Users

User settings allow you to manage user accounts in Hub based on their authentication type. This can be Native authentication for native users, or Windows authentication for Active Directory users. This area is only available if you are an administrator. You are also able to set the user's access to SS&C | Blue Prism® Hub and SS&C | Blue Prism® Interact and their roles within these. Before you configure users, it is recommended that user roles are configured.

The Users page displays a list of existing users. You can click on a user to view their information. If only native authentication has been configured in your environment, the Authentication type field is hidden.

To open the Users page, click your profile icon to open the Settings page, and then click Users.

Find users

The Users page includes two methods for finding users:

  • Search by username – This is located above the list of users. Start typing a user's name to filter the search results, the list dynamically filters as you enter more characters.
  • Filters – The filters enable you to easily find a specific user or types of users based on the selected criteria. Click Filter to view and use the filters. By default, the filters are set to show you only the 'live' users and not the retired users. If you want to see all the users, turn off the Live filter. For more information, see Use the filters.

Add users

Add a native user

  1. On the Users page, click Add user.

    The Add user section displays.

  2. Enter the user's details:
    • Authentication type (if displayed) – Select Native authentication.

      This field only displays if both native and Windows authentication have been configured in your environment. If only native authentication has been configured, the added user is a native user by default.

    • Username – Enter a username for the user.
    • First name – Enter the user's first name.
    • Last name – Enter the user's last name.
    • Email address – Enter the user's email address.
    • Theme – The default theme is automatically selected. You can select a different theme for the user. See Customization for more information about themes.
  3. Select the permissions for the user:

    • Hub – Select this check box for standard Hub users and administrators.
    • Hub administrator – Select this check box to give administrator permissions to the user role. You must select Hub before this option becomes available.
    • Interact – Select this check box to enable the user to be assigned Interact Forms. See the Interact user guide for more information.
    • Approver – Select this check box to give approval rights for Interact to the user role. You must select Interact before this option becomes available.
  4. Select the roles for the user:

    • Hub roles – Select the Hub roles required for the user. If the required role has not yet been created, you can edit the user at a later date to assign new roles.

      If the user is created without a Hub role, the user is underlined in the user list to indicate that the user setup has not been completed, for example:

      The user will be able to log in to Hub, but they will not be able to perform any tasks as they will not have access to any plugins.

    • Interact roles – Select the Interact roles required for the user. If the required role has not yet been created, you can edit the user at a later date to assign new roles. You can select more than one role.

    Users can also be added to roles from the Roles and Permissions page.

  5. Click Create user.

    The Create password dialog displays.

  6. Select one of the password options:

    • Send the user a password update email – This sends the user an email prompting them to enter a password on login using a link.
    • Manually update the user’s password – This enables you to set a password for the user.

    Passwords must obey the restrictions within Hub.

  7. Click Continue.
    • If you have selected to send the user a password update email, click Finish in the confirmation dialog.
    • If you have selected to set a password for the user, set a password and click Create.

The new user displays in the list of users.

Add an Active Directory user

To add an Active Directory user, Windows authentication must be configured for your environment and Active Directory authentication must be enabled on the Authentication settings page. For more information, see Authentication settings.

You can add an Active Directory user by following the steps below or by adding an Active Directory security group to a role where users who are members of the security role are automatically added to Hub when they sign in for the first time. For more information, see Add Active Directory security groups to a role.

  1. On the Users page, click Add user.

    The Add user section displays.

  2. In the Authentication type field, select Windows authentication.

  3. Click Search Active Directory.

    The Search Active Directory drawer opens.

    Before searching for users in Active Directory, ensure that a username (UPN) and email address are populated for them in Active Directory.

  4. Enter the search root for the Active Directory user you want to add. This is the distinguished name of the root location, for example, dc=bvdevops,dc=co,dc=uk.

    You can also use wildcard search and apply search filters based on:

    • CN – The Common Name attribute contains names of an object. If the object corresponds to a person, it is typically the person's full name.
    • UPN – A User Principal Name is the name of a system user in an email address format. A UPN consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix), for example, [email protected].
    • SID – A Security Identifier is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for life (in a given domain) and all properties of the principal, including its name, are associated with the SID.
  5. Once you have entered the search criteria, click Search.

    When searching Active Directory for users or security groups in Hub, the credentials stored against the domain in the Authentication Server database are used. If no stored credentials are found, queries that require additional authentication will be executed under the context of the Windows account running the Authentication Server application pool in IIS.

    The available users display. You can scroll down to view all retrieved users.

  6. Select the user you want to add and click Apply. You can only select one user at a time. Previously added users show as grayed out and cannot be selected.

