Adding Users & Roles

Now reading version 3.0. For the latest, read: Adding Users & Roles for version 5.0

This documentation page references NEXUS Server (part of the deployed NEXUS solution), which has been discontinued. All your PCB design, data management and collaboration needs can now be delivered by Altium Designer and a connected Altium 365 Workspace. Check out the FAQs page for more information.

 

Parent page: Browser-based Access & Management

User Management for the Altium NEXUS Server is performed from the Team area of the server's browser interface, accessed from an external browser. This provides the interface to the Identity Service (IDS), with which to define NEXUS Server (and other service) access, through specification of Users and Roles.

User management is performed through the Team area of the Altium NEXUS Server's browser interface.User management is performed through the Team area of the Altium NEXUS Server's browser interface.

Controls are spread over the following sub-pages:

  • Users - use this page to create and manage a list of users; people who are to have access to the NEXUS Server and/or the associated technologies installed with it.
  • Roles - use this page to create and manage a list of roles; roles allow you to further organize your users according to, for example, the particular section of the organization in which they are involved, or the design team they are in. Roles also make the sharing of NEXUS Server content, and the configuration of other NEXUS Server-served technologies, more streamlined.
  • LDAP Sync - use this page to configure and run an LDAP Sync task. This allows an administrator of your NEXUS Server to leverage the network domain’s existing username and password credentials, so that user credentials do not have to be created manually one at a time on the Users page. When setup correctly, the Users page will automatically populate with user credentials, enabling any user listed to sign into the NEXUS Server using their regular corporate network username and password.
  • Sessions - use this page to quickly assess which of your users are currently signed into the NEXUS Server. Provision is made for an administrator to terminate a users' access to the NEXUS Server by effectively 'killing' their active session, thereby freeing connections to the NEXUS Server for use by others.
Only an administrative user has full access to management controls. While a non-administrative user can browse Users and Roles, they cannot access LDAP Sync or Sessions. And while management of users by a non-administrative user is not generally possible, they are able to change the profile of their own user - including changing username and password.

Users

Management of users for access to the NEXUS Server and related services is performed from the Users page, by an administrator of that NEXUS Server. A user is simply a person who it is intended will need access to the NEXUS Server.

Two administrative users are provided with a new NEXUS Server installation - admin and System. The former, which is visible from the Users page, allows you to quickly get access to the NEXUS Server as an administrator. Once you have added other users, you can keep and edit the admin user (change its name and password for example), or delete it. The System user, which is not visible from the Users page, is used for all background tasks (including LDAP Sync, and Notifications). This user is permanently online. It does not, however, use a connector license.

Create a 'database' of people who are to have access to the Altium NEXUS Server, from the Users page of the browser interface.Create a 'database' of people who are to have access to the Altium NEXUS Server, from the Users page of the browser interface.

All defined users are presented in a flat listing.

Within the main listing, each user is displayed in terms of the following information:

  • Type - represented by a default icon as being either an administrator for the NEXUS Server (), or a standard user/non-administrator (). Hovering over the image will provide a textual confirmation of this (Admin, or User).
An image can be uploaded while editing the information for an existing user, replacing the default icon. This could be the user's actual photo, so that other users can quickly put a face to a name. For the default admin user, the following image is used: .
  • User Name - the defined username for the user, used as part of their credentials for accessing the NEXUS Server.
  • First Name - the user's first name.
  • Last Name - the user's last name.
  • Email - the user's email address.
  • Online - reflecting the active state of the user, in relation to whether they are currently signed into the NEXUS Server (online, ) or not (offline, ). Administrators can kill active sessions to free up connector licenses if needed. This is performed from the Sessions page.

The Edit () and Remove () controls associated with a user enable you to edit the details for that user, or to remove them (preventing access to the NEXUS Server) respectively. Non-admin users can only edit themselves. Currently signed-in users cannot be removed (you can only remove offline users).

Users can be sorted by User Name, First Name, Last Name, or Email, using the column header in each case. Click once to sort in ascending order, click again to sort in descending order. In addition, you can search for a user by User Name, First Name, or Last Name, using the dedicated Search field at the top-left.
Any number of users may be registered to access and use the NEXUS Server, but only a licensed number will be allowed to connect to it simultaneously. This number is determined by the seats of the purchased Client Access Licensing.

Adding a New User

To add a new user for NEXUS Server access, click on the  button, located at the top-right of the page. A pop-up window will appear with which to specify the contact details, login credentials, and additional role membership for that user.

A non-administrative user cannot add new users.

When you click to add a new user, you will be presented with a window in which to specify that user, and their role membership. Hover the mouse over the image to see this.When you click to add a new user, you will be presented with a window in which to specify that user, and their role membership. Hover the mouse over the image to see this.

Specify details for the user. The following are required fields:

  • First Name
  • Last Name
  • User Name
  • Password

The User Name and Password become that user's login credentials for access to the NEXUS Server.

