Priority
|
Must have.
|
Context of Use
|
Only authenticated end-users are allowed to gain access to the portal
resources. This access restriction applies to all portal resources, including
content and services. This portal relies on the user IDs maintained in the
corporate LDAP directory.
|
Scope
|
The portal end-users identify themselves only once for a complete online
session. In the case that an idle time-out occurs, the users must reidentify
themselves. If the portal end-user identification fails more often than a
specified amount of allowed retries, access to the intranet should be revoked
or limited (deactivated) until a system administrator reactivates the account.
In this case, the portal end-user should be advised to contact the authorized
person. The identified portal end-users are able to access only the data and
information that they are authorized for.
|
Primary User
|
Portal end-user.
|
Special Requirements
|
None.
|
Stakeholders
|
Portal end-user.
|
Preconditions
|
The portal end-user:
-
is an authorized user.
-
has a standard corporate LDAP user ID. The LDAP user ID must
be provided to each employee.
-
has an authorized LDAP entry.
-
has access to the corporate intranet.
-
does not have a guest account.
|
Minimal Guarantees
|
Friendly customer-centric message. Status—with error message indicating
whom to call.
|
Success Guarantees
|
Presented with Portal Desktop home page. Authentication. Entitlement.
Personal information.
|
Trigger
|
When any portal page is accessed and the end-user is not yet logged
in.
|
Description
|
-
End-user enters the portal URL.
-
If the customization parameter [remember login] is set, then
automatically login the user and provide a session ID.
-
If first time user, prompt for LDAP user ID and password.
-
End-user enters previously assigned user ID and password.
-
Information is passed to Access Manager for validation.
-
If authentication passes, assign session ID and continue.
-
If authentication fails, display error message, return end-user
to login page; decrement remaining attempts; if preset attempts exceed limit,
notify user and lock out the account.
|