User Administration Reference

Last Updated: Dec 13, 2017 06:45AM PST

ScienceCloud now includes a user management feature that allows users designated as Team Permission Administrators to manage existing users in their team and invite new users to their team.
 

Accessing the User Administration Page

The new User Administration feature can be accessed by clicking the “Administration” (wrench) icon in the toolbar near the upper right corner of the blue ScienceCloud toolbar, and then clicking “Users” from the menu bar. Please note that you must be designated as a Team Permission Administrator for both of these options to appear.


 

Contents of the User Administration Page

The User Administration page contains a table showing all of the users in your current team. Also displayed in the user table are any outstanding invitations to join your current team.

Clicking on the column headers will sort the table by that column, and there is a “filter” field in the upper right corner of the table to filter the table to show only rows containing the filter text. If the text in a cell is cut off, (displayed with “…” at the end), click and drag the column boundaries at the top of the column to resize the column and display more text.



The first two columns show the first and last name of each user. The third column shows the username of each user.

Note that user invitations do not have a first name, last name or username associated with them, as new users establish those themselves upon accepting the invitation.

The fourth column shows the email address for each user. The fifth column shows the company associated with each user.

The sixth column shows a list of projects to which each user has been granted access. The list may not show all projects to which the user has access, as space is limited.

The last column contains comments about the user that will be useful. These include things like:

  • “Password expired” - Indicates the user’s password has expired and they will need to reset it whenever they log in next.
  • “250+ days inactive” - Indicates the user has not logged into ScienceCloud in the past 250 days. This includes signing into Pipeline Pilot as well as the Sandbox environment.
  • “Account locked out” - Indicates the user’s account is locked because of too many failed authentication attempts. If you would like to have the user’s account unlocked, please contact ScienceCloud support.
  • “Account disabled” - Indicates the user’s account has been disabled by ScienceCloud support, and the user will not be able to sign in. If you would like to have the user’s account re-enabled, please contact ScienceCloud support.
  • “Invitation sent” - Indicates the user has been sent an invitation, but they have not visited the link in the invite email and are not a current user.
  • “Invitation link visited” - Indicates the user opened the email and visited the link, but has not yet completed registering for their new account
  • “Invitation expired” - Indicates the invitation has expired and the user may no longer use the invitation link to create an account. You may re-invite a user by deleting the invitation and using the “Invite User” button to create a new invitation to the same email address. For security purposes, the user cannot be re-invited except by deleting the old invitation first. (See below for details.)


Inviting a New User

To invite someone to create a ScienceCloud account and join your team, begin by clicking the “Invite User” button. Since the invitation is sent via email, you will need the user’s email address.



Please note that email addresses must be unique among users in your team. This means that you will encounter an error if you attempt to send an invitation to an email address already belonging to a user in your team.

To modify that user’s account, please follow the instructions below, under “Editing a User.” Also, ScienceCloud does not allow more than one outstanding invitation per email address per team. This means you will encounter an error if you attempt to send a new invitation to an email address that has an outstanding invitation.

If you would like to re-send the invitation, please follow the instructions below, under “Re-Sending an Invitation.”  

If you would like to modify the invitation, please follow the instructions below under “Editing an Invitation.”

If the current invitation to the user is expired and you would like to issue a new one, please first delete the invitation by following the instructions below underneath “Deleting an Invitation.”




In the “Invite User” window that appears, please fill out the following fields on the “User Information” tab:

  • Email Address: Type the email address of the person you are inviting.
  • Company: Type the name of the company the user represents, or click the drop-down arrow to choose from a list of company names already present in your team. This is an optional field, so it can be left blank.
  • SAML ID Provider: If your organization uses SAML for single-sign-on (SSO) authentication, choose the SAML ID provider this user will use for authentication. If you do not see the correct SAML ID Provider in the dropdown list, please contact ScienceCloud support. If your organization does not use SAML for SSO authentication, or if you are not sure, leave this option set to “None.”
  • IP Pattern: If your organization restricts access to ScienceCloud based on client IP address, choose the IP Pattern to use when filtering the user’s access to ScienceCloud. If you do not see the correct IP Pattern, please contact ScienceCloud support. If your organization does not restrict access to ScienceCloud based on client IP address, or if you aren’t sure, leave this option set to “None.”


In the “Applications” section of the User Information tab, please select the ScienceCloud applications to which the user will have access when they first log in. You must select at least one. If the list of available applications appears incomplete please contact ScienceCloud support, as some applications require set up for your team by ScienceCloud support before they can be accessed by your users.

