Listen
Translate
Users
As a Product Admin you must be able to manage all users and their privileges from Product so that you can:
- Provide users with required privileges to access Product and perform various operations it offers.
- Control and monitor all users activities from within the Product.
- Notify users and make them aware of important events for their user accounts.
- Provide a platform for users to access other applications - RobotFarm, Robot Insight and any future products that are registered with Product.
Allocate/reallocate license to Product users
- Audience & purpose
-
As a Product user having the "Allocate License" permission, you want to:
- Allocate or reallocate licenses to other Product users.
- Distribute available licenses across different users as per your requirements.
- Enable users to connect with Product.
-
This is used to:
- Distribute and manage available licenses.
- Enable users to connect and access Product.
Create user - Allocate license
Use the following steps to create a user and allocate a license.
- In the Administration > Users page, click Create User.
- In the Create User page:
- Input all fields.
- Select a non-Admin role.
- Select an option for a license such as: None, Robot creator, or Robot runner.
- Save the user.
- Once the user is created based on the role and/or license selected:
- The corresponding license will be allocated to the user.
- The license usage count for the license is updated on the License page.
Create/edit user: Available licenses
When creating or editing a user, the available licenses count next to the Robot runner and Robot creator options in the license group box will display the total number of licenses currently available for allocation to the user.
- The same also applies to the IQRobot and MetaRobot license options.
- Based on allocation or reallocation, the available license count will be updated.
- If installing another license (upgrade or downgrade), the available license count will be updated.
- If the available licenses amount is zero, then the corresponding license type will be disabled.
License allocation and usage
- When a license is allocated to a user, the usage count on the License page will be updated. See the following data table.
Role assigned License type allocated Usage count for Robot user Admin, RobotFarm Admin None N/A Non-Admin role Robot creator Robot creator (Development) Non-Admin Role Robot runner Robot runner (Runtime with TaskRobots) Validator Role, IQRobot Robot runner Robot runner (includes IQRobots) RobotFarm Agent Robot runner Robot runner (Runtime with TaskRobots) RobotFarm Agent Robot runner RobotFarm (Runtime) time used to execute Robots by Robot runners in RobotFarm Robot Insight experts None Robot Insight (Business Analytics) Robot Insight consumers None Robot Insight (Business Analytics) - If an Admin role or RobotFarm Admin role is assigned to a user, the license group box for license selection will be disabled.
- If a Robot Insight expert or Robot Insight consumer role is assigned to a user, the license usage count of Robot Insight (Business Analytics) will be increased by 1.
- If you only have a "Create user" permission and not a "View and manage license" permission, then when allocating the Robot Insight specific roles an error message will be displayed as shown in the following data table.
Type Reason Message Error License permission not available Unable to continue since you need "View and manage license" permission to allocate Robot Insight-specific roles.
To continue, please contact your system administrator.- If the role assignment exceeds the default count of 10 for Business Analytics, then the following error message will be displayed.
Type Reason Message Error Robot Insight default license count exceeds 10. Unable to continue since you have exceeded the limit for Business Analytics license.
To continue, please contact your system administrator or Product Sales.- If a RobotFarm Agent role is assigned to a user, the license group box will only show the following options as enabled (a Robot creator license cannot be allocated to a RobotFarm agent).
- "Robot runner (Runtime)"
- None
- If a Validator role is assigned to a user, any type of device license can be allocated.
- If a user is assigned multiple roles, then depending on which combination of roles with a license has a validation failure, the user cannot be saved. On "Save", show the validation error as described in the following data table.
Type Reason Message Error Conflicting roles Unable to continue since the combination of roles selected has a conflict.
To continue, please select other roles.
Edit user: Reallocate license
Use the following steps to edit a user and reallocate its license.
- In the Administration → Users page, select a user with a license and edit it.
- Change the license type to either:
- None
- Robot runner
- Robot creator
- Save the user.
Change license type from Robot runner to Robot creator
On saving the edits, if the license type is changed from Robot runner to Robot creator, then the following confirmation message (pop-up) will be displayed.
Note: The user must re-login from the Product Client to make the license effective.
Reason Title bar Message Buttons Changing license type from Robot runner to Robot creator Reallocate license Do you want to reallocate the license from Robot runner to Robot creator?
Note: This will delete all existing schedules from the Robot runner device registered with this user.Yes, No Change license type from Robot creator to Robot runner
If the license type is changed from Robot creator to Robot runner then the following confirmation message (pop-up) will be displayed.
Note: The user must re-login from the Product Client to make the license effective.
Reason Title bar Message Buttons Changing license type from Robot creator to Robot runner Reallocate license Do you want to reallocate the license from Robot creator to Robot runner?
Note: This will not allow the creation or editing of task Robots from the Robot creator device registered with this user.Yes, No For all other license type changes, the confirmation is not required.
Once the license is reallocated, the corresponding usage count on the License page will be updated.
Audit entry
An Audit entry should be logged when a license is allocated or reallocated to a user.
API to create users
- Audience & purpose
-
As an Automation Admin having the "User creation" permission, you can create users in Product via APIs so that you are not bound to use the Product user interface.
- For example, if you have systems that fire scripts, the same scripts can be used to create users in Product.
Description
Ensure that there is an API to create users.
- The input of the API will be in JSON (JavaScript Object Notation) format.
- Non-AD environment: The input should have all of the parameters in plain text (including the password) to create a Non-AD user.
- AD environment: The input should ONLY have the username.
- Product will try to create that AD user.
- If it fails, it will give the appropriate message output.
Audit Log
Note: All API actions will be audited.
Audit log: Connect to CV (Credential Vault)
- Audience & purpose
- As an Automation Administrator you want an Audit entry to be logged whenever Product connects to Credential Vault to track whether the Vault is connected or not.
Functional aspects
In the "Audit log" page, the following entries will be logged whenever Product connects to Credential Vault.
Status Time Action Item name Action taken by Device Source Start time Successful <datetime> Connect Credential Vault <vault mode> <admin username> <hostname> Product N/A Note: If an error occurs for this action, the "Status" field will be set to "Unsuccessful".
- Select an Audit entry and click "View action".
- The "Details" page of the Audit entry will be displayed.
- The Details page will show whether the action was "Successful" or "Unsuccessful".
- If the action was "Unsuccessful" then it will also display the exact error message in the "Results" frame.
- The lower-half of the page will not be displayed for this audit entry.
- The Audit log page will be Read-Only. You can only act on the page-level toolbar.
- The Breadcrumb trail will show "Audit log" → "View action".
- Clicking the Back button will return you to the page you came from.
Security
Only a Product Admin or user having the "Audit Log" permission will be allowed to view ALL the Audit entries and their details.
Audit log: Create/edit/delete/enable/disable actions on users
- Audience & purpose
- As an Product Admin, you want to see the details (First name, Last name, and Email address) of a user who was deleted from the system one year ago.
-
This is used to:
- Record point-in-time data of a user object from its creation to deletion.
- Help to understand all that has changed in a user object.
- Show details of objects which have been deleted from the system.
Functional aspects
Use the following guidelines regarding these actions.
- In the Audit log page, an audit entry will be logged when a user is created, edited, deleted, enabled, or disabled. See the following data table.
Audit entries Status Time Action Object name Action taken by Device Source Start time Successful <datetime> Create user <user name> <user a> <hostname> Product N/A Successful <datetime> Edit user <user name> <user a> <hostname> Product N/A Successful <datetime> Delete user <user name> <user a> <hostname> Product N/A Successful <datetime> Enable user <user name> <user a> <hostname> Product N/A Successful <datetime> Disable user <user name> <user a> <hostname> Product N/A Note: If an error occurs during the ProductUD (Create, Read, Update, Delete) operation then the status of the audit entry will be set to "Unsuccessful". - Select an audit entry and click "View action".
- The "Details" page of the audit entry will be displayed as shown in the following screenshot.
- For each of the "Crete"/"Edit"/"Delete" user actions, the Details page will show whether the action was successful / unsuccessful.
- If the action was unsuccessful it will also display the exact error message in the "Results" frame.
- For the "Edit" action, if only the user's details are changed without modifying the "Enable"/"Disable" status, then the "Edit user" action will be logged.
- If both the user details and the "Enable"/"Disable" status are changed, then both the "Edit user" and "Enable user" or "Disable user" actions will be logged.
- If only the "Enable"/"Disable" status is changed, then the "Enable user" or "Disable user" action will be logged.
- The "Audit log" page will be read-only. Users can only act on the page-level toolbar.
- The lower-half of the page will show details of the user object when the action was performed.
- It will not show data of the date when this page is being accessed unless there was absolutely no change in the user object.
