- JS7 - Identity Services implement Authentication Methods and access to Identity Providers. For example, credentials such as user account/password are used as an Authentication Method to access an LDAP Directory Service acting as the Identity Provider, see the JS7 - Identity and Access Management article for more information.
- Depending on the Identity Service Type in use, the user accounts are managed and stored with the Identity Service or with the JOC Cockpit, see JS7 - Identity Services.
- The JOC Cockpit manages permissions and roles for any Identity Services and stores such information independently of the Identity Service.
- Find details from the following articles:
Manage User Accounts, Roles and Permissions
After installing the JOC Cockpit a user can log in with the default
root user account and
root password that are available from the JS7 - JOC Identity Service.
JOCIdentity Service is active and is the only Identity Service available by default.
JOCIdentity Service includes the default
rootuser account. Users are encouraged to change the password of the
rootuser account after initial installation of the JOC Cockpit.
To manage user accounts, roles and permissions from any JOC Cockpit page, use the user menu in the right upper corner and select Manage Identity Services:
The Manage Identity Services page holds the list of the available Identity Services. By default the list is populated from the JS7 - JOC Identity Service. Users can add new Identity Services. From this page users can select an Identity Service to manage the user accounts associated with the Identity Service. Assume that the
JOC Identity Service is selected by clicking the name
JOC Identity Service page offers three sub-views: Roles, Accounts, Profiles. Selecting an Identity Service by default opens the Roles sub-view.
- Roles: Permissions can freely be grouped to roles. This includes specifying permissions for scheduling objects in the JOC Cockpit and in Controllers.
- Accounts: Management of user accounts that are stored with the JS7 - Database.
- Profiles: Information about the date of last login by user accounts.
The Roles sub-view
The Roles sub-view allows assignment of permissions for access to scheduling objects with the JOC Cockpit and Controllers.
When the sub-view is opened after initial installation of JOC Cockpit, then it is populated with default roles and permissions, see the JS7 - Default Roles and Permissions article for more information. Users are free to modify, add and delete any roles. Please keep in mind that at least one role that includes administrative permissions to access all objects in the JOC Cockpit and Controllers is required and has to be assigned an administrative user account. Should an administrative role no longer be left then this corresponds to locking the door behind you and throwing away the keys. In this situation refer to the JS7 - Rescue in case of lost access to JOC Cockpit article.
The Accounts sub-view
The Accounts sub-view is available when a user selects the Identity Service from the Identity Management Services page. This sub-view lists the user accounts that are configured along with their roles.
The Permissions sub-view
This view allows graphical navigation and the selection of permissions: