch Product again in the same browser.
- The Username will be auto-populated with the last logged-in username, otherwise it will be empty.
Validation
Note the following default conditions.
- The "Remember my username" checkbox will be disabled until the username field is filled in.
- The Forgot password link will be disabled (by default) until the user fills in their username. Refer to the preceding Forgot Password (Non-AD, SMTP enabled) topic.
- The "Log in" button will be disabled until all required fields (Username, Password) are filled in.
- The "Password" field will be displayed in encrypted form.
- If the user is logged-in to one browser and opens multiple tabs with the Product URL, then the current active session will be used in all tabs.
- If the user logs-in to two different browsers, then a separate, active session will be used.
For further reference see the following topics:
- Create or change password (first login, forgot password, Non-AD): higher up on this page
- Security Q&A (first login, Non-AD user)
Logout from Product (AD)
- Audience & purpose
- As a Product AD User, you want to logout from the Product. Use this to logout.
Logout from Product
The criteria are almost the same as in the "Logout from Product (Non-AD)" topic following this topic.
- The only difference is in the "Profile tray" for an AD user with the username "First name" "Last name" fields here, as opposed to the "email address" field in the Non-Ad version. See the following screenshot.
Logout from Product (Non-AD)
- Audience & purpose
- As a Non-AD Product user you want to logout from Product. Use this to logout from the Product application.
Logging out from the Product application
Use the following steps to logout from the Product application as a Non-AD user.
- Login to Product.
- The Dashboard > Home page displays a Profile tray in the header bar for the current user as shown in the following screenshot.
- Click the Profile icon to view the Profile tray of the current user.
- Click Log out.
- The user will be logged out from Product and directed to the Login page.
- When the user successfully logs out, a toast notification will display on the Login page:
"<username>
successfully logged out."
Multi-domain single forest: Login, logout Product
- Audience & purpose
- As a Product user belonging to Domain A, you want to login and logout to/from the Product installed in a Domain B. This is used to authenticate users belonging to different sub-domains for a Product installed in a multi-domain single forest environment.
Prerequisites
The following prerequisites must be in place and running to accomplish this task.
- A Global Catalog Server (GCS) is setup with multiple sub-domains inside a single forest.
- Product is installed in Domain A.
- Users belonging to different sub-domains are created in Product.
Login to Product from your browser.
Launch Product using your browser from Domain A.
- In the Login page, input the domain\username for User "X" of Domain A.
- If the user is verified then he will be allowed to login to Product installed in Domain B.
- User "X" will be authenticated against the sub-domain A under the single forest.
Logout from Product
Use the following steps to logout from Product.
- After logging in to Product, open the Profile Tray and click Logout.
- The User will be allowed to logout from the Product installed in Domain B.
Login to Product from an Product Client
Use the following steps to login to Product from an Product Client.
- Launch the Product Client and login as User "X" from Domain "A" to the Product installed on Domain "B".
- If the Client login is successful, then the device name will be captured as a fully qualified name in Product.
No Client login for Product Admin or RobotFarm Admin
- Audience & Purpose
-
As a Product Admin you want to allow another Admin to only manage Product from a browser.
- You want to restrict the allocation of a "Dev" or "Runtime" license to another Product Admin.
- That Product Admin can manage Product from a browser instead of using these licenses as a Robot creator or a Robot runner.
Restriction: Admin/RobotFarm role - No Client login
The selected Admin user will not be allowed to login to Product from the Product Client.
- They can only login to Product via a browser.
Node locked license
- Audience & purpose
- As a Product Admin, you want the Product Client user License to be node-locked, so that once the client is registered from one machine, he cannot register from another machine. This is used to control license usage by limiting one user license per Client machine.
Prerequisites
Scenario: The following conditions are in place.
- Product is installed with a Node-lock license.
- Client "A" is already registered from machine "X".
Client node locked
Use the following steps to test the Client Node-lock process.
- Login to the Client machine "X" with User "A".
- User "A" will be allowed to login to Product from machine "X".
- Exit the Client.