- For the "Edit user" action, the lower-half of the page will display a data table with fields, along with their old and new values. It will only display the fields that are modified. See the following data table.
What changed? Old value New value User Type Robot runner Robot creator First name John – Last name Smith Williams Password ******** ******** Roles Role1, Role2 Role1 Device License Robot runner with IQ Robots Robot creator with auto login User Status Enabled Disabled a@a.com b@b.com - For the "Create user" action, the table will display all fields the same as in the "Edit user" action except that it will additionally show a "Username" field. The "Old value" column will not be displayed.
- For the "Delete user"action, the lower half will show the current value for all the fields in the "Old Value" column.
- The Breadcrumb trail will show "Audit log" → "View action".
- Click "Back" to return to the page you came from.
Security
Note the following security aspects.
- Only authorized users will be allowed to view ALL the Audit entries and their details.
Robot Insight: License allocation for analytics users
- Audience & purpose
- As a Product Admin, you want to allocate licenses to users with the Robot Insight role so the user can create/edit task, tag analytics variables, and log data for analysis.
- This is used to enable analytics users to connect to Product from an Product Client.
Allocate a license to an analytics user
Use the following steps to allocate a license to an analytics user.
- In the Administration → Users page, select a user having an analytics role.
- Allocate a Robot creator or a Robot runner license to this user.
- Save the user.
Login to Product as an analytics user
User the following steps to login to Product as an analytics user.
- Launch the Product Client.
- Login to Product as an analytics user.
- The user will login to Product and:
- Create/edit or run a task.
- Tag analytics variables.
- Log data for analysis.
RobotFarm: Validate license on client creation in RobotFarm
- Audience & purpose
-
As a RobotFarm Admin you want to:
- Validate a client user license when you deploy VMs (Virtual Machines) on RobotFarm.
- Ensure that the count of VMs created in RobotFarm is limited to the license count.
- This is used to validate a license upon creating a client in RobotFarm.
Validation
Use the following steps to perform a license validation.
- Deploy a task against RobotFarm specifying the number of VMs (Virtual Machines).
- If the number of VMs is greater than the available license count, it must not provision the virtual Robots.
- An appropriate error message will be displayed.
RobotFarm Agent: Allocate Robot runner license only
- Audience & purpose
- As a Product Admin, you want the RobotFarm agent user to only be allocated a "Runtime" license so that the agent can only run the Robot deployed from the RobotFarm.
- This is used to allow the RobotFarm agent to act like a Robot runner.
Allocate a Runtime license to a RobotFarm agent
Use the following steps to allocate a Runtime License to a RobotFarm agent.
- In the Administration → Users page, select a user having the RobotFarm agent role.
- Allocate a Runtime license.
- Save the user.
The user will be saved successfully and the license usage count will increase in the RobotFarm (Runtime) entry of the "License" page.
Restrict allocating any other license to the RobotFarm agent
Use the following steps to restrict allocating any other license to the RobotFarm agent.
- Select a user having the RobotFarm agent role and allocate a Robot creator license.
- The following error message will pop up.
Type Reason Message Buttons Error RobotFarm agent cannot have Robot creator license. Unable to continue because there is a mismatch in allocation of license type to a user having the RobotFarm agent role.
To continue, please allocate a Robot runner license type to the user.Close
Bulk delete users
- Audience & purpose
-
As a Product user having the "Delete user" permission, you want to:
- Do a bulk delete of selected users.
- Delete the devices to which those users were attached.
- Free the allocated user licenses.
-
This is used to:
- Remove redundant user data and free-up licenses.
- Prevent unauthorized access to users who have left the company.
Bulk deleting users
Use the following steps to bulk delete users.
- In the "All Users" page, select multiple users to be deleted from the list and click the table-level Delete icon.
- A confirmation message will be prompted to user. See the following screenshot of the message.
- On confirmation, the selected users will be deleted.
- The allocated licenses (if any) will be made free.
- The success toast will be displayed as shown in the following screenshot of the success toast.
Email notification
If SMTP is enabled, then an email should be sent to the respective user's email address.
Validation
Note:
- The current logged-in user cannot be deleted.
- If there are multiple Admins, then only an Admin user can delete another Admin user (until you are left with a single Admin who cannot delete himself).
Audit entry
An Audit entry "Delete user" will be logged with a success or failure message for each user as shown in the following screenshot.
Client offline mode
- Audience & purpose
- As a Product Admin, you want to restrict the "Client" to work in offline mode if it is not connected to Product.
- This is used to mandate a Client connection with Product.
Client offline mode
Note:
- If the Client goes offline after connecting to Product, then it will not be perpetually allowed to use the Client.
- If any task is running when going offline, then it will wait for the task to complete before exiting the Client.
Client trial & expired license notification
- Audience & purpose
- As an Automation Expert, you want to see the trial/expired license notification in the Product Client the same as in Product displaying centralized licensing across the Client and Product.
- This is used to make a Client aware of running Product in trial mode.
License notifications
- If Product is installed with a trial license, and if the Product Client is logged-in to Product, then a dialog showing the number of trial days left will be displayed before the Client main UI launches.
- If the Product license has expired, then the Client will not be allowed to login to Product.
- The Client will see current login failed message.
- If a Client is already connected to Product, and later if a Product expired license is installed, then a tray notification will be displayed to the Client.
- After five minutes the Client will be disconnected.
Connect to CV (Credential Vault)
- Audience & purpose
- As a Product Admin you want to open the vault when it gets closed so that other Product users can access the Product and the vault.
Open the vault: Express mode
Scenario: Product is installed with credential settings set to "Express mode".
- If the vault gets closed due to server restart or any other reason, and if a non-Admin or Admin user logs-in to Product, then the vault will automatically open and the "Dashboard" → "Home" page will be displayed.
- Under no case will the Admin user be required to input the "Master Key" to open the vault.
Open the vault: Manual mode
Scenario: Product is installed with credential settings set to "Manual mode".
- if vault gets closed due to server restart or any other reason, and if a non-Admin user logs-in to Product, then the user will not be allowed to access Product and the following error message will be displayed.
Type Reason Message Error Vault is closed Unable to continue because there was a problem connecting to credential vault.
To continue, please contact Product administrator.- However, if an Admin user logs-in to Product, then a "Credential Settings" page will be displayed where the Admin user can input the "Master Key" to open the vault.
- If the Master Key is invalid, then an error message will be displayed as shown in the following data table.
Type Reason Message Error Master Key is not correct. Unable to connect to Credential Vault because the Master Key is invalid.
To continue, please enter a correct key and try again.- Otherwise, the "Dashboard" > "Home" page will be displayed.
Security
Only authorized users will be allowed to open the Credential Vault using the Master Key.
- The Master Key will be validated for correctness.
- Access to Product will not be allowed if the Credential Vault is closed.
Create AD user
- Audience & purpose
-
This applies to Product AD (Active Directory) users having the "Create User" permission. It allows a current Windows AD user access to Product.
- As a Product AD user having the "Create User" permission, you want to create a new AD user with the required privileges.
- This will allow you to grant the user access to the Product and perform various operations.
Create an AD user
Note: The actions are the same as in the "Create a Non-AD User" topic (further down in this page) except for the following items.
- Click "Enable user", a drop-down for the Active Directory domain will be displayed as shown in the following screenshot.
- If it is a single domain, then the domain name should be shown without the drop-down and the field will be read only.
- If there are multiple domains, then the multiple domain list will be alphabetically sorted in the drop-down list.
- Select a domain name from the drop-down list.
- For subsequent user creation, the last chosen domain name will be auto-selected.
- Input the username and click "Check name in active directory".
- This button is enabled only if the username is filled in.
- The "Check name..." button will be disabled unless the username field is changed.
- Validate the username against the Domain Controller, and if found valid then populate the user details in the respective fields viz. first name, last name, and email address.
- These fields are only displayed if the username is found valid. See the following screenshot.
- Note: The user can overwrite the values in each of these fields: first name, last name, and email address.
- The "Password" field will not be displayed for AD users.
- The "Create user" button will be disabled if the username is not validated.
- If the user is not found, then an error message will be displayed.
Note:
- The "username" field will stay in focus.
- The "Create user" button will remain disabled.
- The "Check name" button will remain enabled.
Error Condition Message Unable to find username in AD. Unable to find that username in Active Directory.
This may be because of a spelling error or your Caps Lock is on.
To continue, please retype the username.
Error messages
The following tabular data table contains error conditions and their respective messages.
Error condition Error message Email and Confirm Email fields do not match. "We were unable to continue because the information in the Confirm Email field does not match the information in the Email field.
To continue, please retype the information."An illegal character is being used in the username. "We were unable to continue because an illegal character is being used in the Username field.
