This page introduces basic tasks that the System Administrator needs to carry out in order to use Ubisecure SSO and its services.

After installing and setting up the Ubisecure SSO accordingly, the System Administrator can log in to the Ubisecure SSO Management application.

The initial login and password for the System Administrator identity is presented in page SSO Single Node Installation.

After successful login to Ubisecure SSO Management, the administrator can see the following view (Figure 1).

Open

Open
Figure 1: The first view after logging into Ubisecure SSO Management

The System Administrator view differs from the view seen by Site Manager. The Site Manager cannot configure the "Global Method Settings" and cannot reset the server secret.

The typical tasks in Ubisecure SSO Management after the first login are creating new objects on the server. For more details, please see the following chapters.

The tree hierarchy in the database can be used to partition a large database into smaller entities, which are then easier to manage.
For example, the site structure used to manage the employees of a company can be created to match the organizational hierarchy of the company:

• Corporation

  • Management

  • Production

  • Research

Another way to divide entities in the organization is to assign each kind of object for each site:

• Corporation

  • Applications

  • Groups

  • Users

  • Roles

Another important purpose of the Site hierarchy is the concept of delegation of management tasks. Each Site can be assigned a set of users as Site Managers that can manage any of the entities contained within that Site, including any sub sites. It is also important to note that Ubisecure SSO hides and prevents access to any other sites where the user is not assigned to the sites Site Administrator groups.

An example of delegating management tasks to Site Managers:

• Corporation; Managed by "System Administrators"

  • Research; Managed by "Research Administrators"

  • Production; Managed by "Production Administrators"

In this scenario the members of the System Administrators group can see and manage the entire database whereas the members of the Research Administrators group can see and manage entities only within the Research site.

1. Select a site where you want to add a new site.

2. Click "New…".

3. "Create site" window opens up. Give name and description for the site, and click OK to continue.

You have now created a new site.

1. Select a site where you want to add a new group.

2. Select "Groups" to add a group.

3. Click "New…".

4. "Create Group" window opens up. Give name and description for the group and click OK to continue.

You have now created a group.

1. Select a site where you want to add a new user.

2. Select "Users" to add an user.

3. Click "New…".

4. "Create User" window opens up.

5. Give the user a "Name" which appears in the Ubisecure SSO Management.

6. Give the user a "Username" which works as user ID.

7. Give the user a "Mobile Phone" number if user has mobile authentication methods in use.

8. Give the user other information if needed.

9. Click status "Enabled" to enable the user account.

10. Click OK.
    New user is now created.

11. Give the user a password by clicking "Reset password".

12. Type the password, enable the authentication method and click OK to continue.

13. Give the user the authentication methods he is allowed to use by clicking "Methods".

14. Select the allowed methods and click Update to continue.

15. Add user in the group that was created earlier by clicking "Member of".

16. Click "Add", select the group you want to add user to, and click OK to continue.