Some ScienceCloud applications have additional security options. When you select one of these applications for a user, a new tab will appear in the window. Be sure to check these app-specific tabs for additional permissions, roles or security groups you may want to assign to the user. In some cases, you will be required to assign at least one permission, role, or security group to the user.

In the “Team Admin Roles” section of the User Information tab, please select the administrative roles that will be assigned to the new user when they first log in. Please be aware that if you assign an administrative role to the user they will have administrative rights from the first time they log in. As with any administrative access role, please exercise care when granting these rights to a user.

When permissions have been completed on the “User Information” tab, click on the “Project Permissions” tab to finish the process by assigning project permissions to the new user as needed. In this tab, you will see a list of projects in the left pane and groups of checkboxes in the right pane. Click on a project name on the left side to see what permissions have been assigned to the user in that project. (Granted permissions are represented by checked checkboxes in the right-hand pane.) Check the boxes for the permissions you would like to assign to the user.





If you want to select multiple permissions for a project at once, you may click the checkbox stack icons found in the right-hand pane. The green check mark and red minus sign checkbox stack icons at the top of the pane select and deselect all the checkboxes visible in the pane, respectively. The checkbox stack icons at the top of each section select and deselect all the checkboxes in each of their sections. This will allow you to quickly and easily select or deselect groups of project permissions for a user.
 

If you want to assign the same set of permissions in multiple projects, you can use the permission copy icon at the top of the right-hand pane to copy all the permissions for the currently selected project. (Note that this is different from the “Copy…” button at the bottom of the window, which is used to copy all the access rights from one user to another. Please see below for more details about the “Copy…” button.) Then you may select a different project and click the paste icon button at the top of the right-hand pane to apply the copied permissions to the current project. This will allow you to quickly and easily apply the same set of permissions to multiple projects.
 

The “Copy from…” button at the bottom of the window can be used to copy all of another user’s access rights to the user you are currently editing. When you click the “Copy From…” button, the “Copy User Permissions” window is displayed. It contains a user table that you can use to select a user from whom to copy permissions. Note that the table can be sorted by clicking on a column header, and filtered by typing in the filter box. After selecting a user, use the checkboxes at the bottom of the table to specify what kinds of permissions to copy:


  •  “Project Permissions” will add all the copied user’s project permissions to the user you are currently editing.
  •  “Application Permissions” will add all the copied user’s applications to the user you are currently editing. It will also copy and add any additional app-specific permissions, roles, and security groups to the user you are currently editing.


Click the “Copy” button at the bottom of the “Copy User Permissions” window to apply the copy operation. This does not save any changes to the system, so the invitation window remains open and you can continue making changes to the user. You may use the “Copy from…” button multiple times to add permissions from several other users. Also, after copying permissions you can manually unselect any permissions you do not want to grant to the user.


Please note that this copy feature will only ever add permissions to a user. It will not reduce the permissions previously selected for the user you are editing. For example, if you are editing User A, who has Notification Create permission to Project A, and you copy project permissions from User B, who has Notification Create permission to Project B but not to Project A, the end result will be that User A (the user in the Edit Window) will have Notification Create permission selected for both Project A and Project B.


When you are finished choosing project permissions, click the “Save & Send Invite” button. ScienceCloud will save the invitation details and send an email to the user to notify them.


The Invitation Process

ScienceCloud implements a secure, multi-step process to ensure that only the person you have invited to join your team is able to create a new account. This section describes this process. You may need to assist your users in accepting invitations and creating accounts, so please refer to this section as needed.

Step 1: Send Invitation

The first step is to send an invitation to the user via email. Please refer to “Inviting a New User” above for more details about how to send an invitation to a new user.


Step 2: Receive Invitation

The user will receive an email invitation. The invitation will have the name of your team in it and will contain a link that they should follow in order to accept the invitation. Please advise your users to follow the link and create an account promptly, as the invitation link expires after 48 hours.
 

  • If the user already has a ScienceCloud account with a different team, clicking the link will allow them to join your team with their existing account. You will receive an email notification when this happens. This will conclude the invitation process, and the user will have the access to your team that they were granted in the “Invite User” window.
  •  If the user does not yet have a ScienceCloud account, the invitation process proceeds to step 3 below.


Step 3: Enter New Account Information

After clicking the invitation link, the user will be prompted to fill out a form with the information ScienceCloud needs in order to create a new account for them. This includes first name, last name, and username. They must choose an available valid username.

