The following features and enhancements are covered in this update:
New Roles
Email Domain Verification
Organisation Level Configuration
User Migration for Domain Level Configuration (with template format guide)
Audit Log
Bulk User addition and role updation (with template format guide)
User Report Download
Bug fixes
New roles
app.settings.admin
Previously app.admin had complete organisation access. Latest features developed including organisation level configurations, rule management, user migration, user migration report download can be accessed by app.settings.admin only as well as user and role management can also be done.
We will assign app.settings.admin to users already having app.admin such that they can access all the existing as well as new features.
app.admin can’t perform app.settings.admin specific actions but can perform actions related to user and role management with only restrictions being
Cannot assign app.admin or app.settings.admin to any user.
Cannot remove app.admin and app.settings.admin from any user.
Email Domain Verification
Users will have a new verification status specified as
Verified | Not verified | Verification required |
Email verified. No verification required. | Email not verified and not required. User can voluntarily verify from profile page | Email and not verified and user will be prompted to verify upon login |
By default all google account and integration/system users will be verified and their verification status cannot be changed in any case. When we update google account user to username/email & password user then it will be not verified by default.
User can request an email verification link once per minute and a max 15 times per day
If the email verification link has been accessed from same browser then user will be directly logged in otherwise the user will be redirected to application url already registered to account server.
Organisation Level Configuration
This configurations can only be done by organisation’s app.settings.admin or superadmin
User logout days configuration
Organisation’s app.admins can now configure user logout days threshold at domain level. User logout threshold specifies after how many days user will be logged out from the application and requires re-login.
Till now the default value was 30 days by default across all domains. It can now be configurable to as low as 1 day and upto 30 days. It is not allowed for more than 30 days because of security vulnerabilities.
User disable days configuration
Organisation’s app.admins can now configure user disable days threshold at domain level. User disable days threshold specifies after how many days user will be disabled due to inactivity.
User activity time is updated whenever he performs any action on the application. It should be more than user logout days threshold and upto 180 days.
This functionality will not work with organisation name ‘auth' as we don’t want to disable superadmin and app.superadmin.
By default all the organisations are initialised with user logout days of 30 and user disable days of 180
Email verification
Toggling the option will turn on email verification for all username/email & password users and log them out (Will take upto one minute because of application level caching).
Allowed domain
We can add comma separated email domains like @increff.com, @gmail.com, @puma.com
which will only allow addition of username/email and password users with these domain present in their email. Keeping the field empty will whitelist all email domains.
User Migration for Domain Level Configuration
Enabling domain level email verification for basic users might make many unwanted users to be restricted from logging in as many username/email and password users might not have valid email addresses. That’s why we suggest to use the migration page in domain settings tab to migrate such users (not applicable for google account and integration user).
User report for such username/email and password users can be downloaded which provides necessary info and status for migration.
Audit Log
app.admin and app.settings.admin can access logs related to the domain from account server home page from domain dropdown.
superadmin can also access audit logs similarly. But they need to specify the application and domain name
Audit can be viewed/downloaded for a max time window of one month
Bulk User addition and role updation
Account server now supports bulk addition of users and role updations using CSV upload. Few things to remember
Template can be found after clicking one of the options.
CSV explanation are also mentioned in the upload dialogue box.
Max row numbers are capped at 500.
After each upload, a CSV file will be downloaded which will tell which rows are uploaded successfully and problems with each row if any.
User upload can take upto 2 minutes. Please check if users are already added before trying again.
User Report Download
We can now download user report which will contain following fields
username | roles (top level only) | last login time |
---|
Minor changes and bug fixes
Minor security related bug fixes.
Account Server now stores the data of who assigned what roles to whom.
All of the dropdowns are now searchable.