The PeopleUpdate Administration Console provides a web-based user interface to manage virtually every aspect of your PeopleUpdate application in one centralized place. PeopleUpdate allows you to secure the Administration Console for selected users and groups in your domain and authorized users can then access the console using a web browser. Refer to the Securing the Administration Console topic for more information about controlling access to the PeopleUpdate Administration Console.
You can access the PeopleUpdate Administration Console to manage your PeopleUpdate configuration. The console employs Windows authentication that does not require you to explicitly log in as long as your user account is in a domain trusted by the web server where PeopleUpdate is installed and your browser is configured to pass your Windows credentials to PeopleUpdate, which is the case in most default installations.
Open a web browser.
Navigate to http://<YourServerName>/<YourVirtualDirectory>/AdminPage.aspx, where <YourServerName> is the name of the web server on which you installed PeopleUpdateand <YourVirtualDirectory> is the virtual directory into which you installed PeopleUpdate.
View the Administration Console home page and navigate to the administration pages you need to configure your PeopleUpdate installation.
You can secure the PeopleUpdate Administration Console to restrict access to a set of authorized users in your environment. PeopleUpdate leverages ASP.NET security to check user credentials and authorize access to the Administration Console and this security works by using Windows authentication to examine the current user accessing PeopleUpdate.
By default, PeopleUpdate ships with an Administration Console security configuration that allows everyone to access it. You can set Windows groups or individual users to access PeopleUpdate and Web Active Directory recommends that you only use groups as a best practice to control access to the Administration Console.
Navigate to the PeopleUpdate installation directory on the web server where you installed PeopleUpdate. This directory is by default located at C:\inetpub\wwwroot\PeopleUpdate but may be in a different location depending on your environment. You can look up the location using Internet Services Manager and examining the PeopleUpdate application's home directory.
Open the Web.config file--located in the PeopleUpdate installation directory's root--with a text editor like Notepad.
Find the two <location /> elements near the end of the Web.config file, one with a path="AdminPage.aspx" attribute and the other with a path="UserControls/Admin" attribute. These location elements and their child nodes control access to the Administration Console by restricting access to the page and directory that contain the Administration Console files. The excerpt below shows the configuration for the <location /> elements and includes the %domain% and %group% placeholders you can use to restrict access to the Administration Console.
<location path="AdminPage.aspx">
<system.web>
<authorization>
<allow roles="%domain%\%group%" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="UserControls/Admin">
<system.web>
<authorization>
<allow roles="%domain%\%group%" />
<deny users="*" />
</authorization>
</system.web>
</location>
Modify the <allow /> and <deny /> elements to allow access to the select group or groups of Windows users who need access to the Administration Console while denying access to everyone else. Add roles and users attributes to the elements to determine which groups (roles) and users are allowed and denied access. Ensure you include the domain name followed by the group or user name in the appropriate roles or users attribute values and separate multiple roles or users using commas. You may also employ the asterisk character (*) as a wildcard meaning all users or roles (depending on the attribute) and the question mark character (?) to mean anonymous access.
The following examples help you understand how to implement this security.
<allow roles="MYDOMAIN\IT, MYDOMAIN\HR" />
<deny users="*" />
<allow roles="MYDOMAIN\IT" users="MYDOMAIN\HR User" />
<deny users="*" />
<allow roles="MYDOMAIN\IT" />
<deny users="MYDOMAIN\HR User" />
Save your changes and test the Administration Console with user accounts in different groups to ensure you have properly configured the security to allow and deny access.
The Administration Console contains pages that allow you to quickly and easily configure your PeopleUpdateapplication for your environment. PeopleUpdateadministration comprises two primary configuration scopes: global configuration and tab-specific configuration. The global configuration applies to elements that impact application behavior the same way across all tabs. Tab-specific configuration elements only impact the tab under which they are configured. This flexibility allows you to create a robust application configuration that satisfies myriad business scenarios.
This page acts as the home and default page for the Administration Console and contains a brief overview of each of the Administration Console's pages and what they allow you to configure in PeopleUpdate. The Admin Home page loads by default when you initially log in to the Administration Console.
The Global Configuration section includes two configuration pages: Branding and Security. The Branding page allows you to customize your PeopleUpdateinterface to include your corporate logo and colors as well as to personalize the title of the PeopleUpdateapplication. Use the Security page to set up access control lists that can include Windows groups from your environment and you can then use these access control lists to determine which tabs users can view and which attributes users can edit.
The configuration pages in the Global Configuration section control settings for your entire PeopleUpdateapplication across all tabs and you cannot apply these settings to specific tabs since the configuration affects all tabs the same way.
|
Customize the PeopleUpdateuser interface site title, localization file, banner and style sheet | |
|
Manage groups and access control lists that control which tabs your users can view and which attributes they can edit |
PeopleUpdate uses tabs to allow you to easily search and manage your Active Directory by dividing it into more manageable configurations. Each tab can be configured to work with different parts of your Active Directory and you can also control which users see which tabs to further secure information for viewing and editing. Each tab can bind to a different part of the directory and have its own set of attributes and pages. You can even subdivide tabs into task items that can show different information available on each tab!
The Tab Configuration section includes four configuration pages: Tabs, Directory, Attributes and Task Items. The Tabs page allows you to manage the tabs that appear in your PeopleUpdateinterface. The Directory page helps you configure Active Directory connection and binding information. Use the Attributes page to set up which LDAP attributes, also known as fields, are available to pages in the tab as well as how the attributes display and who can edit them. Finally, the Task Items page allows you to configure and lay out individual task items and pages for the tab.
As you use the pages in the Tab Configuration section of the Administration Console you will notice a "matrix" navigation feature that make it easier for you to navigate among all the different configurations you can create with tabs and task items. When you are on a selected tab, you will always view each Directory, Attributes or Task Items configuration within the scope of the selected tab. As you view the configuration page and change settings, note the tab you are editing is highlighted at the top of the page. To edit a different tab, just click on the tab you want to edit and you will switch to that tab’s configuration settings. In a similar manner, as you switch among Directory, Attributes and Task Items configuration pages you will notice that the highlighted tab stays the same among the pages. This allows you to quickly set up the directory, attributes and task nav configurations for a particular tab.
The same type of behavior characterizes how pages behave as you switch tabs. The selected configuration page remains highlighted as you switch among tabs and displays the tab's configuration for that page. This allows you to easily change configurations for multiple tabs.
The configuration pages in the Tab Configuration section control settings for your each PeopleUpdatetab and settings on one tab do not affect the behavior of other tabs.
|
Create or delete tabs, set up localization for a tab and set the access control list that determines who can see each tab | |
|
Set directory bind information and proxy account credentials for searching and updating your Active Directory, add default search filters and set directory search parameters | |
|
Configure which attributes are available for Task Items pages, set access control lists that determine who can edit which attributes and set display options for attributes | |
|
Manage page flows, create page display layouts and set advanced configuration options for task items |