The following characters are not allowed: ( ) \ / " ' [ ] : pipe < > + = ; , ? * @
To continue, please create a username that does not include these characters."The format of the email address is incorrect. "We were unable to continue because the format of your email address is incorrect.
To continue, please retype your email in the following format: name@company.com"
Create first Admin user of Product (AD)
- Audience & purpose
-
As a Product Admin you want to create the first Admin user of Product so that the they can configure and manage the overall automation environment setup with Product and its Clients. This will allow the individual to:
- Manage, monitor and control all activities in Product and its users.
Create an Admin user
Use the following guidelines to create the first Product Admin user.
- On first launch of Product, post installation, the Getting Started wizard - Product first admin page will be displayed as shown in the following screenshot:
- The "Product first administrator" page will display the domain selection and verify the username in Active Directory.
- Embedded Help:
Location Embedded Help Main screen The Product first administrator is automatically assigned the system-created "Admin" role which has permissions for all functionality. Field – Username (under field) e.g., mydomain\username - The AD (Active Directory) domain dropdown menu will show a list of domains in alphabetical order.
- The first domain will be selected.
- If there is only one domain, then the dropdown will not be shown; instead the domain field will be disabled.
- The Username field will prepopulate the selected domain.
- The "Check name in AD" button will be enabled once the username is filled in.
- When clicking this button, verification of the username in AD, and if the user exists, then the other fields - firstname, lastname, and email will be displayed and populated with values as they exist in Active Directory.
- Otherwise, the following error message will be displayed:
Reason Message Unable to find that username in Active Directory Unable to find that username in Active Directory. This may be because of a spelling error or your Caps Lock is on. To continue, please retype the username. - Username, Firstname, Lastname, Email: maximum characters (256).
- Firstname and Lastname are optional fields.
- Users can fill in all details in the required fields.
- Once the wizard is completed, click "Save and Login" to successfully create the first Admin user.
Validation
- Refer to the preceding topic Create AD user for field level validations.
- Ensure the first Admin user is successfully created.
Note: There is no email notification sent to the first Product user since the SMTP settings are not yet configured at this point of user creation.
Create first Admin user of Product (Non-AD)
- Audience & purpose
-
As a Product Admin, you want to:
- Create the first Admin user of Product.
- Allow this admin to configure and manage the overall automation environment setup with Product and its Clients.
- This is used to manage, monitor, and control all activities in Product and its users.
Create the Admin user
Use the following steps to create the Admin user.
- On the first launch of a Product post installation, the Getting Started wizard - Product first Admin page will be displayed as shown in the following screenshot.
- All fields are mandatory except Firstname and Lastname.
- Users can fill in all details in the required fields.
- Once the wizard has been completed, after clicking Save and Login, the first Admin user will be successfully created.
Embedded Help
Location Embedded Help Main screen The Product first administrator is automatically assigned the system-created "Admin" role which has permissions for all functionality. Main screen field: Username Username (below field) Main screen field: Password Password (below field): 8-64 characters; a-z, A-Z, 0-9, @, -, _, !, #, $, & and . are allowed.
Validations
- Please refer to the following topic: Create Non-AD User for validations.
- Ensure that the first Admin user is successfully created.
Note
There is no email notification sent to the first Product user since the SMTP settings are not yet configured at this point of user creation.
Create Non-AD user
- Audience & purpose
- As a Product user having the "Create User" permission, you want to create a new user with the required privileges and grant the user access to Product and perform various operations. This allows a user to access Product.
Create a Non-AD user
Use the following steps to create a Non-AD User.
- In Administration → Users, click the "New user" icon to open the Create user page as shown in the following screenshot.
- Input the user's details in their respective fields.
- The "Roles" table will list all the roles created in Product.
- Select one or more roles in the Roles table.
- Select a license to be allocated: None, Robot creator, or Robot runner. Note: "None" is the default selection.
- For "Robot creator", uncheck the box if auto-login needs to be disabled.
- For "Robot runner", additionally select "IQRobots" (unchecked by default).
- Click "Create User" to create the user in the Product database, then close the wizard.
- A success toast message will be displayed as shown in the following screenshot.
- The "All Users" page will be updated with the newly created user.
- To add another user click "Create user" and "Create another".
- Cancel button:
- Click "Cancel" to discard changes and close the dialog box.
- Note: For license allocation/reallocation/release, see the first topic in this page "Allocate/reallocate license to Product Users".
Validations
For your guide:
- By default, "Enabled" should be checked and the "License" should be "None".
- The Username should be unique, mandatory, and should not include special characters ( , ) \ / " ' [ ] : | < > + = ; , ? * @ `. (maximum characters = 255).
- The Firstname and lastname fields will be optional (maximum characters = 50).
- The "Password" and "Confirm Password" field values should match.
- These fields should only be shown if SMTP is disabled, otherwise the Password is set by the respective user from his email invite.
- Password length: minimum = 8 characters, maximum = 64 characters
- Password characters: a-z A-Z 0-9 @ - _ ! # $ % & and .(dot)
- "Email" and "Confirm Email" field values should match. (maximum characters = 255).
- The Roles list will not display Admin, Locker Admin, or RobotFarm Admin roles if the current user does not have an Admin role.
- Note: The "License" group box will only be visible if you have the "View and manage licenses" permission.
- If created for a Robot creator, the "Enable Auto-login" box will be checked by default.
- If created for the Admin role or RobotFarm Admin role, the license selection area will be disabled.
- At least one role is mandatory for user creation.
- A user with just the "Create user" permission cannot create any type of Admin user unless he has an Admin role.
Error message descriptions
Error Messages Reason Message Password and Confirm Password fields do not match. Unable to continue because the information in the Password and Confirm Password fields do not match. To continue, please retype your password.
Password does not pass our criteria. Unable to continue because the information in the Password field is invalid. It must be at least 8 characters and may only include the following characters: a-z A-Z 0-9 @ - _ ! # $ % & To continue, please enter a valid password.
Email and Confirm Email fields do not match. Unable to continue because the information in the Email and Confirm Email fields does not match. To continue, please retype your email.
An illegal character is being used in the username. Unable to continue because an illegal character is being used in the Username field. The following characters are not allowed: ( ) \ / " ' [ ] : pipe < > + = ; , ? * @ To continue, please create a username that does not include these characters.
The format of the email address is incorrect. Unable to continue because the format of your email address is incorrect. To continue, please retype your email in the following format: name@company.com
Failure on save if server is disconnected. No connection to the Product server. The server is temporarily unavailable. Check your network connection and try again. If this problem persists, please contact your system administrator.
Failure on save if permission is revoked. You do not have permission to create users. To create a new user, please contact your the system administrator.
Failure on save if duplicate user. Unable to create the user because a user with the same username already exists. To continue, please create a user with a different username.
Unable to connect to the Product database. Unable to connect to the Product database which may affect some functionality. This may be for a number of different reasons. There may be no Internet connection, or the server that the database is on may be offline. Please check your Internet connection.
- if the user account is disabled, then the following error message will be displayed when the "Create User" button is clicked. The user will be returned to the Login page.
Type Reason Message Error User account is disabled. An unexpected problem occurred. If the problem persists, please contact your system administrator. Error code: <number>
- If the user account is deleted, then the following error message will be displayed when the "Create User" button is clicked. The user will be returned to the Login page.
Type Reason Message Error User account is deleted. An unexpected problem occurred. If the problem persists, please contact your system administrator. Error code: <number>
Roles and users permission mappings
Permission granted to user What user can see or do Which associated permissions are required? What if the associated permissions are not granted to user? View User View all users in User landing page.
View individual user details.
Export users to CSV.---
---
---
---
---
---Create User View all users in User landing page.
View individual user details.
Export users to CSV.
Create a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Edit User View all users in User landing page.
View individual user details.
Export users to CSV.
Edit a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Delete User View all users in User landing page.
View individual user details.
Export users to CSV.
Delete user.View User.
View User.
---
View User (No explicit permissions required for roles or license)N/A
N/A
---
N/AView and Manage Role View all roles in Roles landing page.
View individual role details.
Create/Edit a role.
---
---
Delete a role.---
---
View bots.
View devices.
View user, Edit user.
(No explicit permissions required for bots, devices or users)---
---
Robots will not be displayed in the Robots tab of the Create Role page.
Devices will not be displayed in the Device tab of the Create Role page.
Users table should not be displayed in Users tab of Create Role page.
---
Credential settings (AD/Non-AD)
- Audience & purpose
-
As a Product Admin, you want to generate a Master Key and connect to Credential Vault so that users can use the vault to secure their credentials and access it in their taskbots. This allows you:
- To secure the master key which is used to open the vault.