A username is invalid if it contains fewer than 2 characters, more than 20 characters, or if it contains characters besides numbers, letters, underscores (_) and hyphens (-).

If the user is not going to be SAML authenticated (that is, if you selected “None” for the SAML ID Provider in the Invite User window), they will choose a password that meets the password criteria and re-enter the password to confirm. Last, they will choose two security questions and answers. This will allow them to recover their account if they forget their username and/or password.


Step 4: Receive and Enter Security Token

When the user submits the new account form, they will be prompted to enter a six-character security token. ScienceCloud will send this token to them in a separate email.


  • This token expires after 60 minutes for security purposes, so please advise your users to promptly enter the token to complete the registration process.
  • Also, for security purposes, the token must be entered in the same browser tab where they submitted the new account information form in step 3, so please advise your users to leave the tab open when they check their email to find the security token.
  • Last, if the user enters the token incorrectly 5 times, the token will become locked out and it can no longer be used to complete the account registration process.


If the token expires, if the user closes the browser tab, or if the security token becomes locked out, the user may click the link from the original invitation again in order to start the process over from step 3. When the user’s new account has been created and confirmed, you will receive an email notification. 


Step 5: Log In to ScienceCloud

After entering the security token, the user will be able to log in to ScienceCloud. If you have specified a SAML ID Provider for the user, they will now be redirected to your organization’s SAML authentication process, which will return the user to ScienceCloud once authentication is complete. Otherwise, the user will be redirected to the ScienceCloud login page, where they may use their new username and password to sign in.


Re-Sending an Invitation

If a user accidentally deletes an invitation email, or if they cannot find it in their inbox, you may re-send the invitation to them. To re-send the invitation, select the invitation row in the user management table (it will be the row with the user’s email address in it), and click the “Edit” button at the top of the table. The Edit Invite window will appear. You will have the opportunity to make changes to the invitation (see “Editing an Invitation” below for details), but if you do not need to make any changes, click “Save and Re-Send Invite.” This will re-send the invitation to the user’s email address.


 

Editing an Invitation

If you want to make changes to an invitation before the user accepts it and joins your team, select the invitation in the user management table (it will be the row with the user’s email address in it), and click the “Edit” button at the top of the table. The Edit Invite window will appear. You will have the opportunity to make the necessary changes to the invitation, though you will not be able to change the email address. If you previously entered the email address incorrectly, please delete this invitation (see “Deleting an Invitation” below), and create a new invitation to the correct email address. The fields in the Edit Invite window are the same as the fields in the Invite User window, so please refer to “Inviting a New User” above for more details about the fields.
 

When you are finished making changes, you may click the “Save & Re-Send Invite” if you would like ScienceCloud to re-send the invitation to the user. The resulting email will be identical to the first invitation email that was sent. If you do not want ScienceCloud to send another copy of the invitation, you may click “Save Without Resending.” This will save your changes without sending a new invitation email. The user will still be able to use the previous invitation email to accept the invitation.
 

Deleting an Invitation

To delete an invitation, which revokes it, select the invitation in the user management table (it will be the row with the user’s email address in it), and click the “Delete” button at the top of the table. You will be asked to confirm your decision.



Once deleted, the invitation link that was emailed to the user will become inactive. The link can no longer be used to join your team and/or create an account. Use this option if you discover you have sent an invitation in error or if an invitation has expired and you wish to re-invite the user.  (For security purposes, once an invitation expires, the user can only be re-invited by deleting the old invitation first.) 
 

Editing a User
To edit an existing user, select that user in the user management table and click the “Edit” button at the top of the table. The Edit User window will appear. It contains two or more tabs with details about the user. You may switch freely between the tabs to make changes to the user before clicking the “Save” button.




User Information Tab

You may use the “Company” field to change the company associated with the user. You may type in the “Company” field, or use its drop-down menu to select a company that is already represented in your team. This field is optional, so you may delete the contents of this field if the user should not be associated with a company. Please note that the company field does not determine access permissions.
 
You may use the “IP Pattern” field to change the IP pattern that ScienceCloud uses to filter this user’s access. When an IP pattern is set, the user will not be able to access your team from an IP address that does not match the IP pattern. You may set the “IP Pattern” field to “None” if your organization does not enforce IP filtering. If you don’t see the correct IP pattern in the dropdown list, please contact ScienceCloud support. Lastly, please note that if you change the IP pattern setting for a user, it will not take effect until the next time the user logs in.
 
