Manage Users & Roles

Manage User

Using the "Manage User" UI, administrators have the ability to manage all officers and auditors.

After accessing the UI “Manage User”, emCA will load the current set of Officers and Auditors.

The following functions for managing Officers and auditors are available on this page:

Create New User
View user details
Regenerate
Renew
Deactivate
Activate
Delete
Export to Excel

Create New user

Click "+ New User" to create a new officer or auditor. A dialog box will appear:

Please note that fields marked with an asterisk (*) are mandatory and must be filled out.

Specify the officer or Auditor certificate's "Common Name" (CN), which will also serve as the new role owner's display name or alias.

Enter the "Email" for the new Officer or Auditor. This will be the username of the new role owner as well as the e-mail address to use by the E-Mail Notification Service.

Enter the legal "Organization Name" (O) of your company. This is not the same as an Organizational Unit (OU)!

Enter the "Country code" of your country. This is either the 2- or 3-letter Country Code of your country.

Select "Officer" or "Auditor" from the dropdown box of Role.

If necessary, please provide any extra optional parameters.

The image below illustrates the "Other Details" section for user login preferences.

Users can choose between three Login Types: "Hard token", "Soft token", or "Password".

Hard Token:

The Hard token option is initially set as the default. If a user wants to proceed with this option, they need to follow these steps:

1. Insert the crypto token into the device.

2. Select the token from the dropdown menu.

3. Provide the token password.

Completing these steps will generate a pfx file, which is securely stored within the crypto token. This pfx file allows the user to effectively utilize the token for their login activities.

Soft Token:

If a user opts for the Soft token login type, they are presented with two choices: Manual and Automatic. By default, the manual option is enabled.

If the user selects the "Manual" option, they need to click on "Browse" to specify the location for creating the Officer or Auditor soft token. This ensures that the token is stored in the desired location.

On the other hand, if the user chooses the "Automatic" option, they should click on "Browse" to designate the location for generating the Officer or Auditor's soft token. The token creation will then occur automatically.

Password-Based Login

When the user selects the "Password-based" login type, there are two options

Opting for the manual option requires the user to enter and confirm their password.

This is also the default choice if no selection is made.

After selecting the login type, Select one of the Signature Algorithm provided. All of the provided algorithms are recommendable.

If the user selects a hard token or soft token as the login type, they should then choose a recommended key algorithm and size after selecting the signature algorithm.

Lastly, specify the new period of "validity" in the fields next to Validity.

Note that the period of validity cannot exceed the period of validity of any of the CA Administrators and administrators.

Click "Proceed" to continue. You will be prompted to authenticate the action using all Administrator tokens. Press Authenticate to proceed.

Click on "Create User" to create the new Administrator user.

After creating an Officer or Auditor user successfully, various options will appear as displayed below.

Add More Users:

By choosing "Add More Users", users can create new Administrator, Officer, and Auditor accounts by following the same process as before.

View All

To see all of the Officers or Auditors that have been created, users can choose the "View All" option. This will display a grid that gives a concise summary of all existing user accounts, as shown in the accompanying screenshot.

In the following screen, Click on to view the Officer or Auditor certificate details:

Click on icon to generate a new Officer or Auditor. This icon is only available for officers or auditors who received their credentials using Automatic mode.

To renew an Officer or Auditor that is about to expire, simply click on the designated icon. Please note that this icon is only visible for users who are nearing their expiration date. The default threshold for expiration is set at 31 days, but it may vary depending on the customer's individual configuration.

Click "Deactivate" to suspend an Officer or Auditor's login access to emCA, without revoking their access.

Click to activate an Officer or Auditor, which will restore their access to emCA.

Click to delete an Auditor or Officer. Deleting is irreversible, so consider deactivating first. A warning message will appear after clicking.

Information:

It is not possible to remove an Auditor or Officer if doing so would result in too few members for that particular group.

A corresponding warning message will be displayed if this is attempted.

When you click on "Export to Excel," an XLSX file will automatically download to the standard download location on your operating system. The downloaded file will be named "ManageUsers_Report.xlsx" and will contain a tabular format of the displayed table of Auditors or Officers.

PreviousManage Keystores NextReports

Last updated 8 months ago