- To ensure access to Product is allowed only if vault is opened.
- To allow users to secure their credentials in the vault.
Credential settings and the Credentials Vault Master Key
On the first launch of Product, post installation, the Getting Started wizard → "Credential settings" page will be displayed.
- Embedded Help
Location Embedded Help Main screen, below page title The Credential Vault "Master Key" allows you to connect to the Credential Vault where you can create and store credentials that are required when running Robots. You must save the Master Key in a safe place for future reference. Ensure you do not lose the key. If you do, you will not be able to access the Credential Vault or, if Manual connecting mode is selected, the Product. Main screen, above radio buttons Select the connection mode for the Credential Vault. Main screen, Radio button - Express mode The system will store your master key and automatically connect to the Credential Vault.
Important note: For security reasons, do not use Express mode in your production environment.Main screen, Radio button – Manual mode You manually store your Master Key in a safe place and manually connect to the Credential Vault.
Important note: This mode is more secure and recommended for a production environment.- Express mode (will be selected by default)
- Master Key field: The Master Key for the Credentials Vault is generated and placed in this field when this page loads.
- The Master Key field will be enabled, read only, and display the new Master Key generated in encrypted form.
- If Express mode is not selected, then the Master Key should be disabled and shown as '**********'.
- Manual mode
- Master Key field: The Master Key for the Credentials Vault is generated and placed in this field when this page loads.
- The Master Key field will be enabled, read only, and display the new Master Key generated in encrypted form.
- The Copy button will be enabled and when clicked will copy the Master Key to clipboard, otherwise it will be disabled.
- If Manual mode is not selected, then the Master Key will be disabled and shown as '**********'.
- Once the wizard is completed, after clicking Save and Log in, the Vault will open in the selected mode.
- Note: The Admin must copy this Master Key and secure it in a safe place since the same will be required in the event when the vault gets closed.
- If the Master Key is lost then you will lose access to Product.
Validations
The multi-line text box showing the Master Key will be disabled for user input.
- It will display the "secure private key" that is used to open the vault.
- Based on the mode selected while configuring the vault for the first time, the "Product Settings" page - "CV Configuration" tab will display the selected mode, either Express or Manual.
- Each time the "Credential Settings" page is launched, it will display a different Master Key and that same key will not be generated again, even if the product is reinstalled multiple times.
Default "System" user
- Audience & purpose
-
As a Product Admin you want the "System" user to be reserved for the Product system user so that all actions that are carried out by Product itself are registered under the name of "System" user. This is used to:
- Reserve the "System" user for all actions initiated by Product itself.
- Differentiate all other users from the "System" user.
Description
In Product, wherever "system generated data" is displayed it will have the default username set to "System".
- The "Created by" or "Modified by" for system related data or actions will be set to the "System" user. This applies to:
- Roles for system-created roles.
- Creating the first Admin user.
- Audit logs of system-related activities.
- If a user with the "Create user" permission creates a new user with its username set as "System", then:
- The following field-level error message will be displayed.
Type Message Error Username "System" is reserved for the system user.
To continue, please use a different username and try again.- A custom user with same name will not be created.
Delete single user
- Audience & purpose
-
As a Product user having the Delete User permission, you want to:
- Delete a user.
- Delete the device to which the user was attached.
- Free the allocated license.
-
This is used to:
- Remove redundant users data and free-up license.
- Prevent unauthorized entry to users who have left the company.
Delete a user
Use the following steps to delete a user.
- In the Administration → Users page, select a user from the list and click Delete user.
- A confirmation message will be displayed as shown below.
Pop-up messages Reason Title bar Message Buttons (L to R) Confirm delete of a user without a license. Delete User. Do you want to permanently delete this user? "<username>" (<first name> <last name>) No, Cancel, Yes, Delete. Confirm delete of a user with a device license and un-registered. Delete user. Do you want to permanently delete this user? "<username>" (<first name> <last name>)
This will release the <license type> license allocated to the user.No, Cancel, Yes, Delete. Confirm delete of a user with a device license and registered Delete user Do you want to permanently delete this user? "<username>" (<first name> <last name>)
This will release the <license type> license and remove the device <hostname> the user has registered with.
▸ <license type> → Robot creator, Robot runner
▸ <hostname> → machine nameNo, Cancel, Yes, Delete. - Upon confirmation, the user will be deleted from Product.
- The allocated license, if any, will be made free.
- The device with which the user was registered, if any, will be deleted from the "Devices" list.
- The success toast will be displayed as shown in the following screenshot.
Validation
Note: The current logged-in user cannot be deleted.
- If a user attempts to delete, then the following error message will be displayed
Type Reason Message Error Cannot delete current user You cannot delete the current logged in user. - If there are multiple Admins, then only an Admin user can delete another Admin user (until you are left with a single Admin).
- A user cannot be deleted if any of the following conditions are met:
- If there are outstanding schedules created by the user.
- If the device with which the user has registered is in use by some other schedule(s).
- If the user has created a credential(s).
- If the user is a member (Owner, Participant) of a locker.
- The following error message will be shown if the user cannot be deleted:
Type Reason Message Error Fail to delete user Unable to delete this user due to one or more of the following reasons: To continue, please free up resources occupied by you and try again later.
- You have created some schedules which are running or pending for execution.
- Your device is busy running an automation process.
- You have created some credentials in the credential vault.
- You are a member of some lockers in the credential vault
- If the user does not have the "Delete user" permission, when clicking "Save changes" the following error message will be displayed.
- The confirm delete pop-up will close and the user will see the "Users" landing page.
- The "Delete" action will be removed from the "Actions" column.
Type Reason Message Error Permission not granted or revoked. You do not have permission to delete users.
To delete an existing user, please contact the system administrator.- If the user to be deleted is already deleted by some other user, then the following error message will be displayed.
Type Reason Message Error User does not exist. <name of object> wasn't found.
It may have been renamed or deleted.
To continue, please contact your system administrator.- If the current logged in user is deleted by some other user, and if this user is trying to perform any action, then he should be immediately logged out irrespective of whatever action he performs and the following error message will be shown on the Login dialog. See the screenshot following the error message data table.
Type Message Error An unexpected problem occurred.
If the problem persists, please contact your system administrator.
Error code: <number>
User-specific credentials
If a user is a consumer of a locker and has provided their values for some user-specific credentials, then post-deleting this user their credential values will also be deleted.
Security
Important notes:
- Only authorized users (Product Admins or users having the "Delete user" permission) can delete other users.
- Only an Admin user can delete other Admin user.
Roles and user permission mappings
Permission granted to user What user can see or do Which associated permissions are required? What if the associated permissions are not granted to user? View User View all users in User landing page.
View individual user details.
Export users to CSV.---
---
---
---
---
---Create User View all users in User landing page.
View individual user details.
Export users to CSV.
Create a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Edit User View all users in User landing page.
View individual user details.
Export users to CSV.
Edit a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Delete User View all users in User landing page.
View individual user details.
Export users to CSV.
Delete user.View User.
View User.
---
View User (No explicit permissions required for roles or license)N/A
N/A
---
N/AView and Manage Role View all roles in Roles landing page.
View individual role details.
Create/Edit a role.
---
---
Delete a role.---
---
View bots.
View devices.
View user, Edit user.
(No explicit permissions required for bots, devices or users)---
---
Robots will not be displayed in the Robots tab of the Create Role page.
Devices will not be displayed in the Device tab of the Create Role page.
Users table should not be displayed in Users tab of Create Role page.
---
Edit a user (AD)
- Audience & purpose
- As a Product user having the Edit User permission, you want to modify user details so that the user data is kept correct and up-to-date in Product.
Edit a user
Note: A user can be edited either from the All Users page or View User page.
Use the following steps to edit a user.
- In the Administration → Users page, select a user from the list and click the Edit user icon.
- The "Edit User" page will be displayed as shown in the following screenshot displaying the selected user details in Edit mode.
AD Edit mode:
- Modify the user details as required.
- Click Save changes to save changes to the user and return to the All Users page.
- A success toast will be displayed as shown in the following screenshot.
- Click Close/Cancel if no changes are made.
- Click Close or Cancel to discard changes and close the dialog.
Validations
The following fields can/cannot be edited for AD users.
Field name AD Enable Yes Domain No Username No Firstname Yes Lastname Yes Yes Role Yes Password N/A Confirm Password N/A License Yes Other validations are the same as in the Create User documentation.
- The current logged-in user cannot edit his own details.
- If the email address of the user is changed and the user has not verified his new email address, then the following error message will be shown on login to Product.
Edit a user (Non-AD)
- Audience & purpose
- As a Product user having the "Edit User" permission, you want to modify user details so that the user data is kept correct and up-to-date in Product.
