As a first step in configuring the system, the users have to be created and mapped to roles. SapphireIMS is shipped with a few predefined users and roles. Users can be added manually via the user interface or imported from an Excel sheet or from an LDAP/AD server.
Roles are used to authorize users to access the various modules and specify what the user can do within modules as well as control alerts, notifications etc.
SapphireIMS is shipped with a few in-built accounts which are mapped to selected roles.
Important: Please change the default
passwords for the in-built accounts immediately after installation to
prevent misuse.
Access to SapphireIMS application itself, is through an authentication process. SapphireIMS can be configured to support the following authentication methods below.
The user information is stored in the SapphireIMS database and authentication is done against that. Users can be created through various ways including entering user information manually or importing it from Excel sheets or from external applications like an HRMS system. Refer to Settings-> User Management-> Adding User Accounts for adding users manually. Refer to Settings->User Management->Excel User Import for importing users from an Excel file.
With the proliferation of web applications, it has become impractical to expect users to remember different user names and passwords for each application. Single Sign-on (SSO) facilitates the user having to sign-in once with a user name and password and then be able to use multiple applications without having to sign-in for each application separately. Using the AD server on Windows or an LDAP server on Linux, SSO can be enabled.
The user data needs to be imported from an LDAP/AD server (refer Settings-> User Management->AD and LDAP Integration-> LDAP/AD Server Rule Configuration). Further a rule has to be configured to periodically synchronize the user information from the LDAP/AD server. Other than the password, all other attributes from the LDAP/AD server can be mapped and imported into SapphireIMS fields. SapphireIMS authenticates the users against the LDAP/AD server and Single Sign-On (SSO) is enabled implicitly.
SapphireIMS supports LDAP servers on Linux. Refer to Settings->User Management->AD and LDAP Integration->Zimbra Open LDAP Support which contains the details of configuring the Zimbra OpenLDAP server for use in SapphireIMS.
SapphireIMS supports web based single sign-on using identity providers through SAML (ADFS, Office365) and OAuth2 (Google).
For SAML, you need to configure the identity provider. SapphireIMS uses SAML 2.0 and supports Microsoft ADFS, Keycloak and Microsoft Azure AD.
As a first step, the Identity Provider needs to be configured. Refer Appendix->Configuring ADFS for details on setting up ADFS.
For configuring SapphireIMS to use SAML, refer Settings->User Management->Using Identity Providers->Configuring SAML
For configuring OAuth2, refer to the Settings->User Management->Using Identity Providers->Configuring OAuth2
A Jump Host component is installed on a system behind the on-premise firewall and used to authenticate from the LDAP/AD server on behalf of SapphireIMS running on the cloud. Refer to Advanced System Settings->Setting up a Jump Host for more details.
User Management Reports are available under 'Reports > IT Automation Reports'. These include daily and weekly usage, Top 10 users among others.