Users

Click on image to zoom

Creating a User

Users are given access to the search appliance and will have access to data, depending on the users group permissions and security collections. If a user has need to only interact with IMAT APIs, see the Script User section below.

1. In the navigation pane, click Users.

2. In the Users screen, click add_circle found in the top right corner.

3. Choose Create new user.

4. In the Add User screen, enter the following information:

   1. In the Username field, type the login name for the user. Usernames can contain the following characters:

      • numbers

      • letters (uppercase and lowercase)

      • _ (underscore)

      • - (hyphen)

      • . (period)

      • * (asterisk)

      • @ (at sign)

   2. In the Full Name field, type the actual name of the user.

   3. In the Password field, type the password for the user. This is a temporary password and the user is required to reset the password at first login. Remember the password because you need to share it with the user. Once you leave this screen, you will be unable to view the password again.

   4. Confirm the password by typing it again.

   5. Enter an Email address. IMAT Versions prior to 8.5 do not have this capability.

   6. In the Available Groups area, click on the groups to add the user to. The list of groups the user is added to is found in Added Groups. Different IMAT applications require different roles for access. See Search Appliance Roles for more information.

      Note:

      All users must be assigned to the searchappliance_search and a security collection or the search_by_id role to access the dashboard and all search-related roles.

   7. Click Save.

A notification appears confirming that the user has been added.

Clicking arrow_back returns you to the list of users without saving the changes.

Password Requirements

IMAT Solutions's basic password requirements are found below; however, the rules regarding passwords may vary depending on how the search appliance was configured:

• Must contain at least 12 characters

• Must contain at least 1 uppercase letter, 1 lowercase, 1 number, and 1 special character

• Will expire after 60 days

• Cannot change unless it has been at least 24 hours since the creation of the current password—this includes creation of new user*

• Cannot reuse the past 24 passwords

• Cannot use words found in the dictionary; combine them with other words, ThisIsMyPassword, or use a random set of letters

* This excludes administrators changing passwords through the Admin Console.

It should be noted that only one user can be added at a time unless the bulk user wizard is used.

Click on image to zoom

Creating a Script User

Script users are intended to be used by computers to programmatically access the system via access-tokens instead of passwords. A script user account won't automatically lock due to inactivity. It is a user set up to interact with IMAT's APIs.

One use case is for health exchange/CCD on-demand where the third party partner is given an account with an associated access token. It isn't used to log in as an end user but for the API requests to trigger between our systems.

Another example is if there is extra processing that needs to happen around set generation beyond our default behavior. A script is written to handle the extra needs and uses a token to query IMAT APIs as needed.

1. In the navigation pane, click Users.

2. In the Users screen, click add_circle found in the top right corner.

3. Choose Create new script user.

4. In the Add User screen, enter the following information:

   1. In the Username field, type the login name for the user. Usernames can contain the following characters:

      • numbers

      • letters (uppercase and lowercase)

      • _ (underscore)

      • - (hyphen)

      • . (period)

      • * (asterisk)

      • @ (at sign)

   2. Enter a Description. The description should be added to help you remember why the user needs the account.

   3. Add an Available Group.

   4. Click Save.

Click on image to zoom

Click on image to zoom

Adding Users in Bulk

It is possible to add multiple users at one time using the bulk option and CSV data. Only create a batch of users that should be included in the same group or groups because customizing groups by user is not possible through this feature.

1. From the Admin: Users screen, click more_vert.

2. Select Bulk add users from CSV.

3. Select the number of fields in your data.

4. Select Header Row if your data has a header row. If this option is selected, the first row of data does not appear as a new user.

5. Enter the data, upload a CSV file, or copy it from a CSV file and paste it here. Data must be in CSV format. All lines of data must be in the same order; however, it does not matter which order the field columns are in as long as it is consistent throughout the data. Extra fields are acceptable. If commas are needed in a field, you may enclose the text in quotes, "Doe, Jr.".

6. Click Next.

7. When you get the message that the there are no errors in the data, click Next. If an error is found, a table appears with the rows of data and the identified error. Click Prev to return to the data to fix it.

8. Match the columns with the username, password, first and last names, and Email. If the name of your data is found in different fields (i.e. last name and title) you can select more than one column of data to complete the field. The first row of your data appears at the bottom of the dialog.
   IMAT Versions prior to 8.5 do not have the Email capability.

9. Click Next.

10. Select which groups to add the users to. Groups cannot be created from this screen, so they must be created beforehand. Click Next.