Edit a user
Note: A user can be edited either from the "All Users" page or the "View User" page.
Use the following steps to edit a user.
- In the Administration → Users page, select a user from the list and click the "Edit user" icon.
- The "Edit user" page will be displayed as shown in the following screenshot with the selected user's details in "Edit" mode.
Non-AD edit mode:
- Modify the user details as required.
- Click "Save changes" to save the changes to the user and return to the "All users" page.
- A success toast will be displayed as shown in the following screenshot.
- Click "Cancel" to discard the changes and close the dialog box.
Validations
The following fields can/cannot be edited for Non-AD users.
Field name Non-AD Enable Yes Domain N/A Username No Firstname Yes Lastname Yes Yes Role Yes Password Yes (only if SMTP is disabled) Confirm Password Yes (only if SMTP is disabled) License Yes Other validations are the same as in the Create User documentation.
The current logged-in user cannot edit his own details.
If the user does not have the "Edit user" permission then the following error message will be displayed on "Save changes".
- The "Edit user" page will close and the user will return to the landing page.
- The "Edit user" action will be removed from the "Actions" column.
No "Edit user" permission Type Reason Message Error Permission revoked. You do not have permission to edit users. To make changes to the user, please contact the system administrator.
If the user account is disabled then the following error message will be displayed on "Save changes" and the user will return to the "Login" page.
Account disabled Type Reason Message Error User account is disabled. An unexpected problem occurred. If the problem persists, please contact your system administrator. Error code: <number>
if the user account is deleted, then the following error message will be displayed on "Save changes" and the user will return to the "Login" page.
Account deleted Type Reason Message Error User account is deleted. An unexpected problem occurred. If the problem persists, please contact your system administrator. Error code: <number>
Security
Note:
- For security reasons, the Edit User page will display the "Password" and "Confirm Password" fields as blank.
- When setting a new value in these fields, the actual values will be overwritten.
Roles and users permission mappings
Permission granted to user What user can see or do Which associated permissions are required? What if the associated permissions are not granted to user? View User View all users in User landing page.
View individual user details.
Export users to CSV.---
---
---
---
---
---Create User View all users in User landing page.
View individual user details.
Export users to CSV.
Create a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Edit User View all users in User landing page.
View individual user details.
Export users to CSV.
Edit a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Delete User View all users in User landing page.
View individual user details.
Export users to CSV.
Delete user.View User.
View User.
---
View User (No explicit permissions required for roles or license)N/A
N/A
---
N/AView and Manage Role View all roles in Roles landing page.
View individual role details.
Create/Edit a role.
---
---
Delete a role.---
---
View bots.
View devices.
View user, Edit user.
(No explicit permissions required for bots, devices or users)---
---
Robots will not be displayed in the Robots tab of the Create Role page.
Devices will not be displayed in the Device tab of the Create Role page.
Users table should not be displayed in Users tab of Create Role page.
---
Enable autologin
- Audience & purpose
- As a Product Admin, you want to control the Robot creator autologin to Product so that Robot creator is not misused in a production environment as Robot runner.
Robot creator: Enable autologin (default)
- Login to Product from the Product Enterprise Client as a "Robot creator".
- Exit the Client application and restart the Client.
- The Login dialog will not be prompted, and the Robot creator will autologin to Product.
Robot creator: Disable autologin
- Login to Product from a browser as a Product Admin.
- Go to the Administration → Users page, select the Client user, and click "Disable autologin".
- The autologin status of the Client user will be set to "Disabled".
- Now, login to Product from the Product Enterprise Client as a Robot creator whose autologin is disabled.
- Exit the Client application and restart the Client.
- The Login dialog will be prompted since autologin is disabled.
- Note: Robot runner has a default autologin and it cannot be disabled from Product.
Enable/disable user
- Audience & purpose
- As a Product Admin or user having User Management permissions, you want to disable/enable a disabled user to restrict or allow their access to Product. This is used to suspend or allow user access to Product.
Disable a user
Use the following steps to disable a user.
- Login to Product as a Product Admin.
- In the Administration → User page, select the user to be disabled.
- Click Disable from the Actions tool bar.
- The user status will be marked as Disabled.
Enable a user
Use the following steps to enable a user.
- Login to Product as a Product Admin.
- In the Administration → User page, select the disabled user to be enabled.
- Click the Enable action in the Actions tool bar.
- The user status will be marked as Enabled.
Email notification
If SMTP is enabled, then an email will be sent to the respective user's email address whenever a user account is enabled or disabled.
Note: See the Notify user via email when a user is enabled or disabled topic for further reference.
Validation
If a current logged-in user is disabled, then the following error message will be displayed.
Reason Title bar Message Buttons Cannot disable currently logged-in User. Unable to disable User. You cannot disable your own User.
To make changes to this User, please contact your system administrator.Close The enable / disable action will only be allowed if a user has Edit permissions. If not, then the action will not be visible.
If a current logged in user is disabled by some other user, then on performing the next action the current logged in user will be directed to the Login page with the following error message.
Type Message Error An unexpected problem occurred.
If the problem persists, please contact your system administrator.
Error code: <number>
Roles and users permission mappings
Permission granted to user What user can see or do Which associated permissions are required? What if the associated permissions are not granted to user? View User View all users in User landing page.
View individual user details.
Export users to CSV.---
---
---
---
---
---Create User View all users in User landing page.
View individual user details.
Export users to CSV.
Create a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Edit User View all users in User landing page.
View individual user details.
Export users to CSV.
Edit a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Delete User View all users in User landing page.
View individual user details.
Export users to CSV.
Delete user.View User.
View User.
---
View User (No explicit permissions required for roles or license)N/A
N/A
---
N/AView and Manage Role View all roles in Roles landing page.
View individual role details.
Create/Edit a role.
---
---
Delete a role.---
---
View bots.
View devices.
View user, Edit user.
(No explicit permissions required for bots, devices or users)---
---
Robots will not be displayed in the Robots tab of the Create Role page.
Devices will not be displayed in the Device tab of the Create Role page.
Users table should not be displayed in Users tab of Create Role page.
---
Enforce password policy change
- Audience & purpose
- As a user having permissions to set Password Policy via Product Settings, you set and save the password policy via Product "Settings". See: Password policy for Non-AD Product: Product Settings.
Description
The new password policy should be enforced for all users at their next login.
- Ensure that when the password policy is saved, when the user logs in into Product, and if their password does not meet the password policy requirement, they are shown the "Change password" screen where they have to input the old and the new password.
- This applies to ALL users (Admins and Non-admins).
- For Product Enterprise Client users, when users login into the AAE Client and if their password does not meet the password policy requirements, they will get a message:
Password Policy updated. Please login to Product and set a new password.
User flow
After you save the Password Policy, when users login into the Product, and if their password does not meet the Password Policy requirements, they will be asked to change their password so they adhere to the new password policies.
- The Product Admin changes the password policies.
- A user logs-in to Product.
- The user's password does not meet the new password policy requirement.
- The user is shown the following UI to set the new password:
- The tool-tip of the password fields will convey the new password policy. See the following screenshot.
Export users
- Audience & purpose
- As a Product Admin or user having any of the User Management permissions, you want to export user data to CSV to analyze it and generate reports if required.
- This is used for analysis and reporting purposes.
Exporting users
Use the following steps to export users and their data.
- Login to Product as a Product Admin.
- In the Administration → Users page, select a list of users to be exported.
- Click the "Export to CSV" action.
- The selected users list will be exported to CSV in the default browser's download path.
- The CSV filename will be: Product-<page title><time>.csv.
- For Non-AD user data, all columns except the "Password" and "Confirm Password" columns will be exported.
- For "Select All Users", if the table shows all columns, then the data exported will contain all the users and all the columns in the entire user table.
- If the table has some "hidden columns" then a confirmation message will be displayed.
- On confirmation, all the columns will be exported, otherwise only the visible columns will be exported.
- If no rows are selected then an information message will be displayed.
Password policy adherence for user management
- Audience & purpose
As a Product Admin user having "User management" rights and permissions, when you create a user in a Non-AD Product the password will adhere to the password policy set in the Product settings page.
Product enables Product Admins to set their own password policies for Non-AD, and when the user is created the password must adhere to the password policy. The Admin/user having the "Create/edit user" permission must know from the password field UI as to what the password policy is so that they can input the correct password.
Refer to the Password Policy for Non-AD Product : Product Settings topic for further information. This will ensure that the Product system adheres to the Password/InfoSec policies of the Enterprise.
Ensuring password policy
Being a Product Admin, ensure that the password for the user adheres to the password policy.
- If it does not, the password will not be accepted and the password box will remain "red-bordered".
