Permalink: https://doc.oneportal.fi/x/AYEW
Table of Contents |
---|
...
The content of Main Menu is dynamic. Content depends on roles, permissions, and services activated for the namespace. The
...
following list of selections is not available for all user accounts. Only Dashboard is available for everyone.
...
Dashboard
...
Dashboard view for a user with full permissions
Dashboard is an overall view of the state of the system. There you can verify that everything is in order. If something has gone wrong, administrators are able to see where the fault or error is. This makes recoveries faster and enhances quality of service.
Some user accounts see more information than others, as available information depends on the roles each user account has. You are able to hide/show panels by pressing the button on the top-right side of the screen "Panels".
For normal users, Dashboard provides easy access to some more common functions.
...
All Namespaces
As described briefly earlier, onePortal™ is a multi-tenant system. A tenant is a customer organisation. A namespace in onePortal™ roughly represents a tenant, and menu selection Namespaces is where tenants are managed. To make things more flexible, one customer organisation may have multiple namespaces, which can be managed with a single, or multiple user accounts (as needed). It is recommended to combine customer organisations (tenants) multiple namespaces together by defining a common prefix for the namespace code, when it is created. This is not mandatory, but makes managing the platform easier and less error-prone.
Below is a picture of onePortal™ after selecting All Namespaces on the Main Menu. This selection opens the list of namespaces.
The selection buttons Add, Edit, and Delete are rather intuitive, and deserve not much explanation. In the upright corner is a menu button Actions, which opens a menu for executing less common tasks, such as importing new namespace(s), exporting a selected existing namespace(s), exporting all existing namespaces, or printing a report on namespaces.
This Main Menu selection is only available for user accounts with role Portal Admin or Portal Auditor.
Namespace
As described briefly in the chapter introduction, this is where basic information and settings of current namespace is managed. Selecting this menu selection on the Main Menu directly opens namespace editor. This Main Menu selection is only available for user accounts with role Namespace Admin or Namespace Auditor who can edit or view (respectively) their “own” namespace settings.
Next we will cover briefly the namespace editor tabs. It is important those responsible of namespace settings in general and security specifically, are familiar with these settings.
Core
This tab contains the basic information about the namespace. Name given to namespace makes the namespace identifiable and unique. Other settings define some general settings used for all users in the namespace.
Perhaps the most important field is the decision on sign in naming policy. This can be changed later, but the new setting only affect user accounts created after the change. Sign-in names of user accounts created before the policy change are not affected.
The recommended setting is 8 random numbers for small namespaces or 10 random numbers with namespaces, where million or more user accounts are expected.
See the picture for currently available options for sign in account naming policy.
Tip: When creating a specially named service account, temporarily change the policy to “Manually defined” before creating the account, and then restore it to original preferred setting.
Another important field is the list of valid email address domains. If sign-in name based on email address is used, the email address domain part must be one of these domains. The domains are presented in the listed order on the drop-down menu. For convenience, you should have the primary email domain as first domain on the list.
If there is no real need for this limiting of domains, just leave the field empty, to allow any domain.
When entered, domain names may be separated with line feed (enter), comma (,), or semi-colon (;). They are packed and stored intelligently after selecting Save to save any changes made.
User interface
Here are the settings for allowing or disallowing the use of nicknames in the system, password recovery process, inviting new users including the validity time of invitation and access to full user preferences view.
Features
Use of external Lightweight Directory Access Protocol (LDAP) can be configured here as well as settings for sending SMS messages from the system.
...
Each onePortal™ namespace has its own private URI to sign in dialogue. This dialogue may also show organisations own logo instead of the general onePortal™ logo. It is also possible to add a namespace private external address which also shown this private sign in dialogue. These branding related settings are all defined in this tab.
Miscellaneous
Event Logging is an important part of organisation auditability. If organisation requires any kind of formal certification or has an internal security policy, Event Logging must remain enabled.
This tab contains the logging level settings for all events of the namespace.
Default Event Logging level is to log all events with severity level of Warning or more severe. Some organisations require this setting to be Information. For a short time for troubleshooting this setting can be increased to Debug. Leaving it to Debug for extended period of time will cause warnings to be logged to the Event Log. If the organisation has no special requirements for Event Logging, the log level could be increased to level Error.
Severity level Warning is the default, and is the recommended setting for Event Logging.
This tab also contains the settings for enforced acceptance of Terms and Conditions and Privacy Policy. Also, the legislation applied is set here.
Namespace admins
Here you can define the user accounts with Multi-namespace role, who may manage the namespace. This view is only available for Portal Admins and Portal Auditors.
Personal data
The settings of how the right to be forgotten as defined in the General Data Protection Regulation of European Union is administered in the namespace are defined here.
...
Please note that not all of these may be available to all users.
MyData, allows you to download all personal data on your account stored by Trivore Identity Service.
Cluster members, allows you to view the current cluster members and their status.
User details, allows you to view information about your current session and other useful user details.
Accounts in namespace, allows you to view information on the current namespace.
Account preferences, allows you to quickly perform actions related to your account.
Personal Data Request (PDR), allows you to request Personal Data Requests on your account.
Accounts that are linked with my account, allows you to view user accounts linked to your user.