You will be prevented from trying to add another user with the same User Name as an existing user.

Once all details are filled out and specified as required, click the  button - the new user will be created and added to the list of users with access to the NEXUS Server.

An example new user added to the list of users who can access the NEXUS Server.An example new user added to the list of users who can access the NEXUS Server.

Password

When using Built In authentication, the access credentials for a new user need to be defined initially by an administrative user, since a non-administrative user cannot add new users (and therefore themselves). However, once added, a non-administrative user can access and change their own details - including User Name and Password - at any stage. This allows non-admins to securely register their own access credentials, without sharing their password with anyone else, including an administrative user.

Of course, if a non-administrative user forgets their password, they will not be able to sign in through the browser interface to access and change it! In this case, they will need to notify an Admin to effectively 'reset' their password for them. This simply involves the administrator:

  • Accessing the details for the user and entering a new password in the Password field.
  • Clicking  to effect the change.
  • Communicating the new password back to that user.

The non-administrative user can then access their user and switch out this new, temporary password, with another one of their own creation.

Under Windows Domain Authentication, Password maintenance (and issues) are handled by your Windows Network Administrator.

Editing an Existing User

Clicking on an individual user's User Name in the list, or using the associated Edit control (), accesses their full user details. Make any changes to the contact details for that user, their login credentials, and role assignment as required. You can also upload a photo for the user, which will replace the default icon (click the Upload Photo control).

A non-administrative user can only make changes to their own user.

Access and make changes to a user as required.Access and make changes to a user as required.

To remove the user from a particular role in which they are currently a member, simply uncheck the associated Member option for that role.

When all modifications have been made as required, click the  button to effect those changes.

Removing a User

To remove a user, use the associated Remove control (). A dialog will appear asking for confirmation to proceed with the deletion. Click OK to proceed, after which the user will be removed from the NEXUS Server's user database. They will no longer have access to the NEXUS Server.

A user cannot remove themselves. Only offline users can be removed. A non-administrative user cannot remove others.
The remove operation cannot be undone. If you remove a user by mistake, you will need to add that user back, in the same way that you would add any new user.

Roles

Management of roles for the Altium NEXUS Server is performed from the Roles page, by an administrator of that NEXUS Server. Roles allow you to further organize your users according to, for example, the particular section of the organization in which they are involved, or the design team they are in. Roles also make the sharing of NEXUS Server content, and the configuration of other NEXUS Server-served technologies, more streamlined.

Several sample roles are defined for a NEXUS Server installation. This includes the role Administrators. This role gives administrative privileges to its members. Anyone who is a member of this role has complete access to the NEXUS Server, and all associated technologies and services through the browser interface.
The same user can be a member of any number of defined roles.

Create specific roles (or 'memberships') of users, from the Roles page of the browser interface.Create specific roles (or 'memberships') of users, from the Roles page of the browser interface.

All defined roles are presented in a flat listing.

Within the main listing, each role is displayed in terms of the following information:

  • Role Name.
  • Members - how many defined users are part of this role.

The Edit () and Remove () controls associated with a role enable you to edit the details for that role, or to remove it, respectively. The Administrators role cannot be removed. Non-admin users can only view roles, they cannot edit or remove them.

Roles can be sorted by Role Name using the column header. Click once to sort in ascending order, click again to sort in descending order. In addition, you can search for a role by this criteria, using the dedicated Search field at the top-left.

Adding a New Role

To add a new role, click on the  button, located at the top-right of the page. A pop-up window will appear with which to define the role, in terms of its name and members.

A non-administrative user cannot add new roles.

When you click to add a new role, you will be presented with a window in which to specify that role, and its members. Hover the mouse over the image to see this.When you click to add a new role, you will be presented with a window in which to specify that role, and its members. Hover the mouse over the image to see this.

Use the Role Name field to enter a meaningful name for the new role. For example this may be a name that is reflective of the task performed by its members. This is a required field.

You will be prevented from trying to create two roles with the same name.

You can also specify constituent users for the role (its members). Start typing the full name, username, or email address of a user in the Add Members field, to pop-up a list of matching users. Select the required user from this list. Multiple users can be chosen as members of the role. Assigned users will appear in an Existing members region, once the role has been saved (created). To remove a user prior to final membership, simply click the delete cross, to the far right of their name.

Role membership may be specified at any stage, but if users exist, it can be easier to do this at the time of role creation.

Add existing users as members of the new role, as required. Hover the mouse over the image
to see how that information will appear, after the role is saved/created.

With name and members defined as required, click  to effect creation of the role. The role will now be available in the list of roles for use in applicable areas elsewhere in the NEXUS Server's browser interface. For example when adding/editing a user, or sharing permissions for server folder/internal design repository/managed project access.

An example new role added to the list of roles available for the NEXUS Server.An example new role added to the list of roles available for the NEXUS Server.

