Configure User Types

User types Top level category to organize the users. Based on the User Type, users can be organized into administration groups or sub-groups. define categories of users. A hierarchy of administration groups Groups are used to organize the system users. Groups can contain users or other groups. exists for each user type.

User types enable the separation of users that have very distinct characteristics. Within user types, you can create sub-groups called Administration Groups. Administration Groups provide a way to partition users for administrative purposes. Individual users can only belong to a single administration group.

For each user type, you can define:

User repositories relating to this user type
Authentication policies accessible to users of this type
User attributes for users of this type

ActivID AS provides a default set of user types. For each user type, there are pre-defined system users.

Collectively, these sample users have all of the required privileges to fully administer the system. You can use the base data set as provided, or modify it to meet your specific requirements.

Permissions can also be assigned to users through membership in administration groups, as an alternative to assigning permissions through roles.

The installation contains a number of predefined administrative groups, user types, and users. Each one has specific predefined attributes such as enabled User Attributes, enabled Authentication Policies An authentication policy is a template containing pre-defined parameters enforced during authentication. These are created within each authentication class in ActivID Management Console to help categorize the authenticators. (for user types), enabled Permission sets (for administrative groups), and registered authentication records and roles Roles represent the relationships users have with an organization. For example, the relationship between a direct user, such as a help desk operator, and an organization can be based on the position the direct user holds within the organization. The relationship of an indirect user, such as a customer, can be based on a commercial or legal agreement with the organization. (for users).

Default User Types

The following tables provide an overview of management tasks for which each pre-defined user can be used.

The user profile page provides complete details of the pre-defined user permissions:

From roles assigned by default
From the group to which they are assigned
On which resources the permissions apply

ActivID Initial Setup

ActivID initial users for default configuration and system reset
Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
ActivID Administrators	ActivID Administration Asset Type Administration Configuration Configuration Policies Device Administration Helpdesk Radius Front End Role Assignment Read User Details Roles Assignment User Administration User Sub-Group Administration User Type Administration	ftadmin – the Administration Role and Administration User management role	Administrators who configure the ActivID AS system and manage system and operators, as well as Employees and Customers
ActivID Setup	ActivID Administration Configuration Device Administration User Administration	ftinit – Administration User management role	Initial user with reset system capability

Operators User Type

ActivID Configuration and Administration users accessing the Management Console
Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
Audit Managers	Audit Functions	spl-auditviewer – the Audit viewer role	Views audit for all users.
Configuration Managers	Configuration Functions Configuration Policies Functions	spl-config – the Configuration manager role	Operators who can manage the authentication configuration of the ActivID AS system.
Device Managers	Device Administration Read User Details	spl-devadmin – the Device manager role	Operators who manage devices for Customers and Employees
Help Desk Operators	Asset Type Administration Audit Functions Helpdesk Functions Read User Details	spl-helpdesk – the Helpdesk role	Operators who handle helpdesk operations, for example: spl-helpdesk manages assets, reads user information, resets challenge counter, views audit for Customers and Employees.
User Administrator	Asset Type Administration Device Administration Functions Read User Details User Administration Functions	spl-useradmin – the User manager role	Operator who manages users, user groups, and devices and has helpdesk functions for Customers and Employees

Systems User Type

Systems interfacing with ActivID Public API
Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
Soft Token Portal Administrators	STAP System Administration Functions	spl-stp – Soft Token Portal administrator role	System User for Soft Token Administration through the STAP.
System Users	Configuration Functions RGW System Administration Functions RGW System Asset Management Functions SSP System Administration Functions SSP System Asset Management Functions System Functions (full)	spl-api – the system privileges role Note: Not a console user as has a system logon. spl-rfe – the RADIUS Front End role Note: Not a console user as has a RADIUS FE logon. spl-cmsadmin – the ActivID CMS administration role Note: Not a console user as has a system logon.	System Users allowing external systems authentication and authorization

Customer User Type

Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
Consumer Online Banking	REST Gateway Access Permissions Self Service Portal Access Permissions	spl-cust01 – default user
Business Online Banking	REST Gateway Access Permissions Self Service Portal Access Permissions	None

