Administer > Administer the suite > Accounts > How to edit an account

How to edit an account

  1. From the main menu, click Accounts.

  2. Click the account in the ID column to display the selected account.

  3. Click the tab you want to view or edit. See Account details below. The General tab is displayed by default.

  4. Save your changes.

Account details

General tab

Field Description
ID Account ID.
Shared service type

Shared service type:

  • Provider

  • Managed

  • Standard

Name Account name.
Account Type

Account type:

  • Presales
  • Partner
  • Test
  • External customer
  • Internal customer
Customer Parent customer.
Tier

Account tier:

  • Bronze
  • Silver
  • Gold
  • Platinum
Owner Owner of the account.
Region

Region of the account.

Country

Country of the account.

State State of the account.
City City of the account.
On boarding date On boarding date of the account.
Description

The description that captures the details of the account.

User tab

This tab displays the users that belong to this account.

  • You can click New to add new users to this account. For more information, see How to create a user.

  • You can change the authentication type of account users. For more information, see Authentication type.

Tenant tab

This tab displays the tenants that the users of this account can access.

Contact tab

This tab displays the contact information for this account. You can add or edit the contact.

Authentication tab

This tab enables you to configure external authentication with LDAP or federated SAML IdP.

Note If this account is enabled with suite SSO and the authentication type is LDAP, you can only add SAML IdP configurations here.

To add an LDAP configuration:

Tip You can repeat the following steps to add multiple LDAP configurations.

  1. Click New. Select LDAP configuration.

  2. Complete the LDAP field mappings as described in the following tables. An initial user sync is triggered after a valid LDAP connection is added.

    LDAP server settings

    Field Description OpenLDAP Example value
    Display name Display name of the server.  
    Hostname The fully-qualified domain name (server.domain.com) or IP address of the LDAP server.  
    Port

    The port used to connect to the LDAP server (by default, 389).

    389
    Base DN Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search. dc=Service Management Automation,dc=com
    Group DN Base distinguished name for the Group object. The Group Base DN is the top level of the LDAP directory that is used as the basis of a search for the Group object. ou=groups,dc=Service Management Automation,dc=com
    Group DN Type
    • Group
    • Organization Unit

    Normally, for Group DN start with CN (e.g. CN=CSAGroups,DC=adfshp,DC=com), select Group as Goup DN Type; For for Group DN start with OU (e.g. OU=Accounts,DC=adfshp,DC=com), select Organization Unit as Goup DN Type.

     
    User ID (Full DN)

    The fully distinguished name of any user with authentication rights to the LDAP server.

    cn=admin,dc=Service Management Automation,dc=com
    Password Password of the User ID. If the LDAP server does not require a User ID or password for authentication, this value can be omitted.  
    Enable SSL

    If your LDAP server is configured to require LDAPS (LDAP over SSL), select the Enable SSL checkbox.

     
    SSL public key

    If the Enable SSL checkbox is selected, the SSL public key certificate is required for LDAPS connection.

    -----BEGIN CERTIFICATE-----
    MIIErjCCA5agAwIBAgIQBYAmfwbylVM0jhwYWl7uLjANBgkqhkiG9w0BAQsFADBh
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    …………..
    UQ9Qqtb1GX91AJ7i4153TikGgYCdwYkBURD8gSVe8OAco6IfZOYt/TEwii1Ivi1C
    qnuUlWpsF1LdQNIdfbW3TSe0BhQa7ifbVIfvPWHYOu3rkg1ZeMo6XRU9B4n5VyJY
    RmE=
    -----END CERTIFICATE-----
    

    LDAP attributes

    Field Description OpenLDAP Example value
    Mail Email address of the user. mail
    Login name The fully-qualified domain name (server.domain.com) or IP address of the LDAP server.  
    First name

    First name of the user.

    givenName
    Family name Family name of the user.  
    Middle name

    Middle name of the user.

     
    Office phone number Office phone number of the user.  
    Home phone number Home phone number of the user.  
    Office phone number

    Office phone number of the user.

     

    Mobile phone number

    Mobile phone number of the user.