11. Review the data then click Add Users.

12. Click Close after reviewing the results. A Failed to create message appears if the user could not be created. The most common reasons are that the username is duplicated or that the password does not meet the minimum requirements. Before closing the final screen, you can download a CSV file of the list of users in the batch by clicking file_download. If you open that file, you can see the reason for any failed attempts to create a user.

Click on image to zoom

Editing a User

Edit a user's groups, lock or unlock a user, disable or enable the user, and reset a user's password in the User Details screen.

Clicking on any user opens a pane on the right to enable editing.

Click on image to zoom

Editing Full Name

On occasion, an administrator may need to change the full name of a user. This may be because a spelling error or a name change. To do so, follow the steps below:

1. Click edit next to the user's name.

2. Make the change.

3. Click Update User.

Click on image to zoom

Disabling And Enabling a User

A disabled account prevents a user from logging into the system. Users are automatically disabled if they have not logged into the system after 60 days. An administrator may also disable and account if the need arises. A good example is when an employee no longer is employed, but the administrator would like to keep the username in order to access audit logs. A message will appear below the Disabled toggle stating why a user is disabled.

Disabling a User

To disable a user, follow the steps below:

1. In the navigation menu, click Users.

2. Locate and click the user.

3. Click Disabled in the pane on the right. The toggle changes from gray to blue.

The Disabled column now contains a check mark next to the user.

Enabling a User

To enable a user, follow the steps below:

1. In the navigation menu, click Users.

2. Locate and click on the user.

3. Click Disabled in the right pane. The toggle changes from blue to gray.

Click on image to zoom

Unlocking and Locking a User

A locked account prevents a user from logging into the system and also prevents a user from resetting his or her password. An account becomes locked when a user incorrectly keys in the password multiple times consecutively.

Unlocking a User

To unlock a user, follow the steps below:

1. In the navigation menu, click Users.

2. Locate and click the user.

3. Click Locked in the pane on the right. The toggle changes from blue to gray.

The Locked column no longer contains a check mark next to the user.

Locking a User

To lock a user, follow the steps below:

1. In the navigation menu, click Users.

2. Locate and click on the user.

3. Click Locked in the right pane.

In most cases, if an administrator would like a user to not have access to his or her account, Disable should be used to differentiate between a user's actions and an administrator's actions.

Click on image to zoom

Setting a Temporary Password

There are times when a user needs his or her password reset before logging into the server. An administrator can create a temporary password for the user that is for one-time use only. The user will be required to reset the password the next time they log in. To set a temporary password, follow the steps below:

1. Click Users in the navigation pane.

2. Select the user you wish to edit.

3. Click Reset Password in the pane on the right.

4. Enter the New Password.

5. Retype the password in Confirm Password.

6. Click Reset.

The Password Expired column contains a check on the Users screen for the following two reasons:

• A password has been set by an administrator and the user hasn't yet logged in.

• The configured amount of time has passed since the user last reset their password.

Click on image to zoom

Assigning User Groups

There are times when a specific group of users should have access to the same information. See Roles to see the security groups available through the search appliance. Groups are used in security collections and system sets and can limit the information a specific set of users can view. Dashboards can also be created for individual groups.

1. Click Users in the navigation pane.

2. Select the user you wish to edit.

3. Click Manage Groups.

4. Move the groups that the user should be assigned to from the left column to the right column:

   • Click add by the group name to move one group to the user.

   • Click fast_forward to move all the groups to the user.

5. Click Save.

Remove a user from groups by one of the following means:

• Click close by the group in the right column.

• Click fast_rewind to remove all from the right column to the left.

• Click Reset to return all groups to their original position.

Click on image to zoom.

Editing a Script User

Script users are easily identifiable by the computer icon next to their usernames. You may edit the following items for a script user: description, enable or disable an account, manage groups, manage Access Tokens, or delete.

To edit the description, click edit and retype the description before clicking Update Description.

Click on image to zoom

Deleting a User

We recommend that you disable rather than delete users if they’ve logged in to and used their account. Deleting a user removes all auditing information and can affect other aspects like access tokens, sharing, etc. However, if you have determined that deleting a user will have no negative effects, you may delete a user by following the steps below:

1. Click Users in the navigation pane.

2. Locate and click on the user.

3. Click Delete User in the details pane on the right.

4. Confirm you would like to delete the user by typing the username on the line provided. It is case sensitive, so you must capitalize as it prompts.

5. Click Delete.

Click on image to zoom

Downloading a List of Users

It is possible to download the list of users as a CSV file:

1. Click more_vert.

2. Click file_download Download list as CSV.