The users section lists all user accounts including admins and the _Guest account.

The search function accepts % as a wildcard, e.g. "%min" will return any names that contain 'min'

New Users

Users are added manually by SmartIQ administrators and are provided with a username and password to access the system. Usernames are limited to 256 characters in length.

Unless accessing SmartIQ as a guest (anonymously), users are typically authenticated to verify their identity and apply authorization based on their Groups, Rolesand permissions. This is the simplest method to implement and is recommended for smaller implementations, and for any initial environment deployment.

The Skip Group Auto Assignment option allows control over which users will not get automatically assigned to auto assign type groups. This option is initially not enabled. This can especially be configured for specialized users who should have limited access.

Authentication

In addition to a simple user with password, SmartIQ has been integrated with a wide range of other authentication systems and technologies, including OpenID Connect, SAML 2.0, and more.

👍

Best Practice

When changing authentication modes in an environment, it is recommended that you modify only SmartIQ Produce at first while you keep using Forms Authentication for Manage until you have verified that Produce is working with the new method.

If no Identity Extension has been added, it is assumed that the site wants Forms authentication and no additional configuration is needed.

Two-Factor authentication

Two-Factor authentication (2FA) adds additional security to an account in the event that someone else gets/guesses your password. An additional code is created via an app (such as Google Authenticator) on your device that lasts for 30 seconds. The server also generates the same code and only if you enter the same value at the correct time will you be allowed access.

2FA can be enforced through Roles

Main Configuration through Produce

Only the current user can turn on 2FA for themselves because it requires them to have a secret key entered into an app that will generate codes. The option to enable 2FA in produce is available in the Profile menu.

A screen will appear that displays the secret key which can be manually entered into the authenticator app or the QR code can be scanned. This ensures that the set up of the verification app is correct before the feature is enabled. Otherwise, a subsequent login might not be possible.

When the code has been entered, correctly click the Turn On button.

To disable the 2FA the link on the Profile page turns into a Disable link.

📘

Because it is a time-based code, it is important that the server and device have fairly accurate system clocks

The next time a login to Manage or Produce is attempted, there will be a verification code prompt. The code that appears on the authenticator app will be needed to log in. There is also a "Remember this browser?" checkbox that will remember if the Two-Factor Authentication on this browser has been previously passed and will not prompt again for 90 days.

Additional Maintenance Option

When editing a user, there is a checkbox on their account indicating whether they have Two-Factor Authentication enabled. It will be checked and enabled if they do have it on, and unchecked and disabled if they have it off.

An admin cannot turn on 2FA for another user because they need to get the secret key setup on their device first. However, the admin can disable the feature for a user. For example, the user lost their phone.

Guest Users

Publicly accessible forms (for which no login is required) run under the Guest user. To use guest access, the common guest user account must be activated.

Some functionality relating to user access requires the Guest user account to be active. If you are getting an access denied error, try enabling the Guest user account.

Temporary Users

Temporary Users are users who are external to the SmartIQ user base. They interact with forms on an ad-hoc basis either by saving and resuming an incomplete form or being assigned a specific task within a bigger Workflow. A Temporary user must have at least an email address to receive an access code to progress in their assigned forms. Temporary users exist only for the lifetime of the form or workflow they have been created for.

📘

Interface Feature Availability

Logging in as a Temporary user is available using the web interface only.

There are three ways a Temporary User can be created:

1. Save and Resume a partially complete form as a guest user. This generates an access code which is emailed to the now temporary user. This temporary user can then resume the form at a later stage by providing the received access code.
2. Assigned a task within a workflow, this sends an email with instructions and an access code to the assigned workflow task.
3. Reassignthe in progress form to a temporary user, this allows to reassign an in progress form to temporary user by providing the recipient name and email.

Note that this means that a temporary user can only exist in the start state when the user is saving it. Also, a task cannot be assigned to a temporary user via the Prepare Form API endpoint. It will need to be done via a workflow transition.

Access code generation

SmartIQ offers two methods of generating access codes for Temporary User access, these are, Autogenerated and Reference Tags.

Autogenerated codes are 6-character sequences chosen from the English alphabet's consonants and the digits 1 to 9. They are checked for uniqueness during generation. This is the recommended method of code generation for general use.

Reference Tags allows the designer to construct their own access codes within the form (such as by fetching a value from a Data Source and concatenating it with another value). No uniqueness check is performed for codes generated by this method, so care should be taken to avoid duplicate values. As mentioned above, auto-generation is the recommended method.

📘

Access Codes do not expire. Temporary users can not use access codes after form has been submitted/workflow finished.

📘

As a security measure, and part of the purpose of Temporary User verification, access codes cannot be provided in a URL. There is always a login step.

Culture and Language Settings

A Guest user and Save and Resume Temporary User will use the settings configured in the Browser.

A Temporary User that is assigned a task via a Design workflow transition or a reassign will use the configured Guest settings. The temporary user access page will also be displayed using the Guest settings.