Application security uses log-in accounts with individual user names and passwords. Each User's account is associated with a role that determines what actions that User can take within the system. Administrators can configure password expiration intervals, password complexity requirements, and parameters for lock-outs after multiple failed log-in attempts.
LDAP/Active Directory integration is available in the Enterprise license.
Creating and managing Users can be done by selecting Administration from the right menu, then Users from the top menu.
To create a new User, click the Create button at the top of the Users page. A popup dialog will appear requesting the following information:
Login ID (required) - the unique login ID for this User. The login ID can be up to 128 characters long.
Full Name (required) - the full name of the User. The name can be up to 256 characters long.
Status - If set to 'Disabled', the user will not be able to log in.
Authentication Type - Two user authentication types exist in the system.
local - a local system user account. All account information is stored in the application database.
LDAP - an account in an LDAP directory service or Microsoft Active Directory.
Email (required) - the email address of the User.
Password (required) - Check 'Generate Password' to have a random password sent to the email address entered for the user, or uncheck the box to manually enter a password.
Force Password Change - Select this box to force the User to change their password on the next login.
User Role - Three User Roles exist in the system.
Administrator - A User with the Administrator role has full access to every feature in the system. An Administrator is the only Role that can manage other User accounts.
Developer - A Developer can manage Tasks and Assets, but cannot change systems settings or security.
User - The User role has very limited access in the admin UI, and is primarily intended for higher level access to Continuum UIs and other end-user applications. Users cannot make changes to any Task code.
Complete the required fields and click Create. After a few seconds the screen will refresh and the newly defined User will appear in the list of Users.
To edit a new user, click a row in the list, or select multiple Users and click the Modify button at the top of the Users page. A popup dialog will appear with the same information as the 'Create User' dialog, with a few extra features:
Failed Login Attempts - If a user account has become 'locked' due to excessive failed passwords, the counter can be reset here.
Clicking the Save button after any change to the account will also reset the Failed Login Attempts counter.
Password Reset - An Administrator can manually reset a password on this dialog, or can elect to have a new password emailed to the User.
If you are editing a selection of multiple Users, clicking Save will move forward to the next User.
All Users can be associated with one or more Groups (Tags). Tags are used to match specific users to various objects in the system for access controls. Detailed information about Tags can be found here.
All Users can access basic features of the REST API and command line tools. Both require user credentials to be provided. For ease of use, a User Token can be assigned and used when accessing the API. The duration the token remains valid, and the ability to use token authentication at all, are system configurable settings.
Contributors in Continuum are related to user accounts that commit source code in one of the supported source code repositories. Creating a user account in Continuum is not required for Continuum to process the changes, however sometimes a user may have more than one account in the SCM, or more than one SCM may be submitting changes to Continuum for tracking purposes.
So that a person with multiple accounts in one or more SCMs does not overcount as more than one contributor in Continuum, the SCM account names can be identified on the Contributors tab on the User Edit page. Even if the person does not have an account within Continuum or even need to login to Continuum, a user account can be created to match up with their SCM accounts.
To make this association, first create the user account within Continuum using the steps above. Then go to the Contributor tab and add their SCM ids separated by commas. Make sure to save the changes.
The user account ids are case sensitive. If in doubt, check the Contributors report under perspectives.
Disabling an Account
By changing the Status of a user to 'Disabled', the user is prevented from accessing the system.
Current User Status
To view a list of users currently logged into the system select System from the top menu.
View Login History
To view the login history of one or more users, select System from the top menu. Then select View Login History from the table on that screen.
To view a specific User's login history, enter the user's name in the search box, and select Search.
By default the log listing shows the last 30 days. To change the selection click on the Begin Date text field and select a new begin date.