DATAmaestro and OpenID
In order to access DATAmaestro, a user must respect two conditions :
Being authenticated
Being authorized
A user can be authenticated via Google OpenID (“Connect with Google”). If the user does not use a Google account, a PEPITe OpenID account must be created.
In order to be authorized, the user just need to exist in the DATAmaestro User list
Interface
User management is carried out via the Users module within Admin
The interface contains two main tabs. The first one lists the DATAmaestro Users and the second the PEPITe OpenID Users.
The Users tab is used to manage the DATAmaestro user account information. This includes personal information (name, email,...) and access information (roles, workspaces/folders, ...).
The OpenID Users tab is used to manage the PEPITe OpenID user. This includes the password creation/edition and the OpendID role. This tab is only used for managing users with no Google account as they need an OpenID account to authenticate.
Creating a new user
The new user has a Google account
As the user has a Google account, he can already authenticate with it and we only need to create a DATAmaestro account to authorize it.
Prerequisite : DATAmaestro account with PEPITe access right (= “admin”)
From DATAmaestro home select View Admin > Edit Users > Users tab.
Click on +User on top right
Fill the differents fields
Id (mandatory) <Google Account Address>
Name
Firstname
User Type
PEPITe : All access
Local Admin : Tag/Job management
Workspaces/Folders (mandatory) <workspace1>,<workspace2>
Select an expiration date or leave it empty for indefinite
Click OK
The user with the Google account linked to newaccount@pepite.be address can now log in to DATAmaestro : Pressing the “Connect With Google” button on DATAmaestro login page will first authenticate the account newaccount@pepite.be. It will then be authorized to access the application since the address exists in the DATAmaestro Users list.
The new user does not have a Google account
As in the previous section, we need to create a DATAmaestro User to authorize the user email address. But it will not be enough because this email address can not be used to authenticate the user. In addition to the previous section, we will create a PEPITe OpenID account.
Prerequisites :
DATAmaestro account with PEPITe access right (= “admin”)
OpenID account with admin right (= “openadmin”)
Repeat the steps from the previous section. Instead of the Google account email address, simply use the user email address.
Then select the OpenID Users tab
Login with your openadmin account
On the OpenID Users tab, click +OpenID User on top right
In the popup fill these fields :
Id : same as Login or empty [retrocompatibility reason]
Login (mandatory) : the user email address (same as the one used in Users tab)
Fill the Password field (must contain an uppercase, lowercase and digit)
Select the OpenID Role
Admin : can create new OpenID user
User : simple user
Check Must Change Password if you want to force the user to change password at first login.
NB: When logged in OpenID, you can get back to the Users tab, then select the DATAmaestro Users and click the +New OpenIDUser button ; a popup will appear with most of the fields pre-filled.
2. Editing and Deleting Users
Edit/Delete DATAmaestro Users
Log in as a PEPITe admin
From DATAmaestro home select View Admin > Edit Users > Users tab
Click the pencil icon to edit and the bin icon to delete the user
Edit/Delete PEPITe OpenID Users
Log in as a PEPITe admin
From DATAmaestro home select View Admin > Edit Users > OpenID Users
Click the top right button OpenID Login and login with your openadmin account
Click the pencil icon to edit, and the bin icon to delete the user