     
    Zip code Zip code of the user.  
    Language Language of the user.  
    Location Location of the user.  
    Customer unique Id Unique ID. employeeNumber
    Group membership The name of the attribute(s) of a group object that identifies a user as belonging to the group. If multiple attributes convey group membership, the attribute names should be separated by a comma. If no name is entered, default values are used. member, uniqueMember
    Manager identifier The name of the attribute of a user object that identifies the manager of the user. manager
    Manager identifier value The name of the attribute of a user object that describes the value of the Manager Identifier's attribute. For example, if the value of the Manager Identifier attribute is a distinguished name (such as cn=John Smith, ou=People, o=xyz.com) then the value of this field could be dn (distinguished name). Or, if the Manager Identifier is an email address (such as admin@xyz.com) then the value of this field could be email. dn

    User login settings

    Field Description OpenLDAP Example value
    User name The name of the attribute of a user object that contains the username that will be used to log in. The value for this field can be determined by looking at one or more user objects in the LDAP directory to determine which attribute consistently contains a unique user name. The valus is usually an email address. uid
    User search base Specifies the location in the directory from which the LDAP search begins.
    The value of User search base must start with OU. See Example value for reference.
    OU=idmtest,DC=adfshp,DC=com
    User search filter

    Specifies the general form of the LDAP query used to identify users during login. It must include the pattern {expression}, which represents the user name entered by the user when logging in, for example, {0}.

    The filter uses the following example: (&(objectclass=person)(cn={0}).

     
    Search subtree When a user logs in, the LDAP directory is queried to find the user's account. The Search subtree setting controls the depth of the search under User search base. If you want to search for a matching user in the User search base and all subtrees under the User search base, make sure the Search subtree checkbox is selected. If you want to restrict the search for a matching user to only the User search base, excluding any subtrees, unselect the Search subtree checkbox.  

The following example is a typical LDAP configuration for your reference.

To add a SAML IdP configuration:

  1. Prerequisites

    1. (Optional) If you are establishing the mutual trust between external IdP and IdM via https, upload an external IdP certificate to the following directory:

      {nfs_global_volume}/certificate/idm

    2. Get external IdP metadata.xml, contact your IT administrator to get file location, save this file with a specific name, for example, metadata_external_idp.xml.

    3. (Optional) If the mutual trust is not established via https, upload the IdP metadata file to {nfs-global-volume}/certificate/samlmeta, make sure the file name is unique in this folder.

    4. Go to CDF management console, open idm deployment configuration.

    5. Change replicas to 0, then click UPDATE.

    6. Change replicas back to 1, then click UPDATE. Wait several minutes for IdM to start up.

    7. Download the suite's IdM metadata using the following URL: https://<EXTERNAL_ACCESS_HOST>/idm-service/saml/metadata

    8. The metadata is downloaded as an XML file, you can rename this file. Add the downloaded metadata file as a new relying party trust.

  2. In Authentication tab, click New. Select SAML configuration.

    Note Make sure there are active tenants for this account before adding SAML configuration. For more information about tenants, see How to create and edit a tenant.

  3. Complete the following SAML server settings.

    Field Description
    Display name Display name for this configuration.
    Server URL
    • If the mutual trust is established via https, enter the https URL of the external IdP metadata.

    • If the mutual trust is not established via https, enter this URL: /samlmeta/<external IdP metadata.xml>

  4. Federated IdP users can access the tenant after the configurations are completed. The user profile is synced to Suite Administration after the user logs in for the first time.

To bypass the SMAX login page and go directly to the SAML login page

You can go directly to the SAML Login page by add the AUTH=SAML parameter at the end of the access URL of the SMAX login page.
For example: https://<FQDN>/saw/ess?TENANTID=xxxx&AUTH=SAML

To map the attributes between IdP and BO User

The following table shows the attributes mapping between External IdP and BO User.

External IdP Attribute (for reference) BO User Attribute
Login name Name ID
First name

firstName

Middle name middleName
Last name familyName
Full name fullName
Office phone number officePhoneNumber
Home phone number homePhoneNumber
Mobile phone number mobilePhoneNumber
Language language
Location location
Zip code zipCode
Email email

Password Policy tab

This tab enables you to configure password policy settings for this account.

Field Description
Upper and lower case If this setting is enabled, at least one uppercase letter and one lowercase letter are required.
Numerical

If this setting is enabled, at least one numerical digit is required.

Special character If this setting is enabled, at least one special character is required.
History check If this setting is enabled, users cannot use their previous two passwords when they change passwords.
Minimum length Specifies the minimum length of a password.
Maximum length Specifies the maximum length of a password.
Expiration check If this setting is enabled, the system requires users to change their passwords in a period of time specified in the Password age (days) field.
Password age (days) Specifies the number of days that a password can be used before a user has to change it.

 

Related topics