User configuration
The User Configuration function is available to all devices and device groups for which Session Logon has been enabled.
You can use this function to:
- Select an organization and to configure connectors for all users:
- Organizations: Displays all the Organizational units
(departments) that are currently configured and enables you to select an
organization
Organizations cannot be supported when the Session Logon service is configured with Azure Active Directory type.
- Organizations: Displays all the Organizational units
(departments) that are currently configured and enables you to select an
organization
- Select a specific Active Directory security group or Azure Active
Directory group and assign connector profiles for it:
- Active Directory security group: extends the list of available connector profile buttons that can be displayed on the ShareScan main screen
Select an organization
- In the User Configuration pane, right-click Organizational Units and then click Add Organizational Unit. The Organizational Units window appears. The window includes domain and access information.
- In the
Organizational Units window, search for organizational units
by entering characters in the
Organizational Unit (ou) field and clicking on the
Search
button. In the list, the matching organizational units, that are
configured in the Active Directory, are displayed. Double-click an
organizational unit to add to the list of departments for User configuration
and click
OK.
To remove an organizational unit, right-click it and then click Remove Organizational Unit. To restrict an organizational unit from selecting connectors that are available via the All Users group, select the organizational unit and then click Restrict Personalization.
- All Users: In addition to connectors selected for the Organizational unit you belong to, this configuration is available to all users authenticated using Session Logon.
Select an Active Directory security group
Prerequisites
- Session Logon must be configured and enabled for the device
- Session Logon should have Active Directory access (Directory Type = Windows Active Directory, Credential = Anonymous or Use Credential or Use ShareScan Manager service credentials)
- User Configuration must be enabled for the device
Limitations
- Currently, nested Active Directory security groups are not supported
- If the AD group membership information is changed for a user who has already logged in to ShareScan once, the membership changes only take effect after the user logged in a second time
To select an Active Directory security group
- In the User Configuration pane, right-click Security groups and then click Add Security Group . The Select Active Directory Group window appears including access information.
- In the Select Active Directory Group window, search for groups by selecting a Domain, entering characters in the Group name field and clicking on the Search button. In the list the matching Active Directory groups, that are configured in the Active Directory, are displayed. Click the specific Active Directory group to select it for User configuration and click OK. On the User Configuration pane, the selected group is displayed under the domain that it belongs to.
To remove an Active Directory group, right-click it and then click Remove.
To remove all Active Directory groups under a domain, right-click the domain and then click Remove.
Select an Azure Active Directory group
Prerequisites
- Session Logon must be configured and enabled for the device
- Session Logon should have Azure Active Directory access (Directory Type = Azure Active Directory)
- User Configuration must be enabled for the device
Limitations
- Currently, nested Azure Active Directory groups are not supported.
- If the Azure AD group membership information is changed for a user who has already logged in to ShareScan once, the membership changes only take effect after the user logged in a second time.
To select an Azure Active Directory group
- In the User Configuration pane, right-click Azure AD groups and then click Add Azure AD group. The Select Azure Active Directory Group window appears including access information.
- In the Select Azure Active Directory Group window, search for groups by selecting a Tenant configured in Session logon service, entering characters in the Group name field and clicking on the Search button. In the list the matching groups, that are configured in the Azure Active Directory, are displayed. Click the specific Azure Active Directory group to select it for User configuration and click OK.
To remove an Azure Active Directory group from User Configuration, right-click it and then click Remove.
To remove all Azure Active Directory group under a tenant, right-click the tenant and then click Remove.
Role-based configuration
With this feature, you can allow specific Connectors to be displayed for authenticated users who belong to a specific Organizational Unit (OU). Before you start, complete the following prerequisites:
- Session Logon must be configured to add an OU to this list.
- User configuration setting must be enabled for the device or group of devices.
Double-click an OU to add it to the list. Now, the Connector Profile selection page is displayed where you can select a set of Connector Profiles for an OU/Department instead of selecting Connector Profiles for a device.
The authenticated user (via Session Logon) is presented with the set of Connectors that are configured by you for the OU/Department the user belongs to.
The Connector Profile selection page also offers a layout option to set the order of appearance for connector profiles on the device screen.
- Click the
Layout button. The
Arrange layout window opens with the following settings:
- Connector
- Profile
- Display name
- Order of appearance
- Drag and drop the profiles to re-arrange the order of appearance of the connector buttons on the device screen and click OK.
