User Account Overview
User accounts in MediaBeacon control the user's ability to log into the system, define broadly their level of capability, but rely upon other configurations (Groups, ACLs) to control the fine detail of user permission.
For an explanation of the interactivity between different types of configuration assets, see the [Configuration Interactivity] article.
User Account Workspace List View
- A user account's active status is indicated by a grey flag in the upper left of its row.
- User accounts may be sorted by: Username, User Type, Group Membership, First Name, Last Name, and Email.
- User accounts may be filtered by: Username, User Type, Primary Group, Group Membership, Company, Department, Position, Country, State/Region, City, and Active.
User Account Asset Metadata
- Username: The string that the user enters to authenticate.
- Password: The password that the user will enter to authenticate.
- Passwords in local accounts do not have length or character restrictions by default. However these can be configured, see the [???] article for more information.
- Active: When selected, this option makes the account active, that is, able to log in.
- Change password on next login: When enabled, this option requires the user, once authenticated, to choose a new password that cannot be the same as the initial password. This is useful if an admin is asked to manually reset a password, making the password given to a user a one-time password. Once the password has been changed, this option will be disabled.
- Note: Both of the Active? and Change password checkboxes can be checked concurrently.
- User Type: One of three user types may be chosen here, General User (most users), Group Administrators (seldom used) and Global Administrator (configuring users). See the [User Type] section below for more information on these types.
- Group Membership: This multi-value field defines the list of groups to which user has access. It is a dynamic dictionary field, only allowing currently existing groups to be added.
- The group entered into Primary Group will automatically be entered into Group Membership.
- This is bidirectional with group's Users field. When a group is added to or removed from this field, this username will be added or removed from that group's Users field.
- Loading Dock Type: Assign the loading dock type for
- Primary Group: This field is an artifact of legacy systems, and the group listed here has no special function or bearing on the account. There are a few quirks about how it is used in the Create / Edit dialog:
- It is a required value, and the value here is automatically added to the list of groups in Group Membership.
- When a user is created, it is auto-populated with the "users" group. This is usually not desirable. See the [Groups] section for more information.
- The best practise to use when populating a user:
- Single group: the group to which the user belongs will be in Primary Group and Group Membership fields.
- Multiple groups: All groups will be in Group Membership, but one of them (it does not matter which) must be in Primary Membership.
- User Account Contact Fields: These fields have limited functionality within MediaBeacon, and do not need to be entered for an account to be valid.
- First Name: If filled, the string here will be displayed in place of the username field when the user is logged in.
- Last Name: If filled, the string here will be displayed in place of the username field when the user is logged in.
- Address Line 1
- Address Line 2
- Zip Code
- Phone Number
- Phone Extension
- Email: This field must be filled out, otherwise the system cannot send email to them.
- Content Pools: This function extends per-user information and metadata search capabilities. See the [Content Pools] article for more information.
Local vs IdP Users
User Accounts can be thought of in two major categories. One, local accounts, which are created and managed by the MediaBeacon system itself, and identity provider (IdP) accounts, those controlled by an identity provider that MediaBeacon is configured to use. MediaBeacon integrates with an array of identity providers. See the [Enterprise Tab] section for more information.
This article refers to local account functionality in general, and IdP accounts as noted.
This section will list those areas where IdP accounts differ from local accounts.
- Username and Password: Controlled by the IdP and are not editable.
- User Account Contact Fields: Controlled by the IdP and are not editable.
- Active Setting: An IdP account can be prevented from logging in when its Active option is disabled. The user authenticates as normal via the IdP, but no access is granted to this account.
- Primary Groups and Group Membership: These fields in an user account are generally controlled by the IdP and are not editable. Configuration options do exist to change this behavior, allowing the IdP to initially populate these fields, with MediaBeacon allowed to make changes.
User Type (User Levels)
- General User: This type of user has no access to configure the Admin Core, and is granted the ability to configure parts of the WebUI in only very exceptional circumstances. Most users of the system will be this type.
