Settings - Configuration - Users
- Pavel Novák
In this settings section the administrator specifies various settings affecting users, specifically:
Appearance
User name display
Changes the display of the user's name on the main application bar (on the top right). Available options:
Username (default) - this is what was shown before this setting was introduced
E-mail
First-name Last-name
Last-name First-name
Default settings for new users
Newly created user’s account will have the following default settings:
User permissions
Default permissions, that will be granted to newly created users. For descriptions of the permissions, see User permissions.
Disable inactive users
Sets the automatic inactive user account disable function. The action is performed once a day. Disabling an account means removing the active account setting, see Add user. The administrator can enable the user’s account again by editing the account and setting it as active. But if such user will not log in and therefore not perform any acitivity, his account will likely be automatically locked again.
Automatically disable inactive users
One of the following options can be set:
Off - the function is off, no accounts are automatically disabled
Local - only local accounts (created manually inside the application) are automatically disabled
Remote - only remote accounts (created automatically after login using an account from AD or ADFS) are automatically disabled
All - all accounts are automatically disabled after the inactivity period (set below)
(default: Off)
Inactivity period before account is disabled
The number of days, after which a user account is considered inactive and will active account setting disabled.
(1-36500, default: 180)
Simulation
The SIMULATION button allows for a dry run of the operation without executing the actual action, displaying a preview of the list of accounts that would be affected by the actual execution of the operation.
Below the list displayed in the simulation, there is also a button available that allows for the immediate execution of the actual action, thus locking the accounts mentioned.
Delete inactive users
Sets the automatic inactive user account delete function. The action is performed once a day. Deleted accounts cannot be restored, but can be created as new again.
Automatic users deletion
One of the following options can be set:
Off - the function is off, no accounts are automatically deleted
Local - only local accounts (created manually inside the application) are automatically deleted
Remote - only remote accounts (created automatically after login using an account from AD or ADFS) are automatically deleted
All - all accounts are automatically deleted after the inactivity period (set below)
(default: Off)
Inactivity period before account is deleted
The number of days, after which a user account is considered inactive and will be deleted.
(1-36500, default: 365)
Simulation
The SIMULATION button allows for a dry run of the operation without executing the actual action, displaying a preview of the list of accounts that would be affected by the actual execution of the operation.
Below the list displayed in the simulation, there is also a button available that allows for the immediate execution of the actual action, thus deleting the accounts mentioned.
Multifactor authentication
Require multifactor authentication for local users
Turn on if you want a multifactor authentication to be mandatory for local users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
Require multifactor authentication for AD users
Turn on if you want a multifactor authentication to be mandatory for Active Directory users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
Require multifactor authentication for ADFS users
Turn on if you want a multifactor authentication to be mandatory for ADFS users. Users without a multi-factor authentication will be forced to activate it after logging in.
(default: disabled)
User restrictions by IP ranges
User IP address ranges
Ranges of IP addresses (comma separated) from which registered users access the application. To the common ranges defined here are further added the individual ranges defined for each user. Restrictions on user behavior can be then applied according to these ranges, see below.
(default: empty)
Restrict users login
If enabled, users will be allowed to log in only from the specified IP address ranges.
(default: disabled)
Restrict anonymous package uploads
If enabled, it will be forbidden to send a package without login (anonymously) from the the specified IP address ranges.
(default: disabled)
Access detailed results of file checks
Logged in users
Specifies whether logged-in registered users have access to detailed file check results, including sandbox reports. (just like the administrator)
In the case when "only selected" is set, the permission of each user comes into account.
(default: NO)
Anonymous users
Specifies whether anonymous users have access to detailed file check results, including sandbox reports. (just like the administrator)
(default: disabled)
User Login
Allow direct user login
Allows users to log in using a form directly in the SOFiE application. If disabled, the login form with username and password is hidden, and login is only possible via an external portal (ADFS or OIDC).
(default: enabled)