Properties of a Person Group Login

The login of a person group is created automatically on creation of the person group.

• create a person group, see "Creating a Person Group".

• consult login characteristics, see "Viewing Login Characteristics".

• configure the login of a person group, see "Configuring the Login of a Person Group".

The User Code is the short identifier (upper case, maximum length 6 characters) of the person group.

This code is defined automatically on creation of the person group.

The login holder is the person group associated with the login.

Repository access of a person group is defined by the following access modes:

By default, the person group has read/write access to all repositories, but access can be limited or prohibited.

When a repository is added in the site, by default it can be accessed by the person group.
For more details on how to restrict the repository access rights of a person group, see "Configuring the Login of a Person" and "Configuring a Profile".

By default, the person group cannot access repositories, but access can be authorized. In this case, you must at least define and authorize access to a repository.

When a repository is added in the site, by default it cannot be accessed by the person group.
For more details on how to add repository access rights to a person group, see "Configuring the Login of a Person" and "Configuring a Profile".

This mode is useful to install a confidentiality policy; it is preferable to first create a person group with explicit repository access, then progressively define its rights and the information it can access.

At creation of a person group, default access to repositories is as defined in environment and site options (Options/Repository) via the Repository default access mode option.

Repository access default mode is Implicit Access, to modify this value see "Managing Options", page 199.

At creation, a person group can access all repositories by default.

Person group access rights to environment repositories can be restricted by the administrator. He can:

If the person group already has repository access rights restricted by those defined on his/her profile, only the restricted access rights will be defined on the profile.

Login status can be used to make a person group inactive (value: Inactive). Users belonging to the person group can no longer have access to repositories through the person group, but trace of their actions are retained. The person group can be easily reactivated (value: Active).

When you delete a person group from the repository, the commands connected to the users belonging to the person group are kept as long as the users are not deleted.

The Command Line field enables restriction of access of a user or profile to available products.

If a user is connected to a profile and the user and profile each have access to products restricted by the Command Line attribute, the products accessible to the user are at the intersection of the values of the Command Line attribute of the user and profile.

Default value of the Authentication Mode parameter on the user login is inherited at user creation from the Authentication Mode option defined in the options of the environment (Options/Installation/User Management).

Authentication mode of a user is by checking the user password. Available authentication modes are:

Passwords are managed and stored in the MEGA repository.

Passwords are managed and stored in Windows. This allows the user connected to Windows to be recognized automatically when he/she is connected to MEGA (Windows Front-End), not requiring entry of his/her password.

Attention: to connect to a MEGA (Web Front-End) application, the user must enter his/her password.

The list of users in your MEGA environment is automatically synchronized with the list of users defined in your Windows network.

Passwords are managed and stored in the LDAP server of the enterprise. The directory configuration is stored in options.

This authentication is managed by an external authentication module or SSO. This authentication mode is specific to Web connection to Web applications.

See the technical article Web connection overloading and configuration EN .

This field only appears when the Authentication Mode is "Windows", see "Authentication mode".

The Windows Identifier of a user enables connection of a MEGA user to a Windows user, see "Associating a Windows user with a MEGA user manually".

To connect to a MEGA application (Web Front-End), the user must enter his/her password.

This field only appears when the Authentication Mode is "LDAP", see "Authentication mode".

The LDAP Server is the server with which the MEGA user is authenticated in LDAP authentication mode.

This server contains the LDAP directory in which the MEGA user is registered.

This attribute appears in the case of definition of profiles on login of persons, see "Definition of profiles to persons mode"

In the case of assignment of business roles to persons (see "Assignment of business roles to persons mode") you do not need to connect a profile to the login. The profile is connected to the business role which is assigned to the person, see "Managing Profiles and Business Roles".

To be able to connect to MEGA the user must have at least one profile.

By default, no profile is assigned to the login of a user or user group, you must connect at least one profile to the login.

If a user already has access rights restricted by the Command Line attribute on his/her Login (see "Viewing Login Characteristics"), the products accessible to this user are at the intersection of values of the Command Line attribute of the user login and profile.

At installation, some profiles are already available in the environment.

This attribute appears in the case of assignment of business roles to persons mode, see "Assignment of business roles to persons mode".

This attribute enables connection of an administrator profile to a user so that this user can connect to the Administration application (Windows Front-End).