Editing an Existing Role

Clicking on an individual role's Role Name in the list, or using the associated Edit control (), accesses its full details. Make any changes to the role's name and/or user membership as required.

The Administrators role cannot have its name changed. You can, however, manage members for this role, as with any other user-created role. Non-administrative users cannot edit roles.

Access and make changes to a role as required.Access and make changes to a role as required.

To remove a user from the role, click the  control for that user, in the Existing members region of the window. They will be removed from the list upon updating.

When modifications have been made as required, click the  button to effect those changes.

Removing a Role

To remove a role, use the associated Remove control (). A dialog will appear asking for confirmation to proceed with the deletion. Click OK to proceed, after which the role will be removed.

The Administrators role cannot be removed. In addition, non administrative users cannot remove roles.
The remove operation cannot be undone. If you remove a role by mistake, you will need to add that role back, in the same way that you would create any new role.

LDAP Sync

Related page: Configuring LDAP Sync with the Altium NEXUS Server

This page allows you to configure and run one or more LDAP Sync tasks. An LDAP Sync task allows an administrator of the NEXUS Server to leverage the network domain’s existing username and password credentials, so that user credentials do not have to be created manually one at a time on the Users page of the interface. When setup correctly, the Users page will automatically populate with user credentials, enabling any user listed to sign into the NEXUS Server using their regular corporate network username and password.

When signing in to your NEXUS Server, to use your Windows login credentials - taking advantage of the NEXUS Server's support for Windows Authentication - enable the Use Windows Session option (browser interface), or Use Windows Session credentials option (Sign in dialog in Altium NEXUS).
The Altium NEXUS Server supports both Standard LDAP, and LDAPS (LDAP over SSL).
If you are intending to create user credentials from LDAP automatically, then you probably want to remove any existing manually-created users. So ideally just start with the default user - admin.

To add a new sync task, click on the  button, located at the top-right of the page. A pop-up window will appear with which to define the sync task.

Adding a new LDAP Sync Task through the NEXUS Server's browser interface.Adding a new LDAP Sync Task through the NEXUS Server's browser interface.

Fill in the information, based on the domain structure in effect within your company.

When you have completed entering all settings, click . This will initiate the Sync process, which may take a minute or two, as it processes the information you have entered. Once complete, access the Users page. This will be populated with all users as defined by the OU=<GroupName> setting in the sync task. Authentication for each user will be Windows Domain Authentication, so all of those users can sign into the NEXUS Server using their regular Windows login.

If you have multiple sync tasks defined, these can be run by clicking the  button.

Example population of users for an Altium NEXUS Server, through use of an LDAP Sync task.Example population of users for an Altium NEXUS Server, through use of an LDAP Sync task.

Additional users can be manually added outside of the LDAP Sync group - so you can indeed have a mixture of manually created users, as well as LDAP-specified (automatically created) users.
For a detailed example of configuring an LDAP Sync task, see Configuring LDAP Sync with the Altium NEXUS Server.

Sessions

The Altium NEXUS Server supports users signing into it, using the same credentials, but from different computers. If you have an abundance of NEXUS Server Connector licenses (CAL) remaining, this will not be a problem. But if you have a limited number of connections, you can't afford to have them 'in use' if they are not, in reality, being used. Similarly, if you have more users requiring access to the NEXUS Server, than there are connector licenses. An administrator for the NEXUS Server has the power to logout any user that is currently signed into the server. This enables licensed NEXUS Server connections to be 'freed up' as it were, for assignment to other users, should the route of purchasing additional licensed connections not be viable. This is performed from the Sessions page of the browser interface.

As an Administrator for your Altium NEXUS Server, you have the ability to not only view active NEXUS Server connections, but also the ability to terminate a session for any user currently signed into that server.As an Administrator for your Altium NEXUS Server, you have the ability to not only view active NEXUS Server connections, but also the ability to terminate a session for any user currently signed into that server.

All users that are currently signed into the NEXUS Server - either through an instance of Altium NEXUS, or through the NEXUS Server's browser interface - are listed, in terms of their User Name and Identity Address (reflecting the IP address of the computer from which a connection to the NEXUS Server is being made).

If a user is logged into the NEXUS Server from the same computer upon which that NEXUS Server is installed and running, the Identity Address entry will appear as ::1. The System user has an Identity Address of 127.0.0.1.

The act of being signed into the NEXUS Server creates an 'active session'. To effectively kill a user's session - logging them out of the NEXUS Server - use the associated Kill Session control (). A dialog will appear asking for confirmation to kill the session. Click OK to proceed, after which the user will be logged out from the NEXUS Server.

You can also kill your own session - the session that has you logged into the NEXUS Server's browser interface. If you do, you will be signed out of the interface moments later. The System user is permanently online and so always has an active session. Its session cannot be killed.
On the Users page of the interface, the user's status will change from being Online () to being Offline ().

 

If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.
Content