Orchestra Users are entered into the system, assigned suitable roles and given access to, for example, Branches and Reports.
Users get access to the system by having one or several roles.
This is handled in the User Management application. When entering the application, a list of users is displayed:
Clicking a heading in the table, sorts the table on that heading.
Entering text in the search field, will search by Username, First name, or Last name, by default. To search based on Role or Branchnames, change the setting in the drop-down list next to the search field.
The Account status column indicates whether the account is active or not. To change an account to be inactive, simply uncheck the check box on that User’s row and confirm this in the popup. Similarly, to activate an account, check the check box and confirm it in the popup. If the check box for a user is greyed out, this means that the user cannot be activated, since it would break a license limit.
Users that have tried to log in too many times with a bad password will automatically be set as inactive. The system/user administrator will need to activate those Users again to allow them to log in. This does not affect LDAP/SAML users.
When the system is started for the first time, there is a default user called Super Administrator, superadmin, available in the system. Additionally, two users, Calendar and Notification, are created automatically. These are used by their respective modules. It is not possible to delete, or deactivate any of these three users.
Users that are not configured in Orchestra, but who log in through LDAP/SAML will also be shown in the Users tab after they have been synchronized to central. These users cannot, however, be managed in the User list, except for activating/deactivating them.
New user and edit user
To edit a user, simply click on the applicable line in the list of users. To create a new user, click the New User button. The following window is displayed:
Note that all the mandatory fields are marked with yellow.
For LDAP users, the fields are not editable, the role and branch access granted through LDAP will be shown, but it cannot be changed. Only the active/inactive status (Account status) can be changed.
A user has the following Login properties:
Username
Username of the user. Only a-z and 0-9, minimum 4 characters.
Changing the Username of an existing user is not supported!
If you want to use your native (for example Arabic, or Cyrillic) characters, instead of a-z, you need to update the UserName Validation Pattern parameter in the System Administration application. For more information, see the Reference Manual, found on Qmatic World.
Password / Repeat password
Enter the wanted password for logging in to Qmatic Orchestra, then repeat the password in the next field.
If you want to use your native (for example Arabic, or Cyrillic) characters, instead of a-z, you need to update the PasswordValidation Pattern parameter in the System Administration application. For more information, see the Reference Manual, found on Qmatic World.
Login code
The login code is the code for logging in to a KT type terminal. Either enter a wanted Login code, or automatically generate one, by clicking on the Generate login code button
Account status
Check the check box if the account should be Active.
Check the check box if you don’t want the password for this user to expire.
A user has the following Profile properties:
First name
User’s first name.
Last name
User’s last name.
Language
From the drop-down list, select the language that this user should use. This information is mandatory.
Email
Enter the user’s email address here.
Phone
Enter the user’s phone number here.
To upload an image of the user, click the Update user image link. The following window is opened:
Possible image formats are jpg, gif, bmp and png.
When an image has been uploaded, it is also possible to remove the image, by clicking the Remove image link.
In the Roles section, select the roles that the user should have by checking the applicable check boxes. This choice is mandatory.
Some roles might not be selectable and be greyed out. This is since they are already at license limit.
In the Branches section, select the branch(es) that should be connected to the User.
When done, click the Save button to save the user information.
Activating a User
A user will get locked out of the system after a number of failed log in attempts (the default value is 5 and it is configured in the System Administration application).
For most users, the procedure is simply that the suoeradmin user, or another user with the User Management Access Module, sets the user to Active, in the User Management application, in the Users tab.
If the superadmin user, however, is locked out, the procedure is as follows:
Windows
1. Using PowerShell 3 (Windows Server 2012, and later), set the following:
PS H:\> get-executionpolicy
The policy should be
Unrestricted
If incorrect, use:
PS H:\> set-executionpolicy unrestricted
2. Once the execution policy is set to unrestricted, open the <Orchestra install dir>/bin folder and run the script activate_user_and_set_password.ps1, by right clicking and selecting Run with PowerShell.
Once the script is run we recommend setting the execution policy to the same policy as before, in PowerShell.
Linux:
1. Open the <Orchestra install dir>/bin folder and run the shell script activate_user_and_set_password.sh, by invoking it from a shell.
Both scripts will prompt for the Username of the User to be activated (in this case superadmin), as well as a new password to be valid for the User.
Users that have tried to log in too many times with a bad password will automatically be set as inactive. The system/user administrator will need to activate those Users again to allow them to log in. This does not affect LDAP/SAML users.
For LDAP users, the fields are not editable, the role and branch access granted through LDAP will be shown, but it cannot be changed. Only the active/inactive status (Account status) can be changed.
Changing the Username of an existing user is not supported!
If you want to use your native (for example Arabic, or Cyrillic) characters, instead of a-z, you need to update the UserName Validation Pattern parameter in the System Administration application. For more information, see the Reference Manual, found on Qmatic World.
If you want to use your native (for example Arabic, or Cyrillic) characters, instead of a-z, you need to update the PasswordValidation Pattern parameter in the System Administration application. For more information, see the Reference Manual, found on Qmatic World.