In Aligned Elements, each project hosts its own set of Users. In the User Management, users with User Management rights can create and manage User. Any User action that changes project data is stored in the Project History.
To access any Project via the web-client application, Aligned Elements use an additional authentication layer to grant access to the web-client application. This access also provides a single point of authentication for any project. I.e. a Web user can log in to the web-application using his/her credentials (i.e. web user name and password) and load any project where he/she has access. The Web user name has to be identical to the user name listed in the user management for any project but the password may be different.
The Project user can only be used to access the Project directly via the windows-client for Aligned Elements.
In the Navigation Bar, select Settings => Manage Users, to access the User Management view. Here you may add, modify and disable users.
A user must belong to at least one User Group. A User Group defines the permissions/rights with regard to the available document object types.
When a new user is added for the first time to the web-application, a Web user is automatically created and the user will be sent an email to confirm his/her email address and to set an initial password. If no email address was entered, then the user has to be manually informed to register (see Log In) his email address. The project user, which is only directly accessible from the windows-client, will receive an initial default password which is the same as the user name and has to be changed after the first login.
A user that attempts to log in with incorrect credentials more than three times in a row, is automatically locked out. A locked out user can be try logging in again after 5 minutes.
If a user has forgotten the password and did at an earlier time successfully confirm his/her email address, clicking on Forgot your password will mail a link to set a new password.
New users are optionally notified via email about having received a user in a project (provided that Email settings have been set up).
Click on the Add Users button to create a new row for a User. Either select a known listed user or click cancel to manually add the applicable data in the respective cells.
This is the name of the User. The User Name is used for authentication and is also listed in the Project History in association with all data integrity relevant actions the user performs in Aligned Elements.
If the organization is using Active Directory or LDAP, it is recommended to use the users existing Windows user name as Aligned Elements user name. It is also possible to directly integrate with a local Active Directory and perform user credential validation via Active Directory.
The Full Name represent the normal name of the user (first name and last name). Even though it is not mandatory, but good practice to fill in the User's Full Name.
The Email address is used when Aligned Elements sends emails when e.g. when getting invited or reminded about participation in a Signature or Review, when an email is sent out as part of a workflow or when changes occurs to a Favourite Document Object to which the user has signed up to be notified when changed.
The Windows Domain is optionally used when configuring Aligned Elements to allow users to sign in with their Windows Passwords.
The E-Certificate option is necessary when the user wants to sign files/documents electronically using a digital certificate.
In Aligned Elements, a user cannot be deleted or removed. However, disabling a user prevents him/her to access the system. A user is disabled, either explicitly by another user (ticking the Disabled box and save), or automatically when having tried to sign in using incorrect credentials more than three times.
When a new user is added, the initial default password is the same as the user name and has to be changed after the first login within 5 days of the user creation. The password state is now Pending. If the initial login happens within 5 days, the state will change to OK and all is well. If more than 5 days pass until the user logs in the first time, the log in will not be accepted and the user’s password state will be marked as Expired. To allow the user to log in again, an administrator with User Management rights have to Reset the password to its default value i.e. the user name.
If a user does not remember his password, another user can reset that user's password which means that the password is equal to the user name. The next time the user logs in, he/she must select a new password. This login must occur within five days of the reset.
This reports the last known login time for the user.
With this option, a user manager can select a default Dashboard to be displayed to the user when he opens the project. If selected, that user cannot select any other Dashboard.
If an existing Tag has been selected with this option, the user in question will only be able to access objects within that Tag. Document Objects created by that user will automatically be added to the Tag.
A user must belong to one or more User Groups. The aggregated rights when belonging to several User Groups are the combined positive rights.
When completed, click Save to save the changes. Alternative click Cancel to cancel the action.
The Column E-certificate provides the possibility to add a certificate (for digital signatures). Click the Assign link to upload the user’s electronic certificate.
In conjunction with uploading the certificate, the password of the certificate has to be added. If the certificate and password are valid, the Assign link will change to Valid. If the certificate should expire, the Valid link is changed to Invalid.
Information from the certificate will be used when applying Signatures to PDF document when applying an Electronic Signature.
As described above, the Web user is authenticated in a separate layer to the Project user. The Web user can be associated with the optional Admin role which enables the user to manager other Web users and create projects directly from the Web-client application.
The additional actions are listed in the Select Project View if your current user has the Admin role.
Web user can be enabled/disabled and the email address may be corrected. It is also possible to initiate a resend of the confirmation email for a user from the 'Manage Users' view. Additionally the view presents an overview of to which projects the user is assigned. This additional project specific information is possible to hide using the action 'Show/Hide Project Information'.
All relevant actions performed on a web user are captured and can be inspected in the user audit log. Actions recorded are:
User Registered / Failing to register
Confirmed Email / Failing to confirm
User Lockout and Disable
Failed to Sign
Update External Login provider
From the windows-client, It is possible to alternatively use your windows password for login. This can be especially useful if you are simultaneously active in a large number of projects and are forced to keep track of many different passwords. To enable the Windows login the following conditions needs to be satisfied:
The Aligned Elements user name needs to be identical to the Windows user name.
The project setting Allow Windows Logon needs to be activated.
The Aligned Elements user needs to define the Windows Domain in which the windows user is active (if any). This is done in the User Management View.
To copy users to a different project, click the Copy to Projects button. Select the Users to copy in the leftmost Copy column and optionally tick the Overwrite existing Users checkbox above the table. Once one or more Users have been selected, click Save and select the Target Projects in the displayed dialog.
Click OK to start the operation.
If the User does not exist in the target project(s), a new User with the corresponding user data is created. For this new user, the default password will be the same as the user name.
If a User with the same name as the copied user exists in the target project(s), the Full name, Email, Windows domain and user groups (provided that they exist) are copied to the user in the target project.
Disabled users cannot be copied.
Passwords are never copied. Password reset does not apply to copied users that exist in the target project.
If a user group associated with the copied user exists by name in the target project(s), the user will be automatically be associated with that user group.
If a user group associated with the copied user does not exist by name in the target project(s), that user group association will not be recreated in the target project.
For existing users, all user groups are removed from the existing user in the target project and the user groups defined in source user are added to the user if they exist in the target project. If this results in the user having no user groups, then the copy action for that particular user is skipped in its entirety for the given target project.
It is possible to export the user information to file. In the User Management click Export Users and select which users you want to export by ticking the checkboxes in the left most Export column. Click Save to complete. A file with the name Users@<projectname>.urs is created containing the user information. This file can later be imported in different project.
To import users, in the User Management click Import Users and select a valid .urs file.
Select the users listed in the file, that you want to import. The Import Form displays if a user with the same user name already exists. Importing the user results in overwriting the current data with the data in the file.
The initial password for a created imported user is set the user name (just like when you create a user) and has to be changed at first login.
If a user group associated with the imported user does not exist in the target project, that user group association is deleted after import.
If a user group associated with the imported user exists in the target project, the user will automatically be associated with that user group.
For existing users, all user groups are removed from the existing user in the target project and the user groups defined in the import file are added to the user. If this results in the user having no user groups, then the import action for that particular user is skipped in its entirety.