Maintaining a User

In this Topic

User Authentication

The User Summary contains all the information currently recorded for the user. To access the User Summary from the User Information Overview, select Open from the Actions menu on the appropriate user row.

The User Summary opens on the General tab, which allows you to view or change the following information:

Click in a field and add, change or delete information as required.

To record a remark, first select the type of remark from the Type field, then enter explanatory text in the Remarks text box. To delete a newly added remark, click the Delete button to the right of the remark. You can delete a saved remark by clicking the Mark for Deletion button. You can undo the mark for deletion by clicking the Undo button.

When you have finished making changes, click the Save button to apply your changes. The system displays a message to confirm that your changes were saved in the database.

To maintain additional information for the user, click the following tabs:

User Roles	Click this tab to maintain the security roles assigned to this user. For more information, see Maintaining User Roles.
Contract Authority	Click this tab to maintain the contract authorities assigned to this user. For more information, see Maintaining User Contract Authority.
Source Authority	Click this tab to maintain the source authorities assigned to this user. For more information, see Maintaining User Source Authority.
Vendor Authority	Click this tab to assign vendor authorizations to this user. For more information, see Assigning Vendor Authority. Note: Vendor authority functionality applies to non-agency users only, therefore this tab is not available to agency users.
Devices	Click this tab to maintain device associations for this user. For more information, see Maintaining User Devices.

You can maintain additional information related to the user by clicking the following quick links on this page:

Reference Employee: This quick link takes you to the Reference Employee Summary, where you can maintain employee information for this person. For more information, see Maintaining a Reference Employee.
Person: This quick link takes you to the Person Summary, where you can maintain person information for this user. For more information, see Maintaining a Person.

User Authentication

A user is any individual authorized to log on and use parts of the web-based AASHTOWare Project software. Before a user can log on, the system must be able to verify that he or she has been given this authority. This authentication is achieved by associating persons to either a domain or a claims-based authentication provider. The method your agency uses is configured during the installation process.

The web-based AASHTOWare Project software supports these domain authentication methods:

Active Directory.
Active Directory Lightweight Directory Services.
All LDAP 3 compliant directory services.

In addition, the web-based AASHTOWare Project software supports these claims-based authentication providers:

Microsoft AD FS.
Azure AD.
Any single sign-on provider that supports the WS-Federation protocol.
Any single sign-on provider that supports the SAML 2.0 protocol.

All system users are identified as either an agency user or a non-agency user.

Associating a Person with a Domain

If your agency uses directory services authentication, follow these steps to associate a person with a domain:

Click the Actions menu on the component header, and select Associate User to a Domain.

The system displays a modal window for selecting domain users. This action is available only if your installation is configured to use a directory service for user authentication.
In the modal window, select the Agency User check box if the person is an employee of your transportation agency.
Click the down arrow in the Directory field and select the directory server that will be used to authenticate the user.

The system lists all the users that have not yet been associated with a directory service.
Locate the person you want to associate by typing criteria in the Quick Find search box.

The system lists all the user records that meet your search criteria.
Click the row for the user you want to associate.

The system adds a check mark beside the person you select and shades the row. To cancel a selection, click the selected row again.
Click the Associate button.

The system closes the modal window and takes you to the User Summary component with a message displayed to confirm that the new user was saved in the database. The page also now displays a User quick link.
Note: User passwords are managed in your system's Active Directory. For users authenticated by Active Directory, you must use the Active Directory user management features to enforce a user password reset.

Removing a Domain Association

To remove the association between a domain and a user record, navigate to the User Summary, click the Actions menu on the component header, and select Disassociate User from Domain. This action is available only if the user role you are currently logged on with is assigned access to the appropriate service. The system leaves all information in the person's user record, but removes the privileges to log on.

Note: If your agency is currently using Directory Services for user authentication and plans to switch to a claims-based authentication provider, refer to the Web Based Project Installation Instructions for information on migrating users.

Associating a Person with a Claims-Based Authentication Provider

Follow these steps to associate a person with a claims-based authentication provider for user authentication:

Click the Actions menu on the component header, and select Associate User to an ExternalLoginProvider.

The system displays a modal window for selecting users. The system displays the claims-based authentication provider in the Provider Name field. This action is available only if your installation is configured to use a claims-based authentication provider.
In the modal window, select the Agency User check box if the user is an employee of your transportation agency.
In the User Name field, type the username that the claims-based authentication provider uses to identify that person.
Click the Associate button.

The system closes the modal window and takes you to the User Summary with a message displayed to confirm that the new association was saved in the database. The page also now displays a User quick link.

Removing a Claims-Based Authentication Provider Association

To remove the association between a claims-based authentication provider and a user record, click the Actions menu on the component header and select Disassociate User from ExternalLoginProvider. The system leaves all information in the person's user record, but removes his privileges to log on.

Generating Secret Access Keys for Users

If your agency uses a claims-based provider for user authentication and also uses applications that use the OData protocol to retrieve and update system data through the business layer in AASHTOWare Project, the system will require that users provide a secret access key in addition to a password when they log on to the system. You can generate and revoke a secret access key for a user on this component.

Follow these steps to generate a secret access key:

Select Set External Access Secret from the Actions menu on the component header.

The system displays the Set External Access Secret window.

Click in the Secret Access Key text field and type a word or combination of words, letters, or numbers that only you and the user will know.
If you want to specify a date for the secret access key to automatically expire, click in the Expiration Date field and type or select the date.
Click Save.

The system displays a confirmation that your secret access key was saved in the database.

To revoke the secret access key, select Revoke External Access Secret from the Actions menu on the component header. The system displays a confirmation that the secret access key was revoked.