As an admin in our own GoFAST system, I can create a new user.
- How can I reset a password for another user? Or edit a user detail (for a user not coming from LDAP), for example the email?
- How can I see all the users and their roles, for example list the superadmins? The Directory overview for users with its cards is not really helpful
- Is there a way to impersonate users?
- Can we enforce SSO usage?
Hello @aclassen ,
1 - For security and personal data management issues, the super-administrator cant’ t reset a password for another user. GoFAST user is responsible for his user account and he is able to reset his password himself. It’s very easy. When connecting to the platform, the user can see a button “REQUEST NEW PASSWORD” just below the headings with Username and password. Just click on a button “REQUEST NEW PASSWORD” and GoFAST platform send to user a link to reset his password.
The user is able to manage some personal information in his account settings profile like email or password.
If the superadmin would like to edit user detail, he can do it in the account settings of user profile. The superadmin can find this button with account settings on a user profile page to the right of profile picture. The same procedure is applicable for Extranet user not coming to LDAP but having an account on GoFAST platform.
2 - Our IT Team is finalizing GoFAST 3.8 version in april. In this major version, the superadmins will see a table in the Directory overview with the users and their roles. Unfortunately, this table is non sortable by user role but you make a very good suggestion. We can improve this feature in the future GoFAST version. Otherwise, the superadministrators can sort by all other indicators in this table.
3 - Definitively not, mainly for GDPR reasons (you will have access to his private space). Or do you mean user right delegation ?
4 - Even for your external users ? You would like then to have no login form at all, is this correct ?
Have a nice day,
- Oh, I had not found the account settings. Fine! Also I understand the restrcitions, I was only starting from a situation where no mail server was configured.
- Nice, ok
- You are right! I did not think this through, starting from a normal Extranet or Intranet situation where an admin may want to check why certain things are not working. But in GoFAST with possibly sensitive information that is a no-no
- Situation is that we would like to enforce or at least strongly encourage usage of 2fa (in our SSO), and use SSO to access several applications at the same time, especially when accessing sensitive information (not formally restricted, but not public). Ideally authentication would be default to the SSO if a user account is set as SASL-authenticated, even for Extranet users. A login page is likely necessary for non-ldap - sso users. Not yet sure how best to do that
@aclassen The normal behavior should be that when you arrive on the login page while you had an SSO ticket already (from Keycloak for example) you are automatically login into GoFAST, so you don't have to login form displayed at all. If you are an external user (and no SSO), you will have the form displayed.
I hope this answer your question.