  7. On the Add a user page, select the permissions and roles for the new user (see Steps 3 and 4 in the Add a native user section) and click Create user.

The new user displays in the list of users.

Active Directory users' credentials are managed in Active Directory so you do not need to create a password for the user. These users can log into Hub using single sign-on by selecting the Log in using Active Directory option on the login page.

Edit users

  1. On the Users page, select the required user and click Edit.
  2. Change the information as required.

    If the user is:

    • a native user, you can change the information as required.
    • an Active Directory user, you can only change their roles and permissions. All other details are managed in Active Directory.

    You cannot change their username.

  3. Click Save to apply your changes.

Synchronize an Active Directory user

  1. On the Users page, select the required Active Directory user.
  2. Click Synchronize user.

The following details of an Active Directory users are refreshed: UPN, username, full name, email address, and status (active, deleted, or disabled).

Retire native users

  1. On the Users page, select the required user and click Retire.

    A message displays asking you to confirm.

    You can use the Live filter to filter the user list for retired users. See Find users.

  2. Click Yes.

    The user is retired and the Retire icon is replaced with the Make live icon. You can use this to reinstate the user if required. The user is also underlined in the user list to indicate they are retired.

Unlock native users

If a user enters their password incorrectly five times, they will be locked out of the system for three hours. Alternatively, you can unlock their account for them.

  1. On the Users page, select the required user and click Unlock.

    A notification message displays confirming the user has been successfully unlocked.

    You can use the Locked filter to filter the user list for locked users. See Find users.

Change password for native users

Native users can change their own password using the Profile page. If a user has forgotten their password, they can use the Forgot password link on the login page. However, you can change their password if needed. For example, you may need to do this in the scenario where a user was an Interact Approver and they have left your organization and there are outstanding forms to be approved in Interact by them. Depending upon your organization's policy, you could access their account and process these.

  1. On the Users page, select the required user and click Change password.

    The Change password screen displays.

  2. Enter a new password for the user in both fields. The password must meet the character restrictions, however, the restriction regarding password reuse is not applied.

  3. Click Submit.

    A notification message displays confirming the user's password has been changed.

Use the filters

The filters enable you to easily find a specific user or types of users based on the selected criteria.

  1. On the Users page, click Filter to open the Filter panel.
  2. Use the toggle to turn on the required filter and complete the information to find the user. You can apply multiple filters at the same time.

    The available filters are:

    Filter

    Description

    Full name

    Enter the user's full name, or part of their full name.

    Email address

    Enter the user's email address, or part of their email address.

    Locked

    Select the locked status of the user from the drop-down list; the options are:

    • Locked – Displays all the users who have had their accounts locked.
    • Unlocked – Displays all the users with unlocked accounts.

    Live

    Select the live status of the user from the drop-down list; the options are:

    • Live – Displays all the users who have active log in credentials.
    • Retired – Displays all the users who have been retired by the administrator and can no longer log in.

    By default, the Live filter is already turned on. You can turn this off if you want to view all the users.

    Setup status

    Select the setup status of the user from the drop-down list; the options are:

    • Setup correctly – Displays all the users who are correctly setup within Hub, that is, they have completed user credentials and assigned roles.
    • Needs action – Displays all the users who's user accounts are not correctly configured, for example, they may be missing their roles.

    Domain

    Enter the name of a domain, or part of a name. This matches against the domain names that are specified in the Authentication settings page, and displays any users that were imported into Hub from the matching domain.

    If you have entered part of a domain name, the results display for all partial matches. There maybe users from other domains as well as the one you intended.

    Connection name

    Enter the name of a connection, or part of a name. This matches against the connection names that are specified in the Authentication settings page, and displays any users that were imported into Hub using the matching connection.

    If you have entered part of a connection name, the results display for all partial matches. There maybe users from other connections as well as the one you intended.

    Access

    Select the access level of the user from the drop-down list. These are based on the permissions level given to the user; the options are:

    • Hub – Access to Hub.
    • Interact – Access to Interact.
    • Approver – Access to Interact with approver permissions.

    Hub role(s)

    Enter the name of the role, or part of the role name. This searches against any roles that have Hub set as the role type.

    Interact role(s)

    Enter the name of a role, or part of the role name. This searches against any roles that have Interact set as the role type.

    Themes

    Select the theme from the drop-down list. The users who have the selected theme are displayed.

    The information on the Users page is immediately filtered.

    If you have set the filters but want to view the unfiltered information again, either click Reset filters in the panel, or turn off the required filters, or remove any settings within the filter so that it is blank.

  3. Click Close drawer to close the filter panel.