- Global Administrator: This type of user has the most power to edit configuration in the system, always having access to the Admin Core, and to Admin Mode. Some group/ACL permission restrictions can limit the abilities of global admin, so it is worthwhile to ensure there is at least one fully unrestricted group set aside for this purpose. See the [Administrative Best Practices] article for more information.
- Group Administrator: the group administrator capabilities fall somewhere between the General User and the Global Administrator.
- Cannot use Admin Mode.
- Full access to Admin Core.
- For this reason, this user type is not often used. Typically, intermediatly permissioned users will be of the General User type, and given access to groups that allow more capability them most other users.
See the [Content Pools] article for more information.
MediaBeacon's invitation system is a way to quickly onboard a number of local users with a minimum of Global Admin effort. An invitation creates an email, link, or activation code that gives a users a self-service method of account creation. One notable difference between invitations and normal user accounts is that invitations are not stored as XMP assets, and as such have limited editability once created.
A note on user count: Users created by an invitation (does not count / counts against) the number if users a given license allows. For more information about license parameters, see the [License] section of the Server GUI Application
Creating an Invitation
Once the Menubar > Create > Invitation command, is chosen, the Invitation dialog is shown. It's titled "Activation Code:
ALERT CALLOUT: This number is both the key for creating accounts, and identifying them for later management so it may be worth copying before filling out the below form.
- Number of Users: The maximum number of users that can be created by a given invitation.
- Email Details: Sending an email is optional. If so the Activation code or link will need to be copied by hand. It's recommended that global admins send the invitation email to themselves for forwarding even if they are not going to designate recipients initially.
- To: Allows one or more (comma separated) email addresses to receive the invitation email. Unlike other email forms in MediaBeacon, this one does not prefill user accounts / email addresses as it is assumed the recipients are not already in the system.
- Subject: Standard email functionality.
- Body: Standard email functionality. Will also contain the link to complete an account activation when sent.
- Default Group: The invitation system allows the user to choose one group the users will belong to. If more than one group is needed, this may be added to users via normal editing or bulk edit once they have created their account. This field cannot be left blank.
- Required Fields: In addition to a username, the User Account Contact fields may be set to required, for the invited user to supply. It's recommended to include "Email" with every invitation.
- Create Invites and Send Email button: The To and Subject lines will need to be filled to send an email properly.
- Create Invites: Immediately creates the invitation, displaying the "Email Users" dialog, to remind the admin to send the activation link to users.
ALERT CALLOUT: This is the only time that the link can be copied at this point. Double check it has been completely copied. Clicking "OK" or "X" clears the dialog.
Once created, an invitation's status can be reviewed by clicking the Menubar > Manage > Invitations command, opening the Invitation User Summary dialog.
- Invitation Name: Unique Identifier for each invitation.
- Activation Code: The code as seen in the "Activation Code" dialog. This is the easiest cross reference to each invitation.
- Invited Users: Number of users initially invited.
- Remaining Users: Remaining users for the given
- "X" (Delete) button: This will delete the invitation.
Using an Invitation
When the user follows an activation link, the user is redirected to the MediaBeacon site:
- The Create Account dialog is displayed.
- The user enters required fields and clicks "Create".
- If the account is successfully created, the "Success" dialog is displayed, the user then clicks "Close" to return to the MediaBeacon login screen.
Via Activation Code
The activation code from an invitation may also be used to create accounts to be used, but the "Create Account" link option must be enabled in the Log In component on the Log in workspace. For more information on how to enable this function, see the [???] section.
To use, the user clicks the "Create Account" link, displaying the "Enter Activation Code" dialog.
- The user enters the activation code, and clicks "Create". If the activation code is valid, the steps of account creation above in "Via Link" are followed.
INFO CALLOUT: The activation may also be postpended to the following string to make an activation link: "http://externaltraining2.mediabeacon...tMain.html#!CU"