If the user is asked to change the password for first time, the new password will adhere to the password policy.
- For Admin creation for the first time (when Product is initially installed) the default password policy will be used.
Tooltip on the Password field in Product User Management Page
When the above policies are set, the tooltip on the Password field will be as follows:
- If the "Password mix" is NOT set:
Unable to continue as the information in the Password field is invalid. The Password must be between <min> and <max> characters. To continue, please enter a valid password.
- If the "Password mix" IS set:
Unable to continue as the information in the Password field is invalid. The Password must be between <min> and <max> characters and must have at least one <alphabetical character>, <number>, <capital letter> and <special character>. To continue, please enter a valid password.
Security
Ensure that the password setting cannot be hacked (from the back-end) and the password policy bypassed.
Post Product Distributed installation (AD)
- Audience & purpose
- As a Product AD user, when you launch the Product for the first time, post distributed installation, you want the first-hand user experience to be smooth and user-friendly so that you can get the Product up and running with less of a learning curve.
Description
This is the same as the ""Post Product Standalone Installation (AD)" topic on this page, except that the wizard will display four tabs. See the following screenshot.
- License tab (if a trial license is expired)
- Product first administrator tab
- Product settings tab
- Credential settings tab
Refer to the following "Post Product Distributed installation (Non-AD)" topic for "Product settings" page details.
Post Product Distributed installation (Non-AD)
- Audience & purpose
- As a Product Non-AD user, when you launch the Product for the first time post a distributed installation, you want the first-hand user experience be smooth and user-friendly so that you can get the Product up and running with less of a learning curve.
Distributed installation
Refer to the "Post Product Express/Standalone installation (Non-AD)" topic in this page for the "Getting Started" wizard.
- If Product is installed in "Distributed mode", then on first launch of Product, the "Getting started" wizard will display the Product settings page after clicking "Next" on the "Security questions" page. See the following screenshot.
- Click "Next" on the Product settings page to display the "Credential settings" page.
- Click "Back" on the Product settings page to display the "Security questions" page.
Product settings
Refer to the Product configurations (distributed) topic in the "Settings" page for details on configuring Product settings.
- The focus will be set on the "Repository path" field and both the "Next" and "Back" buttons will be displayed.
- The "Back" button will be enabled whereas the "Next" button will be enabled only after all required fields are filled in on the Product settings page.
- In the left navigation pane, the second tab will show the security questions and answers which were input in the previous page.
- Click "Next" to display the "Credential settings" page.
- Click "Back" to display the previous page: "Security questions".
- Important note:
- Use the "Hostname" instead of the "IP address" when required at all places in this page.
Post Product Standalone installation (AD)
- Audience & purpose
- As a Product AD (Active Directory) user, after installing Product in Standalone mode, when you launch the Product for the first time you want the first-hand user experience to be smooth and user-friendly so that you can get the Product up and running with less of a learning curve.
Procedure
This is the same procedure as in the "Post Product Express/Standalone installation (Non-AD)" topic in this page, except that the wizard will display only three tabs. See the following screenshot.
- License tab (only if trial license is expired).
- Product first administrator tab.
- Credentials settings tab
Refer to the "Create first Admin user of Product (AD)" topic in this page for Product first Admin creation details.
- The "Next" button will be enabled once all required fields are filled in.
- Click "Next" to display the "Credential Settings" page. See the following screenshot.
- When the wizard has been completed, click "Save and login".
- The first Admin user will be created, and the Login dialog will be prompted with the success toast.
- Input the login credentials of the first Admin user just created.
- Once the login is successful, the Dashboard → Home page will be displayed.
- Note: For the first Admin AD user creation, you can specify any user to be the first Admin.
- In the case of a single domain, it could be either your own account or any other user account within the same domain.
- In the case of a multi domain, it could be any user belonging to any domain under the forest.
- The key point is:
- Once the first Admin user is created, the login to Product will be based on the login credentials provided.
Post Product Express/Standalone installation (Non-AD)
- Audience & purpose
-
As a Product Non-AD user, when you launch the Product for the first time post an Express/Standalone installation, you want to provide:
- A smooth and user-friendly user experience for the first admin creation and Product configuration.
- Less of a learning curve in order to get the Product quickly up and running.
Scenario: Product is installed in Express or Standalone mode
When launching Product for the first time, a "Welcome" page wizard will be displayed with a blank first admin creation page as shown in the following screenshot.
- The wizard should show 4 tabs in the order:
- License (only if the Product Trial license is expired)
- Product first administrator
- Security questions
- Credentials settings
- If the Product Trial license is not expired, then by default the focus will be set on the "Username" field of the "Product first administrator" page.
- Otherwise, the focus will be set on the license file path field of the "License" page.
- The "Save and Login" and the "Next" buttons will be disabled.
License tab
Refer to the Trial license expired (AD/Non-AD) topic in this page for details on installing a new license once a trial license is expired.
- After selecting the license file, the "Next" button will be enabled.
- Click "Next" to show the next tab: "Product first administrator".
- In the left navigation pane, the first tab will show the license file name which was input on the previous page.
Product first administrator tab
Refer to the Create first Admin user of Product (Non-AD) topic in this page for details on creating the first Admin.
- When you have input all of the mandatory fields, then the "Next" button will be enabled.
- Click "Next" to show the next tab: "Create security question".
- In the left navigation pane, the previous tab will show the username, firstname, lastname, and email id of the user which was input in the previous page.
Security questions tab
Refer to the Security Q&A (Non-AD) topic in this page for details on first admin security questions and answers.
- The focus will be set on "Question 1", the "Next" button will be disabled, and the "Back" button will be displayed and enabled.
- Click "Back" to display the previous "Product first administrator" page with pre-filled values.
- When you have input all of the security questions and answers, then the "Next" button will be enabled.
- Click Next to show the next tab: "Credential settings".
- In the left navigation pane, the previous tab will show the security questions and answers which were input in the previous page.
Credential settings tab
Refer to the Credential settings (AD/Non-AD) topic in this page for details on how to configure and connect the Credential Vault.
- The "Next" button will not be displayed.
- Click "Back" to display the previous security questions page with pre-filled values.
- When all inputs are provided in each of the tabs in left navigation page, the top command button "Save and log in" will be enabled.
- Click "Save and log in" to login and see the "Product Dashboard" → "Home" page.
- A success toast notification will be displayed as shown in the following screenshot.
Validations
Refer to the related stories mentioned above for field-level validations and error messages.
- If you go back to a completed step, the information previously provided in completed steps will be displayed.
- On completion of the wizard, the Product first Admin user will be created with the details provided, and will be able to successfully login to Product.
- If a new license file is selected it will be installed in Product.
- Ensure that:
- The security questions and answers are available for the first Admin user to reset their password.
- The Credential Vault is opened in the mode selected by the user.
- The "Dashboard" → "Home" page is displayed to the Product Admin upon successful login.
- While in the middle of the wizard, if the page is refreshed, then the you will get the standard warning message of "losing any unsaved data".
- The "Getting started" wizard will be displayed only when the first Admin user is not created in Product.
- If a page-level error occurs when clicking "Save and login", then the error will be displayed on the specific page and the wizard will remain open.
- If there are multiple page errors, then the error for the first page will be displayed first.
- If the error on first page is cleared, then the error for the next page will be displayed and so on, until all page level errors are resolved.
- For a concurrent scenario, if two users open the "Getting started" wizard and if one user has already completed the wizard successfully while another user is about to complete it, clicking "Save and login" for the second user will display the following error message and the user will see the "Login" page.
Type Reason Message Error Failure on save if the settings are pre-configured. Unable to continue because the Getting started settings already exists.
This may be due to concurrent access by some other user while you were configuring the settings.
To continue, please contact the system administrator.- If the server gets disconnected while saving, then the following error message will be displayed on the page currently being viewed.
Type Reason Message Error Failure on save if server is disconnected. Unable to continue because we could not reach the Product server.
This may be due to any number of reasons including Internet connectivity.
To continue, please check your Internet connection and try again.- Closing the browser and opening the browser again will launch the new wizard with the first page.
- Refreshing/reloading the page while configuring the settings at any point in time, the following confirmation message for losing unsaved data will pop-up.
Type Message Buttons Warning If you navigate away from this page, your changes made may not be saved.
Are you sure you want to proceed?Yes, No Note: On confirmation, the wizard will be relaunched and the previous input data will be cleared.
Register user from Product without the user having to login from a Robot runner
- Audience & purpose
- As a Product Admin you want to deploy your "Account Reconciliation" TaskRobot on a user's machine immediately after you created the user's account in Product.
Activate/deactivate a user
The Product Admin will have an option to activate or deactivate any user.
