Parent page: Browser-based Access & Management
User Management for an Altium Vault is performed from the USERS area of the vault's browser-based interface, accessed from an external browser. This provides the interface to the Identity Service (IDS), with which to define Vault (and other service) access, through specification of Users and Roles.
User management is performed through the USERS area of the Altium Vault's browser interface.
Controls are spread over the following sub-pages:
- Users - use this page to create and manage a list of users; people who are to have access to the Vault and/or the associated technologies installed with it.
- Roles - use this page to create and manage a list of roles; roles allow you to further organize your users according to, for example, the particular section of the organization in which they are involved, or the design team they are in. Roles also make the sharing of Vault content, and the configuration of other Vault-served technologies, more streamlined.
- LDAP Sync - use this page to configure and run an LDAP Sync task. This allows the administrator of your Altium Vault to leverage the network domain’s existing username and password credentials, so that user credentials do not have to be created manually one at a time on the Users page. When setup correctly, the Users page will automatically populate with user credentials, enabling any user listed to sign into the Vault using their regular corporate network username and password.
- Sessions - use this page to quickly assess which of your users are currently signed into the Altium Vault. Provision is made for an administrator to terminate a user's access to the Vault by effectively 'killing' their active session, thereby freeing connections to the Vault for use by others.
Management of users for access to the Altium Vault and related services is performed from the Users page, by an administrator of that Vault. A user is simply a person who it is intended will need access to the Vault.
Create a 'database' of people who are to have access to the Altium Vault, from the Users page of the browser interface.
All defined users are presented in a flat listing.
Within the main listing, each user is displayed in terms of the following information:
- Type - represented by an icon as being either an administrator for the Vault (), or a standard user/non-administrator ().
- User Name - the defined username for the user, used as part of their credentials for accessing the Vault.
- First Name - the user's first name.
- Last Name - the user's last name.
- Email - the user's email address.
- Online - reflecting the active state of the user, in relation to whether they are currently signed into the Altium Vault (online, ) or not (offline, ). Administrators can kill active sessions to free up connector licenses if needed. This is performed from the Sessions page.
The Edit () and Remove () controls associated with a user enable you to edit the details for that user, or to remove them (preventing access to the Vault) respectively. The System user cannot be edited, nor can it be removed. Non-admin users can only edit themselves. The currently signed-in user cannot remove theirself.
Adding a New User
To add a new user for Vault access, simply click on the button, located at the top-right of the page. A pop-up dialog will appear with which to specify the contact details, login credentials, and additional role membership for that user.
When you click to add a new user, you will be presented with a dialog in which to specify that user, and their role membership. Hover the mouse over the image to see this dialog.
Specify details for the user. The following are required fields (marked with a red asterisk):
- First Name
- Last Name
- User Name
The User Name and Password become that user's login credentials for access to the Vault.
The Altium Vault supports two modes of user authentication when accessing the vault:
- Built In - this is provided courtesy of the Vault's own Identity Service (IDS). The user accesses the Vault by entering the credentials initially supplied to them by an administrator for the Vault.
- Windows - using Windows Domain Authentication. The user accesses the Vault by entering their Windows login credentials. Windows authentication is only available for an Altium Vault installed on a PC that is part of a domain.
Setting the required mode of authentication is performed when initially adding a user to the Vault, but can be switched at any stage thereafter.
Mode is specified using the Authentication field. By default, Built In mode is used. To use Windows Domain Authentication, click on this field and choose Windows from the drop-down. The sub-fields change from User Name and Password, to User Name and Domain respectively. The Domain field is pre-filled with the name of the domain of which the PC is currently part. Enter the User Name to be exactly the same as the User Name for that user's Windows login.
Switch useraccess control to use Windows Domain Authentication. The Domain name will be filled for you, you just
need to enter the User Name portion of the user's Windows login credentials.
You can also specify which of the existing roles (if defined) the user is to be made a member of, if required. Start typing the name of a role in the New Roles field to pop-up a list of matching roles. Select the required role from the this list. If the user is required to have administrative powers, select the
Administrators role, which is a default role already available. Multiple roles can be chosen for assignment. Assigned roles will appear in a User Roles region, once the user has been saved (created). To remove a role prior to final assignment, simply click the delete cross, to the far right of its name.
Add the new user to any currently defined roles, as required. Hover the mouse over the image to see how that
information will appear, after the user is saved/created.
Once all details are filled out and specified as required, click the Save button - the new user will be created and added to the list of users with access to the Altium Vault.
An example new user added to the list of users who can access the Vault.
When using Built In authentication, the access credentials for a new user need to be defined initially by an administrative user, since a non-administrative user cannot add new users (and therefore themselves). However, once added, a non-administrative user can access and change their own details - including User Name and Password - at any stage. This allows non-admins to securely register their own access credentials, without sharing their password with anyone else, including an administrative user.
Of course, if a non-administrative user forgets their password, they will not be able to sign in through the browser interface to access and change it! In this case, they will need to notify an Admin to effectively 'reset' their password for them. This simply involves the administrator:
- Accessing the details for the user and entering a new password in the Password field.
- Clicking Save to effect the change.
- Communicating the new password back to that user.
The non-administrative user can then access their user and switch out this new, temporary password, with another one of their own creation.