- Login to the Client machine "Y" with User "A".
- User "A" will not be allowed to login to Product from machine "Y".
- The current error message will be displayed.
Re-register the User
Use the following steps to re-register the user.
- Login to Product as a Product Admin.
- Delete User "A" and recreate another User "A" as earlier,
- Or, change the user license to "None" and then allocate it with another license.
- Register User "A" from machine "Y".
- User "A" can now login to Product from machine "Y".
Password Policy for Non-AD Product: User's account to get locked-out for "n" number of consecutive attempts
- Audience & purpose
- As an Product Enterprise Consumer, if you consecutively enter wrong credentials "n" number of times (as defined in the password policy), your Product account will get locked out (disabled) so that the system adheres to the InfoSec policies. This will also ensure that there is no brute-force attack to hack the user's account.
Admin objectives
Ensure that the user's account gets locked out (disabled) after "n" number of consecutive unsuccessful login attempts.
- Once the user's account is locked-out (disabled), the user will get the same generic login failure message which is shown when the user's account is disabled.
- The account lock-out is independent of the source; if the user puts in wrong credentials from Chrome, and then from IE, and then from Product Client, the account will be locked out.
- If there is ONLY 1 admin remaining in the system, the account lock-out policy will NOT be applicable to that admin.
- This is to ensure that the system does not get locked out.
Security
Ensure that the user does not hack into the system even when the user's account is locked out.
Register\login\re-Login Product Client
- Audience & purpose
-
As an Automation Expert, you want to register your Product Client once a license is allocated to you, to carry out your automation activities. This is used:
- To secure the "Master Key" which is used to open the vault.
- To ensure access to Product is allowed only if the vault is opened.
- To allows users to secure their credentials in the vault.
Prerequisites
The following are in place:
- A Client user account is created in Product and is allocated a license.
- This Client user is verified in Product.
Register a Client
Use the following steps to register a Client.
- Launch the Product Client.
- In the Login dialog box, input the Product URL and your user credentials.
- Click "Login".
- If the login to Product is successful, and if this is the first time the Client logs into Product, then the status of the corresponding user account will be set to "Registered" in Product.
Validations
Note the following verification guidelines.
- The Client user account will not be marked as "Registered" under the following conditions:
- A user account is not created.
- The user is not allocated a valid license.
- The user account is not verified (SMTP is enabled or disabled).
- The user's email address has changed and the account is not verified (If SMTP is enabled).
- Validate the Client login for AD (Active Directory), Non-AD, and multi-domain scenarios.
Restrict Robotfarm access if Product license has expired
- Audience & purpose
-
Product Admins want to restrict access to RobotFarm if the current installed Product license (having a RobotFarm flag) has expired so that they abide by the license terms to use Product.
This provides:
- RobotFarm access to users for the time period they have the purchased, and a Product license so that they do not misuse RobotFarm.
- It also enforces them to buy or renew another Product license with a RobotFarm flag.
License Expired Message
Login to RobotFarm as a RobotFarm Admin.
If the Product license has expired, then the following error message will be displayed.
Type Reason Message Error Product license has expired. Unable to log in because the Product license has expired.
To continue, please install a new Product license.
If you do not have one, please contact your system administrator or Product Sales.The RobotFarm Admin will not be allowed to login into RobotFarm.
Restrict multiple logins to Product by the same user
- Audience & purpose
- As a Product Admin you want to restrict multiple logins to Product by the same user, so that only one user is active at a time. This applies to Product Admins regarding the restriction of concurrent same-user access.
Restrict Concurrent Access to Product by a user
Use the following steps to understand the restriction of concurrent access to Product by a user.
- Login to Product in one browser with "User A" credentials.
- Login to Product in another browser with the same "User A" credentials.
- Note:
- The 2nd User A is allowed to login.
- The 1st User A is forced to logout.
- The 1st User A gets an "information message" when he tries to perform another activity when the 2nd User A becomes active.
Type Reason Message title Message body/th> Information Same account logged into another device. You're logged in twice. To be safe, we logged you out here. Please log in again.