An additional account administrative component has been added to the Account Management (formerly called User Management) module. This administrative component that will facilitate the management of account-level attributes will be specific/separate for each LSAC client account. Changes made to the account details of a specific LSAC account will apply to all the users that are part of that LSAC account.
The account role, namely, Account Admin, is a new user role that has been specifically created to access and modify limited account-level attributes, such as MFA Settings, IP address and so on, for an LSAC client account. The Account Admin can perform CRUD operations on account parameters from a centralized UI. The Super Admin user can appoint multiple users to execute the role of Account Admin for one or more LSAC accounts.
Apart from the Account Admin user, there is a Super Admin user (a designated Saama Admin user) who has access to and can edit some specific account-level attributes such as Application Access to the LSAC account, Account Name and so on.
The Super Admin user also has access to all the LSAC accounts, from a single, centralized UI, and is able to modify account-level configurations of each of these accounts without having to login into every LSAC account. The Super Admin user is the only user who has access to another administrative component, namely, the All Accounts tab that contains account details of all the LSAC accounts. This tab can be navigated to, from the Account Management module.
Note: The Super Admin user role can be provided to a Saama admin user only via the KC server. The Key Cloak (KC) server is LSAC's authentication server that contains all user and account details for all of the LSAC accounts.
Note: The Account Admin will also have access to the other administrative tabs, such as, Users, User Groups, and Personas. The User Admin will have access to all administrative tabs except the tab, Account Details. A User Admin can be given the necessary permissions to be an Account Admin.
Managing a single LSAC account
This section describes the steps that an Account Admin user can undertake to manage an LSAC client account. It also briefly describes the various account-level configurations. An Account Admin user may have one or more LSAC client accounts to manage.
To manage an LSAC account as an Account Admin user, follow the steps below:
- Login into the LSAC application as an Account Admin user.
- Select Administration from the platform left navigation bar and then click Account Management.
- Select the Account Details tab and the user can see the screen as shown below.
- The user is able to see the LSAC account along with some account-level attributes, such as, Application Access, Multi-Factor Authentication, and so on.
- Click Edit Details to make changes to an account-level attribute that will reflect for all the users that are part of that LSAC account.
- Under Edit Account Details, the Account Admin user can make the following changes:
- Account Name: This is a read-only field for the Account Admin user. It allows the Super Admin user to enter a unique name for the LSAC account that will not be visible to other users and will be seen only by the Account Admins and Super Admin.
|Note: The Account Name can have a maximum of 180 characters. The characters supported as 'A-Z', 'a-z', '0-9', and '-'.|
- Display Name: Allows you to enter a unique display name for the LSAC account that will be visible across the LSAC application to all logged in users in the top right corner of the top navigation bar. This display name will also identify the LSAC client account when the logged in authorized user wants to switch to another LSAC account.
- Allowed IP Address/CIDR Blocks: Allows you to modify or change the IP address of the LSAC account. One or more IP addresses can be entered, separated by comma. The placeholder displayed assists the user to enter an IP address in the format specified. If the IP address is entered in an invalid format or if an authorized user tries to log in and is out of the IP address range specified, then an error message is displayed.
- Application Access: This is a read-only field for the Account Admin user. It allows the Super Admin user to specify the applications that all the users of the LSAC account will have access to. Applications are added with comma separators between two applications.
- Instance: Allows you to specify the type of instance as Development/Stage/UAT/Production, that is deployed through the specified IP address. A single instance corresponds to a single instance type. By default, the instance is marked as Development.
- Session Timeout: Allows you to set the time period for an idle user session before the logged in user is automatically logged out of the application or the user session expires. This single selection dropdown parameter allows you to choose from a time period of 5 minutes to up to 90 minutes. By default, the time period is set to 30 minutes before the logged in user is automatically logged out.
- Multi Factor Authentication: Allows you to enable/activate MFA (Multifactor authentication) that adds an additional layer of security by verifying user identity through a one-time password (OTP). By default, this setting is Inactive/Disabled.
- Terms and Conditions: This is a read-only field for the Account Admin user. It allows the Super Admin user to disable the acceptance of terms and conditions of Saama as the new user registers into the LSAC application. By default, this field is enabled. Once set, it will be applicable across all the user authentication scenarios, such as MFA, and SSO, for that LSAC account.
- Email Notifications: Allows you to disable/enable email notifications. Enabling this field will send out emails to all users notifying them of any updates to the LSAC account, such as, Application Access email, User Removal email, Account Access email and so on. Disabling this field would still send out all mandatory emails to LSAC users such as New User email, Account Setup email, Password Change/Reset email and so on.
- All mandatory fields are marked with a red asterisk.
- Hover over the Info symbol that appears next to the input field label to get more information about that input field.
- Click Save Changes to apply all the changes to the LSAC account. This button will be enabled only if all necessary inputs are satisfactory.