Editing an Existing User
Clicking on an individual user's User Name in the list, or using the associated Edit control (), accesses their full user details. Make any changes to the contact details for that user, their login credentials, and role assignment as required.
Access and make changes to a user as required.
When all modifications have been made as required, simply click the Save button to effect those changes.
Removing a User
To remove a user, simply use the associated Remove control (). A dialog will appear asking for confirmation to proceed with the deletion. Click OK to proceed, after which the user will be removed from the Vault's user database. They will no longer have access to the Vault.
Management of roles for the Altium Vault is performed from the Roles page, by an administrator of that Vault. Roles allow you to further organize your users according to, for example, the particular section of the organization in which they are involved, or the design team they are in. Roles also make the sharing of Vault content, and the configuration of other Vault-served technologies, more streamlined.
Create specific roles (or 'memberships') of users, from the Roles page of the browser interface.
All defined roles are presented in a flat listing.
Within the main listing, each role is displayed in terms of the following information:
- Role Name.
- Members - how many defined users are part of this role.
The Edit () and Remove () controls associated with a role enable you to edit the details for that role, or to remove it, respectively. The Administrators role cannot be removed. Non-admin users can only view roles, they cannot edit or remove them.
Adding a New Role
To add a new role, simply click on the button, located at the top-right of the page. A pop-up dialog will appear with which to define the role, in terms of its name and members.
When you click to add a new role, you will be presented with a dialog in which to specify that role, and its members. Hover the mouse over the image to see this dialog.
Use the Role Name field to enter a meaningful name for the new role. For example this may be a name that is reflective of the task performed by its members. This is a required field, as denoted by the red asterisk.
You can also specify constituent users for the role (its members). Start typing the full name, username, or email address of a user in the New Members field, to pop-up a list of matching users. Select the required user from the this list. Multiple users can be chosen as members of the role. Assigned users will appear in a Members region, once the role has been saved (created). To remove a user prior to final membership, simply click the delete cross, to the far right of their name.
Add existing users as members of the new role, as required. Hover the mouse over the image
to see how that information will appear, after the role is saved/created.
With name and members defined as required, click Save to effect creation of the role. The role will now be available in the list of roles for use in applicable areas elsewhere in the Vault's browser interface. For example when adding/editing a user, or sharing permissions for Vault folder/internal Design Repository/managed project access.
An example new role added to the list of roles available for the Vault.
Editing an Existing Role
Clicking on an individual role's Role Name in the list, or using the associated Edit control (), accesses its full details. Make any changes to the role's name and/or user membership as required.
Access and make changes to a role as required.
When modifications have been made as required, simply click the Save button to effect those changes.
Removing a Role
To remove a role, simply use the associated Remove control (). A dialog will appear asking for confirmation to proceed with the deletion. Click OK to proceed, after which the role will be removed.
Related page: How to Configure LDAP Sync with the Altium Vault
This page allows you to configure and run one or more LDAP Sync tasks. An LDAP Sync task allows the administrator of an Altium Vault to leverage the network domain’s existing username and password credentials, so that user credentials do not have to be created manually one at a time on the Users page of the interface. When setup correctly, the Users page will automatically populate with user credentials, enabling any user listed to sign into the Altium Vault using their regular corporate network username and password.
To add a new sync task, simply click on the button, located at the top-right of the page. A pop-up dialog will appear with which to define the sync task.
Adding a new LDAP Sync Task through the Vault's browser-based interface.
Fill in the information, based on the domain structure in effect within your company.
When you have completed entering all settings, click Save. This will initiate the Sync process, which may take a minute or two, as it processes the information you have entered. Watch the Sync status messages at the top of the LDAP Sync page, to see when the process completes. Once complete, access the Users page. This will be populated with all users as defined by the OU=<GroupName> setting in the sync task. Authentication for each user will be Windows Domain Authentication, so all of those users can sign into the Altium Vault using their regular Windows login.
Example population of users for an Altium Vault, through use of an LDAP Sync task. Hover the mouse over the image to see the resulting users that are created.
The Altium Vault supports users signing into it, using the same credentials, but from different computers. If you have an abundance of Vault Connector licenses (CAL) remaining, this will not be a problem. But if you have a limited number of connections, you can't afford to have them 'in use' if they are not, in reality, being used. Similarly, if you have more users requiring access to the Vault, than there are connector licenses. An administrator for the Altium Vault has the power to logout any user that is currently signed into the Vault. This enables licensed Vault connections to be 'freed up' as it were, for assignment to other users, should the route of purchasing additional licensed connections not be viable. This is performed from the Sessions page of the browser interface.
As an Administrator for your Altium Vault, you have the ability to not only view active Vault connections, but also the ability to terminate a session for any user currently signed
into that Vault.
All users that are currently signed into the Altium Vault - either through an instance of Altium Designer, or through the Vault's browser-based interface - are listed, in terms of their User Name and Identity Address (reflecting the IP address of the computer from which a connection to the Vault is being made).
The act of being signed into the Vault creates an 'active session'. To effectively kill a user's session - logging them out of the Altium Vault - simply use the associated Kill Session control (). A dialog will appear asking for confirmation to kill the session. Click OK to proceed, after which the user will be logged out from the Vault.