In the “Applications” section, you can check or un-check the application checkboxes to grant the user access to ScienceCloud applications. If the list of available applications appears incomplete please contact ScienceCloud support, as some applications first need to be set up for your team by ScienceCloud support before your users can access them. You may not revoke all of a user’s applications. If you wish to completely terminate a user’s access to ScienceCloud on behalf of your team, please delete them by following the instructions for “Delete a User” below.
 
Some ScienceCloud applications have additional security options. When you select one of these applications for a user, a new tab will appear in the window. Be sure to check these app-specific tabs for additional permissions, roles, or security groups you may want to assign to the user. In some cases, you will be required to assign at least one permission, role, or security group to the user.
 
In the “Profile Picture” section you will see the profile image the user has chosen and uploaded.
 
In the “Team Admin Roles” section you can check or un-check the administrative role checkboxes to grant or revoke administrative privileges to the user. The two available administrative roles are Team Permission Administrator and Team Data Administrator.

  • Team Permission Administrators are able to access the User Administration page, the Project Administration page, and the Group Administration page. They can use these pages to assign access permissions to users for ScienceCloud applications and projects within your team. They may manage users in your team by inviting new users, editing users, or deleting users. They may manage projects in your team by creating new projects and editing projects. They may create, edit, and delete batch groups and assay groups, and assign them to projects within your team. Last, Team Permission Administrators may grant administrative roles to other users.
  • Team Data Administrators are able to access the Dictionary Administration page and the Assay Administration page. These pages allow Team Data Administrators to manage your team’s data dictionaries by creating, editing, or deleting the analytical types, entity types, compound statuses, monomers, operators, organisms, salts, test parameters, units and assays that are available to users in your team.


Please note that granting or revoking these privileges will not take effect until the user logs out and logs back in again. As with any administrative access role, please exercise care when granting these rights to another user.
 

Project Permissions Tab

In this tab, you will see a list of projects in the left pane and groups of checkboxes in the right pane. Click on a project name on the left side to see what permissions have been assigned to the user in that project. (Granted permissions are represented by checked checkboxes in the right-hand pane.) Check the boxes to the permissions you would like to assign to the user. You may update permissions for multiple projects at once.

If you want to select multiple permissions for a project at once, you may click the checkbox stack icons found in the right-hand pane. The green check mark and red minus sign checkbox stack icons at the top of the pane select and deselect all the checkboxes visible in the pane, respectively. The checkbox stack icons at the top of each section select and deselect all the checkboxes in each of their sections. This will allow you to quickly and easily select or deselect groups of project permissions for a user.

If you want to assign the same set of permissions in multiple projects, you can use the permission copy icon at the top of the right-hand pane to copy all the permissions for the currently selected project. (Note that this is different from the “Copy…” button at the bottom of the window, which is used to copy all the access rights from one user to another. Please see below for more details about the “Copy…” button.) Then you may select a different project and click the paste icon button at the top of the right-hand pane to apply the copied permissions to the current project. This will allow you to quickly and easily apply the same set of permissions to multiple projects.

The “Copy from…” button at the bottom of the window can be used to add all of another user’s access rights into the user you are currently editing. When you click the “Copy from…” button, the “Copy User Permissions” window is displayed. It contains a user table that you can use to select a user from whom to copy permissions. Note that the table can be sorted by clicking on a column header, and filtered by typing in the filter box. After selecting a user, use the checkboxes below the table to specify what kinds of permissions to copy:

  • Project Permissions; will add all the copied user’s project permissions into the user you are currently editing.
  • Application Permissions; will add all the copied user’s applications into the user you are currently editing. It will also copy and add any additional app-specific permissions, roles, and security groups to the use you are currently editing.
     

Copy User Permissions; window to apply the copy operation. This does not save any changes to the system, so the Edit User window remains open and you can continue making changes to the user. You may use the “Copy from…” button multiple times to add permissions from several other users. Also, after copying permissions you can manually unselect any you do not want to grant to the user.

Please note that this copy feature will only ever add permissions to a user. It will not reduce the permissions selected for the user you are editing. For example, if you are editing User A, who has Notification Create permission to Project A, and you copy project permissions from User B, who has Notification Create permission to Project B but not to Project A, the end result will be that User A (the user in the Edit Window) will have Notification Create permission selected for both Project A and Project B.
 

Deleting a User

If you would like to completely remove a user from your team and revoke all their access to your team, please select the user in the user management table and click the “Delete” button at the top of the table. You will be asked to confirm your decision. A deleted user’s data remains in the system, for data integrity purposes. Please exercise care when using this feature, since reinstating a deleted user requires assistance from ScienceCloud support.

http://assets2.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete