Oracle® On Track Communication Administrator's Guide Release 1 (1.0) Part Number E20957-02 |
|
|
View PDF |
You can review and manage user accounts, and invite new users to access Oracle On Track Communication, using the On Track Administration Console.
This chapter contains the following topics:
From the Users or Groups page, you can search for any On Track user or group, including those in the database or an LDAP realm. Enter all or part of the user's or group's name in the search field and click Search.
To return a list of all users or groups, leave the search field blank (or enter the wildcard character, %
) and click Search. All user accounts or groups in On Track will be listed.
Every On Track deployment includes one database realm. User accounts are either created in the database realm, or created in an LDAP directory and then synchronized with an LDAP Realm. The default Admin account is always seeded in the database realm.
To manage users in the database realm, connect to the On Track Administration Console, and click Users. Perform a search and then double-click the user or select a user and click Open Properties
This section contains the following topics:
If the On Track Database Realm has User Creation enabled, you can invite a user from the administration console.
Note:
If Enable Self Signup from Login Page is also enabled, you do not need to individually invite users. Instead, you can publicize the URL for the Oracle On Track Communication end-user client login page, and users can then create their own accounts.To invite a user, from the Users page, click Create User. Enter an e-mail address for the user and click Create. An invitation e-mail will be sent to the user containing a link which they can click to access their account, and an account will be created for them.
Once the user uses the link to log in, their account will be marked as This user is verified in the user properties.
Users invited in this manner are never added to an LDAP Realm. If you want to add users to an LDAP realm, see "Managing LDAP-Based Users".
See Also:
To set user creation policies for your database realm, see "Configuring Realms".Oracle On Track Communication can be configured with an LDAP-based user directory by creating and configuring an LDAP Realm. Once communication with the LDAP directory is established, users that exist in the LDAP directory can be added as users of On Track.
You can configure an LDAP Realm to allow any user that exists in the LDAP directory to use self signup. If Enable Self Signup from Login Page is enabled for the LDAP Realm, you do not need to individually invite users. Instead, you can publicize the URL for the Oracle On Track Communication end-user client login page, and users can then log in to Oracle On track. The first time such a user authenticates, On Track creates a corresponding account for them in the LDAP Realm by synchronizing a subset of user data from the LDAP directory.
You can use LDAP Search configuration to confgure On Track to allow all or a subset of LDAP user accounts to authenticate and be synchronized with your On Track LDAP Realm.
LDAP Realm users are always authenticated directly with the LDAP directory. These users never configure a separate password for Oracle On Track.
To review an LDAP Realm user's account and configure their user properties, connect to the On Track Administration Console, and click Users. Perform a search and then double-click the user or select a user and click Open Properties.
For information about configuring Oracle On Track to use an LDAP-based user directory, see "Configuring LDAP Realms".
When a user account is created in Oracle On Track, it is granted a set of privileges based on the default privileges for the user's realm. Subsequently, you can alter user privileges individually.
The following privileges are available:
Verified: Existence of the user account has been verified by On Track, by one of two mechanisms:
The user was located in an LDAP directory, as defined by an LDAP realm.
An e-mail was sent to the user, and the user clicked on the link in that e-mail to verify their identity.
Enabled: Determines whether the user can log in. If this privilege is not enabled, the user can not log in to On Track.
Admin: user is allowed to perform administrative functions for the On Track server. For example, a user with Admin privileges can:
Manage users and groups
Manage realms
Shut down the On Track application instance
Send a message to all logged in users
Act on Behalf Of: The user is allowed to perform end-user functions on behalf of another user. This is typically used in integration scenarios, where an agent posts messages or uploads documents on behalf of another user. When this privilege is used, the message that is created will indicate both the user that performed the action, and the user on whose behalf it was performed.
Developer: The user is allowed to perform specialized administrative functions. This privilege, and the actions it enables, should only be used when directed by Oracle support.
Can Discover: The user can see Public conversations, even if the user is not a member of that conversation.
Can Create Conversation: The user can create new conversations.
Conversation Discoverable by Default: Whether new conversations that are created by this user are public by default.
See Also:
The default settings for Discover, Create Conversation, and Conversation Discoverable are set by realm configuration properties. You can then modify the settings on a per-user basis using the above user account settings.For more information on configuring realm properties, see: "Configuring Realms"
Discoverability privileges are typically used in a scenario where an On Track instance is used by both employees and guests or outside workers (such as consultants, vendors, or customers). You might want your employees to create public conversations that can be seen by other employees, but not by guests. In this case, employees would have "Can Discover" set to true, and guests would have it set to false. Furthermore, you might not want outsiders to create private conversations; if they did, they would be using On Track resources with no benefit to the corporation. In this case, outsiders would have "Conversation Discoverable Default" set to true, so that new conversations that they create will be public (and therefore can be seen by employees who have "Can Discover" set to true.)
If a user attempts to log in to Oracle On Track Communication but provides incorrect authentication credentials five times, the user account will be temporarily locked. When you search for users in the Users page of the On Track Administration Console, locked users have a lock icon in the lock column.
You can manually unlock an account by selecting the user and clicking the Unlock User button.
If you do not manually unlock a user account, it will be unlocked automatically after 20 minutes.
In Oracle On Track Communication, groups are created in two ways:
Users can create groups from within the On Track Communication client
Groups that exist in an LDAP-based user directory can be synchronized with an On Track LDAP Realm
You can use the On Track Administration Console to review the properties of these groups.
To review groups, connect to the On Track Administration Console, and click Groups. Perform a search and then double-click the group or select a group and click Open Properties.
See Also:
For a description of group properties, see "Managing Groups" in the Oracle On Track Communication Administration Console Help.