eG Administration 
 

Basic Information - Add User

This page enables an administrator to add a new user to the eG Enterprise system. To access this page, click on the icon available in the Admin tab. Then, select the Add User option in the User Management tile.

  • To add a new user, an administrator has to select the role to be assigned to the user from the User role list box.

  • The eG administrative interface provides administrators with a wide variety of options to manage user information. Be it user creation, modification, deletion, or simply viewing user information, any type of user-related activity can be performed quickly and easily using the eG administrative console. Typically, when an eG user logs into the eG Enterprise system, the login is validated by the eG database, which stores the user information. However, in large IT environments that span multiple domains, the Active Directory server functions as the central repository for information related to users spread across domains, and also authenticates domain user logins. To avoid the confusion that might arise when using both the eG manager and the AD server for user authentication in such multi-domain environments, administrators might want the eG manager to integrate with AD; this ensures that the eG manager serves as the single, central, secure console for automatically authenticating logins by eG users, regardless of the size of the environment or the domain to which the user belongs. The first step towards implementing this integration is the creation of the domains and sub-domains. Use the Users -> Configure Domains menu sequence to configure the domains. For a detailed domain creation procedure, refer to The eG User Manual. Subsequent to domain creation, if you attempt to create a new user using this page, you will be prompted to indicate the User authentication mode that applies to the new user. If you are creating a domain user/group, whose login requests are to be authenticated by the Active Directory, then select the Domain option. If you are creating a user who is local to the eG Enterprise system, and whose login requests are to be authenticated by the eG database, select the Local option. Upon choosing the Domain option, you will have to indicate what you want to create - whether a domain User or a domain user Group - by picking the relevant option from the Operation section. To create a domain User, do the following:

    • Set the Operation flag to User.
    • Next, select the Domain to which the new user belongs. The domains that you created using the Users -> Configure Domains menu sequence will be listed in the Domain list.
    • If, at the time of registering that domain with the eG Enterprise system, you had set the Save Domain Admin Password to No, then, upon selecting the Domain here, you will be prompted to re-enter the Domain Admin Password in the Domain connection credential pop up window that appears. Without this password, the eG manager will not be able to connect to the domain server and validate domain user accounts. Provide the password and click the Submit button to proceed.
    • Then, specify the ID of the new user in the User ID text box, and click the Validate button. When this is done, the eG manager immediately connects to the Active Directory server and verifies whether the user is a valid domain user or not. If the user is not a valid user, then an error message to that effect appears. On the other hand, if the user is indeed a valid domain user, then the eG manager allows you to proceed with the user creation. However, you cannot provide a password for the domain user. This is because, the credentials of the domain user are configured in and maintained by the Active Directory server; eG Enterprise therefore, will neither reveal nor allow you to modify the password of the domain user, thus ensuring data integrity. Moreover, subsequently, when you log into the eG management console as a domain user, you will have to make sure that you prefix the user name with the domain name in the format: <<domainName>>/<<Username>> (or <<domainName>>\<<Username>>). Every time a domain user logs into the eG Enterprise system, the login will be authenticated by the Active Directory server that manages the users in that domain.

    Apart from individual domain users, you can also create domain user groups using the USER PROFILE page. Once a domain group is added to the eG Enterprise system, all domain users who belong to that group will be able to login to the eG Enterprise console, even if their domain credentials have not been explicitly registered in the eG system. Moreover, the access rights, privileges, and monitoring scope defined for the group will automatically apply to the users in the group, thereby saving the time and drudgery of configuring multiple user profiles - one each for every user in an Active Directory group. To create a domain user group, do the following:

    • Set the Operation flag in the ADD USER page to Group.
    • Next, select the Domain to which the group belongs. The domains that you created using the Users -> Configure Domains menu sequence will be listed in the Domain list.
    • Then, proceed to specify the Group Name. A domain in AD may consist of many organizational units (OUs). Each OU may be associated with a set of domain user groups. You can quickly browse the OUs in the chosen Domain to locate the user group of interest to you, by clicking the button to the right of the Group Name box. The Domain Groups pop up window will then appear.
    • The left panel of the Domain Groups window displays a tree structure - while the OUs configured in the chosen Domain appear as the nodes of the tree, the sub-units within an OU appear as the sub-nodes. You can expand an OU node to view the sub-units within. Clicking on an OU/sub-unit in the tree will list all the domain user groups associated with that OU/sub-unit in the right panel. Click on a domain group in the right panel to register that group with the eG Enterprise system. The selected domain user group then appears against the Group Name in the ADD USER page. All users who are part of this AD group will now be allowed access to the eG Enterprise system. The rights and privileges (eg., role, expiry date, email/SMS alert settings, alarm acknowledgement/deletion rights, etc.) defined for the chosen group will govern all users who belong to that group. This saves administrators the trouble of defining separate profiles for each domain user in a group.

      Note that the group is not associated with any ‘password’. This implies that while a group itself cannot login to the eG management console, a user who belongs to the group can login using the credentials defined for him/her in the AD server. At the time of login, the group user should provide his/her name in the format: <DomainName>\<UserName>. Everytime a group user logs into the eG management console, the solution automatically connects to the AD server to validate the login.

      • Note:

      • eG Enterprise can be integrated with Active Directory only if the eG manager is installed using JDK 1.5 or higher. If not, you will not find any of the above-mentioned options in the eG administrative interface.
      • If a domain user group is registered with the eG Enterprise system, and a profile is later created in eG for a particular domain user in that group, then, when that user logs into the eG management console, the user-level settings will override the group-level settings.
      • If a domain user belongs to more than one AD group that is created in the eG Enterprise system, then, when that user logs in, the solution provides him/her with a list of domain groups to choose from. Selecting a group from the list enables the user to automatically inherit the access rights and monitoring scope defined for that group.

    Upon choosing the Local option, on the other hand, you will be prompted to specify the following:

    • Specify a unique User ID.
    • Provide a Password for the new user, and then, confirm the password by retyping it in the Retype password text box. This is because, in case of users who are local to the eG Enterprise system, it is the eG database which maintains the user information, and not the Active Directory. Therefore, whenever a local user is created using this page, a password has to be explicitly provided, so that both the user name and password of the local user credentials are stored in the eG database. Moreover, when a local user logs into the eG management console, his/her Username need not be pre-fixed by the domain name. The Username and Password that the local user provides while logging in will be validated by the eG database that manages the local users.

  • The rest of the user creation steps are common to both the authentication modes - domain and local - and to both domain users and domain user groups. The next step in user creation is to provide an Expiry date for the new user. One more added feature of the eG Enterprise suite is that it checks the validity of the user. A user is granted permission to monitor the services associated with him/her only for a stipulated period of time. Clicking on the Calendar button next to the Expiry date label will result in the display of a calendar from which the administrator can choose the validity date for a new user. Beyond this date, the user is regarded as an invalid user. Optionally, you can click on the No Expiry check box, if a new user has to remain valid for an indefinite period of time.

  • Then, click on the Next button.