HomeGuidesAPI
HomeGuidesRecipesAPI
HomeGuidesAPILog In

Users

Suggest Edits

The search function accepts % as a wildcard, e.g. "%min" will return any names that contain 'min'

New Users

Users are added manually by SmartIQ administrators and are provided with a username and password to access the system.

Unless accessing SmartIQ as a guest (anonymously), users are typically authenticated to verify their identity and apply authorization based on their groups, roles and permissions. This is the simplest method to implement and is recommended for smaller implementations, and for any initial environment deployment.

Authentication

In addition to a simple user with password, SmartIQ has been integrated with a wide range of other authentication systems and technologies, including OpenID Connect, SAML 2.0, and more.

📘

Note

When changing authentication modes in an environment, it is recommended that you modify only SmartIQ Produce at first while you keep using Forms Authentication for Manage until you have verified that Produce is working with the new method.

If no Identity Extension has been added, it is assumed that the site wants Forms authentication and no additional configuration is needed.

two factor authentication

Two-factor authentication (2FA) adds additional security to an account in the event that someone else gets/guesses your password. An additional code is created via an app (such as Google Authenticator) on your device that lasts for 30 seconds. The server also generates the same code and only if you enter the same value at the correct time will you be allowed access.

Main Configuration through Produce

Only the current user can turn on 2FA for themselves because it requires them to have a secret key entered into an app that will generate codes.

Go to the Profile menu and then click the link to Enable Two-Factor Authentication.

A screen will appear that displays the secret key which can be manually entered into the authenticator app or the QR code can be scanned.

Now the code is entered in the app. This ensures that the set up of the verification app is correct before the feature is enabled. Otherwise, a subsequent login might not be possible. When the code has been entered, correctly click the Turn On button.

If the feature has been enabled, the Two-Factor Authentication link on the Profile page turns into a Disable link.

📘

Note:

Because it is a time-based code, it is important that the server and device have fairly accurate system clocks.

The next time a login to Manage or Produce is attempted, there will be a verification code prompt. The code that appears on the authenticator app will be needed to log in. There is also a "Remember this browser?" checkbox that will remember if the two-factor authentication on this browser has been previously passed and will not prompt again for 90 days.

Additional Maintenance Option

When editing a user, there is a new checkbox on their account indicating whether they have two-factor authentication enabled. It will be checked and enabled if they do have it on, and unchecked and disabled if they have it off.

An admin cannot turn on 2FA for another user because they need to get the secret key setup on their device first. However, the admin can disable the feature for a user. For example, the user lost their phone.

Enforce Two Factor Authentication

It is possible to enforce 2FA by selecting it on a Role. Users that belong to this role, or a group that has this role, will be prompted to setup 2FA when they next login. Instructions will appear on the screen for the user to follow. If the user does not immediately activate 2FA, they will be prompted on their next attempt. The user will not be able to login without setting up 2FA.

Temporary/Guest Users

Temporary Users are users who are external to the SmartIQ user base, also known as Guest or Anonymous users. They interact with forms on an ad-hoc basis either by saving and resuming an incomplete form or being assigned a specific task within a bigger workflow. A Temporary user must need at least an email address to receive an access code to progress in their assigned forms.

To use temporary, autonomous or guest access the common guest user account must be activated.

📘

Access Code

Access Codes do not expire. Temporary users can not use access codes after form has been submitted/workflow finished.

📘

Interface Feature Availability

Logging in as a Temporary user available using Produce web interface only.

Temporary users exist only for the lifetime of the form or workflow they have been created for.

Specifically, there are three ways a Temporary User can be created:

  1. Save and Resume a partially complete form as a guest user. This generates an access code which is emailed to the now temporary user. This temporary user can then resume the form at a later stage by providing the received access code.
  2. Assigned a task within a workflow. This sends an email allows with instructions and an access code to the assigned workflow task.
  3. Reassign the in progress form to a temporary user. This allows to reassign an in progress form to temporary user by providing the recipient name and email.

Note that this means that a temporary user can only exist in the start state when the user is saving it. Also, a task cannot be assigned to a temporary user via the Prepare Form API endpoint. It will need to be done via a workflow transition.

Culture and Language Settings

A Guest user and Save and Resume Temporary User will use the settings configured in the Browser.

A Temporary User that is assigned a task via a Design workflow transition or a reassign will use the configured Guest settings. The temporary user access page will also be displayed using the Guest settings.

Access code generation

SmartIQ offers two methods of generating access codes for Temporary User access, these are [Autogenerated] and Question Reference.

Autogenerated codes are 6-character sequences chosen from the English alphabet's consonants and the digits 1 to 9. They are checked for uniqueness during generation. This is the recommended method of code generation for general use.

Question Reference allows the designer to construct their own access codes within the form (such as by fetching a value from a Data Source and concatenating it with another value). No uniqueness check is performed for codes generated by this method, so care should be taken to avoid duplicate values. As mentioned above, auto-generation is the recommended method.

📘

Note:

As a security measure and part of the purpose of Temporary User verification, access codes cannot be provided in a URL. There is always a login step.

Updated 5 days ago