Default Admin Group

Default Admin Group Permissions/Functions

Default User Name and Default Assigned Role

Permissions via Group and Role

Consumer Online Banking

REST Gateway Access Permissions

Self Service Portal Access Permissions

spl-cust01 – default user

Business Online Banking

REST Gateway Access Permissions

Self Service Portal Access Permissions

None

ADFS Systems User Type

ADFS Systems interfacing with ActivID Public API
Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
None	None	None	ADFS Systems interfacing with ActivID Public API

Employees User Type

Default Admin Group	Default Admin Group Permissions/Functions	Default User Name and Default Assigned Role	Permissions via Group and Role
Seos Unbound	ADFS Agent System Permission set for Unbound ADFS Agent System User Permission set ActivID Administration Functions ActivID Prime User All Functions Asset Type Administration Functions Audit Functions CMS Functions Configuration Functions Configuration Policies Functions Device Administration Functions Helpdesk Functions Push based Validation Direct User Permissions RADIUS Functions RGW System Administration Functions RGW System Asset Management Functions Radius Front End Role Assignment Read User Details Roles Assignment Functions SSP System Administration Functions SSP System Asset Management Functions STAP System Administration Functions System Functions (full) System Functions (restricted) User Administration Functions User Sub-Group Administration Functions User Type Administration Functions External Permission Set 1 REST Gateway Access Permissions Self Service Portal Access Permissions	None	Anonymous users for Unbound Seos devices.
Business Partners	REST Gateway Access Permissions Self Service Portal Access Permissions	None	None
Contractors		spl-contractor – default user	This default user can be used to test the access to the ActivID Self-Service Portal.
Full Time Employees		None	None

Create a User Type

Prerequisites: You must have the permissions to add, delete, and update user types and user type details.

Log on to the ActivID Management Console as a configuration manager.
Select the Access Administration tab and, under User Organization, select User Types.

All existing user types are listed in a paged table. The total number of user types is given in the lower left corner.

Each row corresponds to a user type. It provides the following information in the different columns:

Name – the name of the user type
Description – a brief description of the user type's purpose

Launch the User Type Creation Wizard

Click Add.

Enter the main information for the User type:
- Name – should be unique for ease of administration.
- Code – a value is automatically generated but it can be changed. The code must be unique, a minimum of three characters, and a maximum of 10 characters. It cannot be changed once the user type is created.
- Description – (optional) content is free-format.
Proceed to Map a User Repository to a User Type.

Map a User Repository to a User Type

From the drop-down list, select Available, and then select the check box of the user repository that you want to map.

Click Add to add the user repository root nodes.

Enter the Root Node value and click Add.

Click Ok.

The user repository has been mapped to this user type.

Click Next and proceed to Assign an Authentication Policy to a User Type.

Assign an Authentication Policy to a User Type

By assigning an authentication policy to a user type, you select the authentication policy that is valid for users of this user type, within its administration group hierarchy. This assignment can only be performed at this level.

To assign an authentication policy to this user type, from the Authentication Policies list, select the check box(es) of the required authentication policy(ies).
Click Next and proceed to Assign User Attributes to a User Type.

Assign User Attributes to a User Type

To define relevant user attributes, from the User Attributes list, select the check box(es) of the required user attribute(s).

Note: This selection is applicable only for database-managed users. Attributes of users managed on an external user repository are defined as part of the user repository configuration.

Click Save.

Edit a User Type

Log on to the ActivID Management Console as a configuration manager.
Select the Access Administration tab and, under User Organization, select User Types.

Click on the name of the user type you want to edit and edit the settings as required.

All the settings can be modified except the Code.

Click Save to apply your changes.

If you want to cancel the operation, click Back to List.

Copy a User Type

Log on to the ActivID Management Console as a configuration manager.
Select the Access Administration tab and, under User Organization, select User Types.

Select the check box of the user type you want to copy and click Copy.
Click on the name of the copied user type and edit the settings as required.

All the settings can be modified except the Code.

Click Save to apply your changes.

If you want to cancel the operation, click Back to List.

Delete a User Type

Prerequisites: Make sure there are no users or groups assigned to the User Type. You will not be able delete the User Type if it is still in use.

Log on to the ActivID Management Console as a configuration manager.
Select the Access Administration tab and, under User Organization, select User Types.

Select the check box of the user type you want to delete, and click Delete.
When prompted, select Yes.