Application Users
Users are individuals that interact with a Nebula Framework application. Using this page users can be granted access to the application. Nebula Framework applications use Active Directory (AD) for user authentication. However, authorization is controlled within the Application Users page.
The page contains two tabs: Users and Remote User Mapping.
Users
This tab enables the addition, modification, and removal of users from the Nebula Framework application. There are multiple authentication mechanisms supported:
- Windows authentication. The SQL Server and all the authorized users and groups participate in the same AD domain. When users log into a Nebula Framework application, they will use the same credentials as their local domain account. This same account will be used to log into the database.
- Windows authentication using SSO. The SQL Server resides on another AD domain separate from the AD domain where the authorized users and groups are defined. When users log into a Nebula Framework application, they will use the same credentials as their local domain account. SSO will look up the users in this table
- SQL Server authentication using SSO. The SQL Server resides on another AD domain separate from the AD domain where the authorized users and groups are defined.
Consult your system configuration to determine the method used for your Nebula Framework applications.
Consider the following scenarios. An employee named John Doe logs into Windows using ACME\John. As an admin, we need to permit John access to Cadebill.
Scenario #1: Windows Authentication. The company and server reside on the same AD domain. The database will use Windows authentication.
- The Application Users record will contain ACME\John. The password is not used.
- The Remote User Mapping is not used.
Scenario #2: Windows authentication using SSO. The company and server reside on the different AD domains. The database will use Windows authentication with the MCL domain. An account is created on the MCL domain for John.
- The Application Users record will contain MCL\john and the encrypted password for MCL\John.
- The Remote User Mapping will contain ACME\John as remote UPN and MCL\john as the Application User.
Scenario #3: SQL Server authentication using SSO. The company and server reside on the different AD domains. The database will use SQL Server authentication. An account is created on the SQL Server for John.
- The Application Users record will contain john and the encrypted password for john.
- The Remote User Mapping will contain ACME\John as remote UPN and john as the Application User.
Note: Edit Record and Delete Record only affect the records in the Application Users table. The Change Password button will only work when using SSO. When SSO is not enabled, it has no effect.
Field's Description
User ID System-generated integer to uniquely identify a user instance in the system. Read-only.
Local User Name
The login name for accessing the SQL Server.
- If Is SQL User is checked, the login name as defined using SQL Server Authentication.
- If Is SQL User is not checked, the login name of the principal entity as defined in Active Directory
- If SSO is used, the domain\user (or group) where the domain is the same domain where the SQL Server resides.
- If SSO is not used, the domain\user (or group) where the domain is the domain where the user or group resides
Company The name of the company
First Name The given name of the user
MIddle Name The middle name of the user
Last Name The surname of the user
User Type Select either User or Group
Start Date The date the user access is activated to use the application; if no date is supplied the user access is continuous
End Date The date the user access is deactivated to use the application; if no date is supplied the user access is continuous
Disabled ? When checked, the user access has been temporarily revoked
Comments Used to save any notes
Email Address The email address associated with the user
Work Phone The user’s office phone number
Cell Phone The user’s mobile phone number
Default Application Instance Id Identifies the application instance in a multi-server framework
Is Sql User? When checked, the Local User Name will use SQL Server Authentication. When unchecked, the Local User Name will use Windows Authentication.
Use Service Account? Reserved for future use
Remote User Mapping
If SSO is used, this tab is used to map the remote User Principal Name to the Windows or SQL Server Authentication.
In the Application Remote User Mapping grid, the available fields include:
Field's Description
Application Remote User Mapping Id System-generated integer to uniquely identify a user instance in the system. Read-only
Remote UPN The Windows login for the user as defined in the company’s AD
Application User A drop-down with the existing records from Application Users table