Role based configuration options
- If the Organizational Unit (OU) the user belongs to is not configured with any Connectors, the Connectors in the All Users group are displayed at the Main form, along with the My Config button, where you can customize the selection of Connectors for your account.
- If the All Users group is not configured with any Connectors, the device’s default set of Connectors is displayed.
- If the device is not configured with any Connectors, the No Connectors are configured message is displayed on the Main Form.
- If the OU/Department the user belongs to and the All Users group is configured with one or more Connectors, then by default (for the first time), the OU Connectors are displayed along with the My Config button, where you can customize the Connectors for your account.
You can restrict an OU/Department from not being able to customize the Connectors from the All Users group by right-clicking the OU and selecting Restrict All Users. This is useful, when you want to restrict certain departments from customizing the generally available Connectors from the All Users group.
Role based configuration restrictions
- Renaming an OU is not allowed.
- An OU can be removed from the list by right-clicking the OU and selecting the Remove Organizational Unit menu item.
- The Settings and Scanner tabs are hidden when configuring this feature as they only apply to a Device/Device Group.
Device/Role based configuration chart
|
Device |
OU/Department |
All Users |
Connectors displayed on Main Form |
|---|---|---|---|
|
Device A |
None (no Active Connector profiles). |
None (no Active Connector profiles). |
Device Connectors. |
|
Device A |
One or more Active Connectors. |
None (no Active Connector profiles). |
Connectors in OU (default). Personalization is not available. |
|
Device A |
One or more Active Connectors. |
One or more Active Connectors. |
Connectors in OU (default). Personalization available via My Config button (Personalization button on the Main form, through which you can personalize your choice of Connectors at run time. |
|
Device A |
One or more Active Connectors. Restrict All Users (menu item, if checked, restricts the OU/Department from using the Connectors from the All Users group, that is, Personalization is restricted). |
One or more Active Connectors. |
Connectors in OU (default). Personalization is not available. |
|
Device A |
None (no Active Connector profiles). |
One or more Active Connectors. |
Connectors in All Users(default). Personalization is available via My Config button (Personalization button on the Main form, through which you can personalize your choice of Connectors at run time). |
| Profiles configured for device | Profiles configured for OU* | Profiles configured for AD* | Result (which connector profile assignment is used?)** |
| No | No | No | No profile buttons |
| No | No | Yes | AD |
| No | Yes | No | OU |
| No | Yes | Yes | OU + AD |
| Yes | No | No | Device |
| Yes | No | Yes | Device + AD |
| Yes | Yes | No | OU |
| Yes | Yes | Yes | OU + AD |
* SessionLogon must be configured, SessionLogon must be enabled for the device, User Configuration must be enabled for the device in order to use this
** We consider that the user is a member of a specified Organizational Unit (OU) or Active Directory group (AD)
Personalization feature
With this feature you can configure Connectors, make them available for any user. This gives the user the ability to maintain the user's own personal set of Connector profiles based on the user's login information.
You can personalize the set of Connectors only when Session Logon along with the User Configuration options are enabled and if at least one or more Connectors are activated in the All Users group.
If there is only one active profile in the All Users group, the My Config button is still visible, even though you cannot access My Config at runtime.
When you log in for the first time, you are presented with Connectors selected for this department, along with the My Config button. You can click the My Config button to further select any generally available Connectors other than the departmental Connectors. Once you select the desired Connectors and click OK, the Main form is reflected with the changes immediately. At least one Connector profile must be selected for personalization
When the user first logs in Departmental Connectors, they always supersede Connectors listed in the All Users group. In other words, Connectors selected in the Department the user belongs to are displayed on the Main form and the user can customize Connectors by using My Config, where they are presented with both the Departmental and Connectors from the All Users group.
Personalization restrictions
- If the same Connector profile is selected in both the Department and the All Users group, only one entry or instance of this profile is visible in the list presented in the My Config page (at the Client).
- If the Department does not have any Connectors selected, Connectors from the All Users group are displayed by default on the Main Form, along with the personalization button (My Config).
From the main form you can continue with your activity and or log off at any time. The next time you log in, the Main form is presented with all the buttons configured in the previous login. You can choose to reselect any of the available Connectors via the My Config button.
If at any point of time you want to remove/modify a generally available Connector profile (from the All Users group), it is reflected immediately the next time you log into the system. In case of an unselected or deleted Connector profile, the profile is removed from your personal set of Connectors.