Account Server 3.43 Release Notes

Owned by Bhanu (Unlicensed)
Last updated: Feb 19, 2024 by Avishek Chatterjee
5 min read

The following features and enhancements are covered in this update:

  • New Roles

  • Email Domain Verification

  • Organisation Level Configuration

  • User Migration for Domain Level Configuration (with template format guide)

  • Audit Log

  • Bulk User Addition and Role Updation (with template format guide)

  • User Details Report Download

  • Bug Fixes

New roles

app.settings.admin

Previously app.admin had complete organisation access. Latest features developed including organisation level configurations, rule management, user migration, user migration report download can be accessed by app.settings.admin only as well as user and role management can also be done.

app.admin can’t perform app.settings.admin specific actions but can perform actions related to user and role management with only restrictions being

  1. Cannot assign app.admin or app.settings.admin to any user.

  2. Cannot remove app.admin and app.settings.admin from any user.

As app.settings.admin have a lot of power which can alter the organisation behaviour, we will not be assigning this role to anyone by default, but the access to the role can be requested from our CS team members.

Email Domain Verification

Users will have a new verification status specified as

Verified

Not verified

Verification required

Email verified. No verification required.

Email not verified and not required. User can voluntarily verify from profile page

Email and not verified and user will be prompted to verify upon login

image-20240206-172053.png
image-20240206-172207.png

 

image-20240206-172130.png

 

Screenshot 2024-02-14 at 6.02.39 PM.png
image-20240206-173132.png
Users with verification required will be redirected to this screen after login

By default all google account and integration/system users will be verified and their verification status cannot be changed in any case. When we update google account user to username/email & password user then it will be not verified by default.

User can request an email verification link once per minute and a max 15 times per day

If the email verification link has been accessed from same browser then user will be directly logged in otherwise the user will be redirected to application url already registered to account server.

Organisation Level Configuration

This configurations can only be done by organisation’s app.settings.admin.

User Logout Days Configuration

  1. Organisation’s app.admins can now configure user logout days threshold at domain level. User logout threshold specifies after how many days user will be logged out from the application and requires re-login.

  2. Till now the default value was 30 days by default across all domains. It can now be configurable to as low as 1 day and upto 30 days. It is not allowed for more than 30 days because of security vulnerabilities.

User Disable Days Configuration

  1. Organisation’s app.admins can now configure user disable days threshold at domain level. User disable days threshold specifies after how many days user will be disabled due to inactivity.

  2. User activity time is updated whenever he performs any action on the application. It should be more than user logout days threshold and upto 180 days.

By default all the organisations are initialised with user logout days of 30 and user disable days of 180

We will be disabling all the users who are not active for more than 180 days

Email Verification

Toggling the option will turn on email verification for all username/email & password users and log them out (Will take upto one minute because of application level caching).

Allowed Email Domains

We can add comma separated email domains like @increff.com, @gmail.com, @xyz.com which will only allow addition of username/email and password users with these domain present in their email. Keeping the field empty will whitelist all email domains.

 

Change Domain Settings Option (domain’s app.admin)
image-20240206-170504.png

User Migration for Domain Level Configuration

  1. If domain level email configuration has been enabled for basic users and some of the users were logged in, then they will have to go and verify the email; which might hinder their operations. So, we suggest to first migrate the required users and then change the configuration.

  2. User migration report for such username/email and password users can be downloaded which provides required fields and status for migration.

image-20240214-124111.png
User basic report download to check user email verification status
image-20240206-184619.png
Uploading CSV files for user migration. We can refer the CSV template from the tooltip

Audit Log

  1. app.admin and app.settings.admin can access logs related to the domain from account server home page from domain dropdown.

image-20240206-182222.png
image-20240206-182421.png

 

Audit can be viewed/downloaded for a max time window of one month

Bulk User Addition and Role Updation

Account server now supports bulk addition of users and role updations using CSV upload. Few things to remember

  1. Template can be found after clicking one of the options.

  2. CSV explanation are also mentioned in the upload dialogue box.

  3. Max row numbers are capped at 500.

  4. After each upload, a CSV file will be downloaded which will tell which rows are uploaded successfully and problems with each row if any.

  5. User upload can take upto 2 minutes. Please check if users are already added before trying again.

image-20240206-182820.png
image-20240206-182954.png

User Details Report Download

We can now download user report which will contain following fields:

email

username

roles (top level only)

last login time

image-20240214-124604.png
User report CSV

Minor changes and Bug fixes

  1. Minor security related bug fixes.

  2. Account Server now stores the data of who assigned what roles to whom.

  3. All of the dropdowns are now searchable.