User management

Overview

QAWeb Enterprise users are uniquely identified by their email address. There is no separate username; users log in using their email address and password.

The User Management section can be accessed as follows:

  1. Click Administration in the header menu.

  2. Click Users in the sidebar menu. (Note: this requires the permission ‘Manage Users’)

The User management page shows the users that are member of the current organization.

  • Only users with status Enabled can log in to the current organization.

  • The Last login column contains the date of the last login for the current organization.

  • The first name and last name of the user are set by the user during the first login. If the first and last name of a user are empty, it means that they have not yet succesfully logged in.

_images/user_management_list.png

The QAWeb Enterprise online user authentication is integrated with Barco’s central Identity and Access Management service (CIAM). Because of this, your user account (email and password) can also be used to access other Barco services such as our support portal and knowledgebase. See also: https://www.barco.com/support/knowledge-base/KB12633.

Single-Sign-On support

It is possible to configure SSO (Single-Sign-On) for QAWeb Enterprise with Barco’s central Identity and Access Management service, using protocols such as OpenID Connect v1.0 (OIDC) or SAML v2.0.

  • When SSO has been activated, the user/password authentication step is delegated to your identity provider. This means that users will be able to log in with their general professional account user and password, instead of using a separate password.

  • For more details, see https://www.barco.com/support/knowledge-base/kb12591.

  • Only user authentication is delegated. The management of scope and permissions is performed in the QAWeb Enterprise Portal.

  • SSO is activated for a specific email domain, and applies to all Barco applications that are integrated with Barco’s central Identity and Access Management service.

Access to multiple organizations

A single user can be granted access to multiple QAWeb Enterprise organizations. This can be useful, for example, to external medical physicists that provide services to multiple hospitals.

When a user is a member of multiple organizations:

  • A single password is used to access the organizations that the user has access to.

  • The user permissions and scope restrictions are managed per individual organization (in other words, a user can have different permissions in different organizations).

  • On the very first login, the ‘Organization selection’ page is shown. This page lists the organizations that the users has been granted access to.

  • On subsequent logins, the Portal will automatically navigate to the last selected organization.

  • To log in to another organization, click your initials in the upper-right corner of the header menu and select Switch organization.

_images/switch_organization.png

Adding new users

To add a new user, navigate to the User management and click the + icon in the lower-right corner. Adding new users requires the Manage users permission.

In the Create User window, enter the required information:

  • Email (note: Adding different users with the same email address is not possible).

  • Permissions: select the permissions to grant to the user.

Subsequently, click the Create button to create the user.

An email that contains the link to log in will be sent to the newly added user. Subsequently, when that users tries to log in, two scenarios are possible:

  • If the user did not already have a QAWeb Enterprise account or a Barco account, he will be asked activate his account by choosing a password and completing his user profile details. During this activation step, an account confirmation email will also be sent to validate the user email address.

  • If the user already had an activated QAWeb Enterprise account (because he was already member of another organization) or a Barco account, he can log in directly.

Modifying users’ details

Modifying user details requires the Manage users permission.

To modify permissions or language preference:

  1. Navigate to the user management and select the user

  2. Perform the modifications

  3. Click the Save button

Note that it is not possible to change the email notification settings of another user (European GDPR regulation requires users to personally opt in for receiving email notifications).

To modify the organizational scope of a user:

  1. Navigate to the user management section and select the user

  2. On the ‘Scope’ section, expand the ‘Scope’ element

  3. Perform the modification on the organizational scope tree structure (modifications are applied automatically)

Suspending / enabling users

User accounts can be suspended to prevent them for logging in to your organization. Suspending or re-enabling users requires the Manage users permission.

To suspend a user:

  1. Navigate to the user management section and select the user

  2. Click on the Suspend button.

To enable a user which is currently suspended:

  1. Navigate to the user management section and select the user

  2. Click the ENABLE button to enable the user.

About the organizational scope and permissions

Access to data can be restricted by using a combination of permissions and organizational scope. Both are set at the level of each user.

  • Permissions: Permissions are used to grant access to specific functionalities. Some permissions apply to the entire organization, while other permissions are applied in combination with the organizational scope of the user.

  • Organizational scope Users should be granted access to relevant nodes of the organizational structure in order to view the workstations, displays, associated QA statuses and warnings. The nodes to which a user has access is called the organizational scope.

When a user’s organizational scope has access to the top node of the organization, the user has access to all data of the organization. If new nodes are added in the organizational structure at a later date, the user will be able to access them immediately. Conversely, when users are only allowed access to specific nodes, they will only have access to data from assets linked to these specific nodes and any child nodes. When the organizational structure is modified afterwards, do not forget to adapt the user scope restrictions accordingly.

List of permissions

The following permissions are applicable to the entire organization level:

  • Manage organizational structure: View the organizational structure. Add new nodes, modify and delete existing nodes.

  • User Management: View user details. Add new users, modify, enable and disable existing users. Modify the scope and permissions of all existing users.

  • View registration keys: View the organization ID and registration key.

The following permissions also take the organizational scope of the user into account:

  • Assign Workstations: View unassigned workstations. Assign workstations to a room.

  • Edit workstations: View workstations. Can assign workstations to a room. Rename workstations and modify the use of workstation displays.

  • Assign policies: Can view policy details. Can assign existing policies to nodes in the organizational structure.

  • Edit policies: View policy details. Assign existing policies to nodes in the organizational structure. Add new policies, can modify, duplicate and delete existing policies.