Version: 2020.2.2

Users

Repository Plug-in in inPoint.Admin

When you select the Repository node for the first time, the client parts of the Repository plug-in are loaded. Then the node name changes from Repository Configuration (unloaded) to Repository Configuration. The plug-in also loads its child nodes.

When the current user is an Administrator (member of the ROOTGROUP) you get a node for managing tenants and one node for managing global (non tenant specific) jobs. Tenant-Administrators (member if IP_T{n}_ADMIN group) wont see the jobs node.

Then a node for each tenant is loaded.

User is Tenant-Administrator (and not Administrator):

User is Administrator (any maybe also Tenant-Administrator):

Tenants

For Tenant-Administrators the current tenant and all other Tenant-Administrators for this tenant are shown. For Administrators all tenants and all Tenant-Administrators are listed.

Options only for Administrators

Edit: You can add or remove Tenant-Administrators for every tenant.
Manage Root Group: You can add or remove Administrators.

NOTE: Be sure that you don't remove yourself from the list of the Administrators or inPoint.Admin would terminate with a message that the current user is not allowed to use this application!
+: Create a new tenant.
-: Currently disabled (it's not possible to remove tenants)

Manage Tenant-Administrators or Administrators

Users / groups which are direct members of the administrator group are shown with an empty path. For users added by another group, the path shows the reason why this users are administrators. Only direct members can be added or removed.

When adding new principals you can filter by name, User/group and Is-Deleted. deleted principals are rendered strike-through:

Icons are showing additional status for the users and groups. You can also group the list - for example by the second column:

NOTE: When adding new members or removing members the changes are immediately saved.

Creating new tenants

Tenants are creating in the background using the LoaderJob. For each creating a Tenant-Create-Request is created and this requests are also listed here. You identify them by a sign in the first column and having Id=0. Selecting a request and clicking Edit shows you the details of this request:

State: Overview for this request

LogFile: Contents of the logs written by Pam.Loader.Console.exe

Process output: Data written by Pam.Loader.Console.exe to the console

PamLoaderParameters.xml Input: Contents of PamLoaderParameters.xml before starting the PamLoader

PamLoaderParameters.xml Result: Contents of PamLoaderParameters.xml when PamLoader was finished

The button Cleanup removes this request and should not be clicked when the request is currently executed!

When creating a new tenant, name, database connection, HybridStore settings and the Storage-Scheme is needed:

After clicking Create a Tenant-Create-Request is created and the LoaderJob will execute it.

When the creation was done the Create-Requests have to be deleted manually. Currently it is not possible to edit or delete a tenant.

Users and Groups

For every tenant so can show the users and groups or add new groups by importing them from Active-Directory. When AD-Synchronization runs the users listed in the groups are imported from the Active-Directory.

When you select one entry details about the user or group are shown in the tools window. The tool window can also un-docked from the main window:

Depending of the type of the item (user of group) ant the item source (inPoint, AD oder External) different fields are available.

Currently no user or group data can be modified.

Import Users and Groups

The button 'Import' allows you to add new groups from the Active-Directory:

You can let the search field empty (or type a single *) to search for all groups in the Active-Directory. Entering a text without a * searches for groups containing this name. Entering a text with * the search is done as types (*test searches for all groups ending with test)

You may specify more restrictions by opening the Search-Settings:

Usually the search is terminated after 200 groups. But the limit can be configured here. The AD-Domains are read from the inPoint-Server. They are configures in the PAM-Storage web.config in AppSetting LDAPAuthenticationDomain. By default the search is run for all domains.

In the search result you may select the groups you want to import. Groups which are disabled have a reason in the right column (For example: A group with the same GUID is already exists, ...)

NOTE: The search in the Active-Directory is directly executed from the client. therefore the current windows user running inPoint.Admin needs the right to run the AD-Query in all specified domains.

User and Group synchronization

The button 'Sync' runs the AD-Sync job for the current tenant. This job synchronizes the AD-Users for the AD-Groups:

When the job writes some messages you can inspect them by clicking the Logs button:

Running the AD-Sync job means:

find the job(s) for the current tenant
clone it
run it
wait for finishing and check for logs
delete it!

So when finished there should be no additional AD-Sync job the jobs list for the current tenant. When something fails (Maybe the client/server crashes) the job should be manually deleted. This manually create jobs have names like Manual AD-Sync 2019-2019-03-15 13:19:23Z

Repository Plug-in in inPoint.Admin​

Tenants​

Options only for Administrators​

Manage Tenant-Administrators or Administrators​

Creating new tenants​

Users and Groups​

Import Users and Groups​

User and Group synchronization​