Introducing User Management Server – IAM in Data Platform

We are excited to announce the availability of our Identity and Access Management (IAM) system for our Data Platform applications: the User Management Server (UMS). UMS is available starting from the following versions of the Data Platform suites:

  • Dashboard Platform version 3.2.0.68
  • Report Platform version 4.1.0.16

You can download the latest versions of the Dashboard and Report Platforms from the Syncfusion downloads page. The User Management Server is shipped with both of these setups. It allows you to organize your users, groups, and their access to the Dashboard and Report Servers. It has a common login system that manages access to connected applications.

UMS also lets you add your own OAuth-compatible applications into the system to manage their access. Like the Dashboard and Report Servers, UMS has its own Site Administrator.

Let’s take a deep dive into how UMS evolved using various aspects from the Data Platform applications, and how it delivers an IAM solution.

First, we will check out how the Dashboard and Report Servers managed their users independently.

Dashboard and Report Servers without UMS

System administrators in the Dashboard and Report Servers manage users who manage the following:

  • Resource management: dashboards, reports, data sources, data sets, schedules, and files.
  • Permission management.
  • Directory management: Active Directory, Azure Active Directory.
  • Site settings: custom branding, logos, localization, etc.
  • Notification settings.

In an enterprise, you have mutually exclusive people to manage an application (its users and access permissions) and its data access. These two responsibilities cannot be managed by a single person. This is now resolved with the UMS.

For customers working with both the Dashboard and Report Servers, they would need a single robust interface to manage all users and their access to these servers. This is now resolved by our UMS.

For customers who are working with multiple instances of Dashboard Server and multiple instances of Report Server (multi-tenant), our new UMS  gives you a single interface for all your IAM solutions.

Now, let’s see the other benefits of UMS.

Benefits of the User Management Server

Security

Our User Management Server acts as a secured identity provider. It provides authentication services for applications within an organization.

We are using OAuth authentication in the User Management Server to authenticate users.

Also, we have established a REST API to manage users and groups from other applications. It will return the values if you supply the valid token generated with the appropriate user credentials. Also, the selected user must have the privilege to perform the requested action.

The UMS administrator can manage applications as well as users and groups. Other users can only view and edit their own profile.

We have added the following authentication providers to access Data Platform applications securely”

  • Windows Authentication
  • Azure AD Authentication

Customizable password policy

Passwords are key to an application’s security. It’s a recommended practice to have a password that cannot be predicted by anyone. The password policy feature in the UMS helps strengthen user passwords.

Most systems have a fixed set of password policies that cannot be changed by the system administrators. In UMS, the system administrator can customize the password policy based on the organization’s requirements.

You can customize the password policy by going to Settings > Accounts > Password Policy.

Customizing the Password Policy in User Management Server

Customizing the Password Policy in User Management Server

Application management

UMS manages the Data Platform applications and provides authentication for their users when needed. Administrators can add, edit, or delete Data Platform applications in the User Management Server.

We can have single or multiple Data Platform applications to work with the User Management Server. Also, we can have multiple URL bindings to a single application.

In addition, we have a simple user interface for manipulating the applications within the User Management Server.

You can go through the help documentation to learn more about managing applications in the User Management Server.

Managing users and groups from multiple directories

UMS administrators can create, edit, and delete users and groups within the User Management Server. They have the ability to manage users from the following directories:

  • Windows Active Directory
  • Azure Active Directory

Make any user an administrator, by adding them to the System Administrator group.

An administrator user and system administrator group will be created during the installation process, and these must be present in the User Management Server to work seamlessly. Also, they can synchronize the user and group attributes from the previously mentioned directories.

Seamless synchronization occurs between the User Management Server and different directories. We can also schedule the synchronization of user attributes with the different directories.

In addition, we can add a bunch of users into the User Management Server through a CSV file. You can find more functionalities about managing users and groups in this documentation.

Single sign-on

Single sign-on helps save time and money in enterprise-level organizations by avoiding managing multiple user credentials separately.

Additionally, the common login allows users to log in to multiple applications with the same user credentials. This avoids access problems and provides a better user experience.

We have also provided single sign-on with the following directory services:

  • Windows Active Directory
  • Azure Active Directory

You can find more details on how to configure single sign-on for Azure Active Directory in this documentation.

Similarly, for Windows Active Directory, we don’t have to configure the User Management Server. Instead, the browsers must be configured to make single sign-on work as described in this Knowledge Base.

Conclusion

I hope I have successfully provided an introduction to our Identity and Access Management system and explained some of its premier features.

If you have any questions or require clarifications, you can contact us by submitting your queries on our website, or if you already have an account, you can log in to submit your questions.

Tags:

Share this post:

Related Posts

Leave a comment