- Only "active" users will be allowed to connect to Product.
- A Product Admin will be able to deploy TaskRobots on all active users.
- This will be allowed for the newly created users who also have not connected to Product even once.
- Task deployment will only be allowed for "Run Time" users. This is the existing behavior.
Release license allocated to user
- Audience & purpose
-
As a Product user having the "License" permission:
- You want to release a license from a user when they are deleted.
- The device associated with the user no longer exists.
- Re-use that license slot for other users who need it.
-
This is used:
- To make the license available to some users who need it.
- To save license cost by effectively and efficiently utilizing the license.
Release a license when a user is deleted
Use the following steps to release a license when a user is deleted.
- In the "Administration" → "Users" page, select the user who has an allocated license.
- Delete the user.
- When the user is deleted, ensure that the allocated license is released.
- In the Administration → Licenses page, the usage count for the license will decrease.
- In Administration → Users page → Create User section, the available license for the released license will increase.
- The device entry should also be removed if the user had registered earlier.
Release a license from a Robot creator to a "None" license type
Use the following steps to release a license from a Robot creator to none.
- In Administration → Users page, select the user having a Robot creator license.
- Change the license type to None.
- Save the user.
- The following confirmation message (pop-up) will be displayed on Save.
Reason Title bar Message Buttons Releasing license Release license Do you want to release the license allocated to this user?
This will free-up the license and unassign the Robot Creator device assigned to this user.
Also, the user cannot login to Product from the same device.Yes, No - On confirmation, the license will be released and the Device license column will be set to None.
- In the Administration → Licenses page, the usage count for the license will decrease.
- In Administration → Users page → Create User section, the available license for the released license will increase.
- The device entry will also be removed if the user had registered earlier.
Release a license from a Robot runner to a "None" license type
Use the following steps to release a license from a Robot runner to none.
- In Administration → Users page, select the user having a Robot runner license.
- Change the license type to None.
- The following confirmation message (pop-up) will be displayed.
Reason Title bar Message Buttons Releasing license Release license Do you want to release the license allocated to this user?
This will free-up the license, delete all existing schedules, and unassign the Robot runner device assigned to this user.
The user cannot login to Product from the same device.Yes, No - On confirmation, the license will be released and the Device license column will be set to None.
- In the Administration → Licenses page, the usage count for the license will decrease.
- In the Administration → Users page → Create User section, the available license for the released license will increase.
- The device entry will also be removed if the user had registered earlier.
Audit
An Audit entry will be logged whenever a license is released from a user.
Restrict client login if unlicensed
- Audience & purpose
- As a Product Admin you want to restrict Client logins if the Product license is expired so that you do not violate the license terms.
- This is used to comply with license terms.
Restrict Client Access to Product
On Client login, if a license is not allocated, you will not be allowed to login to Product.
- Launch the Product Client and login to Product as a Robot creator or a Robot runner.
- If the user is not assigned any license, then an error message will be displayed to the user upon login.
- If the Client is already connected to Product, and later if the Product license is released, then:
- A tray notification will be displayed on the Client machine.
- The Client will be auto-disconnected from Product in five minutes.
Security Q&A (Non-AD)
- Audience & purpose
-
As a Non-AD Product user, you want to set three (3) security questions and answers of your choice so that you can provide your identity when you forget your password or you wish to reset your password.
- This will help validate the identity of Non-AD users.
Create security questions
Use the following guidelines to use the Security Q&A page.
- On first launch of Product, post installation, the "Getting Started" wizard → "Security questions" page will be displayed as shown in the following screenshot.
- The "Create security questions" section contains the following embedded help information:
Location Embedded help Main screen Please provide three security questions and the answers of your choice to be asked in case you lose your password.
Questions and answers are not case sensitive.Main screen field: Question 1 (below the field). Min characters = 3. Main screen field: Answer 1 (below the field). Min characters = 3. Important note:
▸ The minimum number of characters for a "question" is three (3) characters.
▸ The minimum number of characters for an "answer" is three (3) characters.- You must fill in/complete all of the three security questions and answers of their choice.
- Once the entries to the wizard are completed, click "Save and login" and the security questions and answers will be saved for the first Product Admin.
Validations
- Question field: maximum 256 characters.
- Answers field: maximum 50 characters.
- All three security questions and answers are mandatory and case insensitive.
- All three security questions must be unique.
- See following data table for on-page error messages.
Reason Message Question not minimum length We were unable to continue because the question was less than the minimum number of characters required. To continue, please retype your question. Answer not minimum length We were unable to continue because the answer was less than the minimum number of characters required. To continue, please retype your answer. Duplicate questions Unable to continue since one or more questions are found as duplicate. To continue, please provide unique value for each question. - Important note: Answers to all of the three security questions cannot be left blank.
Security
The Q&A must be encrypted and secured from unauthorized access.
Security Q&A (first login, Non-AD user)
- Audience & purpose
-
As a Non-AD (Non-Active Directory) Product user, you want to set three (3) security questions and answers of your choice to:
- Provide your identity when you forget your password.
- Reset your password.
- This is used to validate the identities of Non-AD users.
Prerequisites
A user account has been created in Product.
Create Security Q&A
Use the following steps to create the Security Q&A's.
- On the first-time login by any user (Admin or non-Admin user), the user will be forced to change the password by showing the Change Password page.
- Please refer to the Authentication section: Create or change password (first login, forgot password, Non-AD) for details.
- On clicking "Next" in the "Change Password" page, the "Security questions" page will be displayed if the user has not filled his security Q&A. See the following screenshot.
- Users must fill in all of the three security questions and answers of their choice.
- Once the Q&A is submitted the Dashboard → Home page will be displayed.
Note
As compared to version 10 LTS, the Security Q&A was provided only to Admin users. However in version 11.0 it is applicable to all users for Non-AD Product. This will enhance our security for validating the identity of users when they forget their password.
Trial license expired (AD/Non-AD)
- Audience & purpose
- As a Product user, when you reinstall Product and your Trial license is expired, you want to install the new license as part of the first-hand user experience so that you can continue using Product.
Installing a license when the Trial has expired
On first launch of Product, post installation, if the Trial license is expired and the Product Admin is not created, then the "Getting Started" wizard → "License" page will be displayed as shown in the following screenshot.
- Expired Trial license notice:
Your trial license has expired. To continue, please browse to select a license file and click Next.
- The license field will be enabled and empty.
- Click "Browse" to open the standard file browse dialog.
- Select a valid .license file.
- The license field will show the path of Product license file.
- Once all required fields are input in the wizard, click "Save and login" to create the Admin and install the selected .license file.
Validations
The "Next" button will only be enabled when the .license file is selected.
- Click "Next" in "License" page to open the next available page: the "Product Admin" will be displayed.
- Click "Cancel"" in the "File Browse" dialog to clear the selected file path (if any) and the error message (displayed from the previous selection) will also be cleared.
- When you select an invalid license file, the following validation messages will be displayed on the "Trial license" page, and the "Next" button will be disabled.
Reason Message Wrong type of file Unable to continue because the file you selected does not end with ".license".
To continue, please select an Product license file whose filename ends with ".license".Wrong type of file Unable to continue because the file you selected is not an Product license file.
Although it properly ends in ".license", when we read the file it is not in the correct format.
To continue, please select an Product license file.Note: You will only see this message if you select a .license file that has somehow been corrupted - When clicking "Save and login", if the selected license file is already expired, then the following validation message will be displayed on the "Trial license" page.
Reason Message Expired or invalid license file Unable to continue because the file you selected is either invalid or its license period has expired.
To continue, please install a new Product license.
If you do not have one, please contact your system administrator or Product Sales.
User Profile Tray
- Audience & purpose
- As a Product user you want to view or edit your profile settings keeping them updated as and when required.
Profile Tray
Use the following steps to update a user profile.
- Login to Product.
- If login is successful, you will see the "Profile Tray" in the header bar as shown in the following screenshot.
- Click the Profile Tray icon.
- The Profile Tray will open displaying your <firstname>, <lastname> and <email address> as shown in following screenshot.
- If a <firstname>, or <lastname> is not provided, then the <email address> will be displayed in place of a <firstname> or <lastname>.
- For a Non-AD user, the Profile Tray will display:
- The "Edit Profile" and "Change Password" links.
- The "Logout" button.
- For an AD user, the Profile Tray will display:
- The "Logout" button.
- Clicking outside of the tray will close the tray.
Editing a user profile
Use the following steps to edit a user profile.
- Click "Edit profile" to display the Edit Profile form as shown in the following screenshot.
- Edit the details <firstname>, <lastname> and <email address>.
- Click "Close/Cancel" to close if no changes are made, otherwise click Cancel.
- Click "Save changes"; this will be enabled if all fields are filled in.
Validations
Type Reason Message Error The format of the email address is incorrect. Unable to continue because the format of your email address is incorrect. To continue, please retype your email in the following format: name@company.com. Error Email and Confirm Email fields do not match. Unable to continue because the information in the Email and Confirm Email fields do not match. To continue, please retype your email.
Change password
Click "Change password" to open the Change password form.
Logout
Click "Logout" to logout from Product.
Verify user
- Audience & purpose
- This applies to Product Admins.
-
It is used to verify and validate a user account. As a Product Admin, you want:
- The user to verify their email address so you know their user status.
- Only allow verified users to login to Product.
Verify user (with SMTP disabled)
Use the following steps to verify a user with SMTP disabled.
- In the Administration → Users page, create a new user.
- Save the newly created user.
- The "Users" landing page will show the license status of this user as "Verified".
- Note: Only a verified user can login to Product from a browser.
Verify user (with SMTP enabled)
Use the following steps to verify a user with SMTP enabled.
- In the Administration → Users page, create a new user.
- Save the newly created user.
- An email will be sent to the user's email address.
- The "Users" landing page will show the license status of the user as "N/A" by default.
- When the user clicks the link to verify their email address from the email and completes first-time login flow, the user license status will be set as Verified.
- Refer to the Create or change password (first login, forgot password, Non-AD) topic.
- Go to the second subtopic on the page: "Create password on first login (SMTP enabled)".
- Note: Only a verified user can login to Product from a browser.
- If the user tries to login to Product without verifying his email address, then the following error message will be displayed:
Type Title Message Error Your email address is not verified. "Please check your email and click on the verify link.
If you have not received an email, please contact your system administrator."- The verification link sent in the email will expire once the user clicks on the link and sets the password to login to Product.
- After the first successful login, clicking the link the next time will make the link inactive and the following error message will be displayed:
Type Reason Title Message Error The user clicks the "Verify link" in the email twice after the first login. Oops! We couldn't find that page. The link you clicked is no longer available or has expired.
To continue, please contact your system administrator.
View all AD users
- Audience & purpose
- This applies to Product users having the "User Management" permission.
-
This is used to view and manage all AD (Active Directory) users in Product. As a Product user having the "User Management" permission, you want to:
- View a list of all Product AD users at a glance.
- Take action on a specific AD user or various selected AD users from the list.
View a list of all users
Note: All actions are the same as in the "View all Non-AD users" topic, except that this form will display an AD Domain field as shown in the following screenshot.
Reference: "View all Non-AD users"
View all Non-AD users
- Audience & purpose
-
This applies to Product users having the "User Management" permission. As a Product user having the "User Management" permission, you want to:
- View a list of all Product users at a glance.
- Take action on a specific user or various selected users from the list.
- This is used to view and manage all Non-AD users in the Product.
View a list of all users
Use the following steps to view all non-AD users.
- The Administration → Users page will display list of all Non-AD users created in Product as shown in the following screenshot.
The Admin as well as the current user will also be displayed in the Users list.- The list will be sorted by default based on Username.
- The "User Type" column will display following values:
- If Role = Admin, then the value = Admin.
- If Device License = Robot runner, then the value = Robot runner.
- If Device License = Robot creator, then the value = Robot creator.
- Otherwise, the value = Other.
- The "Device License" column will display following values. See the following screenshot.
Value Condition N/A No License allocated. Robot creator Dev license allocated. Robot runner (TaskRobots) Runtime license only allocated with TaskRobots (default). Robot runner (TaskRobots, IQRobots) Runtime license with TaskRobots and IQRobots. - The "User Status" column will be set to "Enabled" or "Disabled" based on whether a user is active or inactive.
- The "License Status" column will display the following values:
Value Condition N/A Only for Product (if SMTP is enabled). Verified The user verified his/her email address if SMTP is enabled. Registered The user logged in from an Product Client. Note: Please refer to the following "Verify User" topic for details on status transition. - If an optional field is left blank by the user, then the column value will display two dashes ( -- ).
- If there are multiple roles assigned to the user, the "Roles" column will display the role names as seen in the following screenshot.
- It will display <rolename> and "<count> more" as a link.
- Click the link to pop-up a list of all roles assigned to the user in alphabetical order.
Row-level actions
- Actions for an Admin user
Action Admin user Other users View Yes. Yes. Edit Yes, except for his own user account. Yes. Delete Yes, except for his own user account. Yes. Enable/Disable Yes, except for his own user account. Yes. - Actions for a user having "User Management" permissions
Action Admin user Other users View No. Yes. Edit No. Yes, except for his own user account. Delete No. Yes, except for his own user account. Enable/Disable No. Yes, except for his own user account. - Note:
- ▸ If the current row has a user entry as enabled, then the Action will show the "Disable" icon otherwise it will show the "Enable" icon.
- ▸ The row level actions button will be visible only if the user has respective "User Management" permissions.
Table-level actions
These are the same as in the View all roles topic.
Validation
The first Admin user created during Product installation will be displayed in the users list.
- The currently logged-in user will be displayed in the users list.
- If an Action is taken on the current logged-in user, then the following related error messages will be displayed:
Action Message Edit You cannot modify the current logged in user. Delete You cannot delete the current logged in user. Disable You cannot disable the current logged in user.
View details of a user (AD, Non-AD)
- Audience & purpose
- As a Product user having the "View" permission, you want to view details of a specific user to be aware of the user, its license, and the roles assigned to it.
Select a user
- In the "Administration" → "Users" page, select a specific user and click the "View" icon.
- The "View" users page will display details of the selected user. See the following screenshot.
View Admin user
Only a user with the "Admin" role can view other Admin users.
- If the user is an Admin user, then the License and License status fields will be set to N/A.
- If this is the only/single Admin, then you cannot disable the only Admin in the system.
- If there are multiple Admins, then you can disable the user until you are left with a single Admin.
- The "Roles" table should list all of the roles assigned to the user.
- See the error messages in the following topic, "View logged-in user".
View logged-in user
If the user is a current, logged-in user, then display the following error messages.
Reason Title bar Pop-up error messages Buttons Cannot disable currently logged-in user. Unable to disable user. You cannot disable your own user.
To make changes to this user, please contact your system administrator.Close Cannot edit currently logged-in user. Unable to edit user. You cannot edit your own user except under Profile, at the top of the page.
To make other changes to this user, please contact your system administrator.Close
View other user
Use the following steps to view the other user.
- Clicking the Disable button (if user is already enabled), the User status field will be set to Disabled.
- Clicking the Enable button (if user is already disabled), the User status field will be set to Enabled.
- Clicking the Edit button, the "Edit user" page will be displayed for the user currently being viewed.
Authorizations
See the following data table regarding authorizations.
Role View Admin user View current user View other user Enable/Disable Edit Admin Yes. Yes. Yes. Yes, except own user. Yes, except own user. View user permission No. Yes. Yes. No. No.
- A normal user having "View" privileges can view all users except Admins, RobotFarm Admin, and Robot Insight Admin.
- A RobotFarm Admin or Robot Insight Admin cannot view the "Users" page.
Viewing a Non-AD user with SMTP disabled
For security reasons, the View User page will hide the Password and Confirm Password fields (in 10 LTS these fields were shown as blank in Edit mode).
Viewing AD users
The "View" page for an AD (Active Directory) user is same as for a Non-AD user, except that it additionally shows the "Domain" field and does not show the "Password" field.
Roles and users permission mappings
Permission granted to user What user can see or do Which associated permissions are required? What if the associated permissions are not granted to user? View User View all users in User landing page.
View individual user details.
Export users to CSV.---
---
---
---
---
---Create User View all users in User landing page.
View individual user details.
Export users to CSV.
Create a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Edit User View all users in User landing page.
View individual user details.
Export users to CSV.
Edit a user.View User.
View User.
---
View and manage roles to assign roles to user.
View and manage licenses to assign license to user.N/A
N/A
---
Roles table will not be displayed in the "Create user" page.
License table will not be displayed in the "Create user" page.Delete User View all users in User landing page.
View individual user details.
Export users to CSV.
Delete user.View User.
View User.
---
View User (No explicit permissions required for roles or license)N/A
N/A
---
N/AView and Manage Role View all roles in Roles landing page.
View individual role details.
Create/Edit a role.
---
---
Delete a role.---
---
View bots.
View devices.
View user, Edit user.
(No explicit permissions required for bots, devices or users)---
---
Robots will not be displayed in the Robots tab of the Create Role page.
Devices will not be displayed in the Device tab of the Create Role page.
Users table should not be displayed in Users tab of Create Role page.
---