We are excited to announce the availability of our Identity and Access Management (IAM) system for our Data Platform applications: the User Management Server (UMS). UMS is available starting from the following versions of the Data Platform suites:
You can download the latest versions of the Dashboard and Report Platforms from the Syncfusion downloads page. The User Management Server is shipped with both of these setups. It allows you to organize your users, groups, and their access to the Dashboard and Report Servers. It has a common login system that manages access to connected applications.
UMS also lets you add your own OAuth-compatible applications into the system to manage their access. Like the Dashboard and Report Servers, UMS has its own Site Administrator.
Let’s take a deep dive into how UMS evolved using various aspects from the Data Platform applications, and how it delivers an IAM solution.
First, we will check out how the Dashboard and Report Servers managed their users independently.
System administrators in the Dashboard and Report Servers manage users who manage the following:
In an enterprise, you have mutually exclusive people to manage an application (its users and access permissions) and its data access. These two responsibilities cannot be managed by a single person. This is now resolved with the UMS.
For customers working with both the Dashboard and Report Servers, they would need a single robust interface to manage all users and their access to these servers. This is now resolved by our UMS.
For customers who are working with multiple instances of Dashboard Server and multiple instances of Report Server (multi-tenant), our new UMS gives you a single interface for all your IAM solutions.
Now, let’s see the other benefits of UMS.
Our User Management Server acts as a secured identity provider. It provides authentication services for applications within an organization.
We are using OAuth authentication in the User Management Server to authenticate users.
Also, we have established a REST API to manage users and groups from other applications. It will return the values if you supply the valid token generated with the appropriate user credentials. Also, the selected user must have the privilege to perform the requested action.
The UMS administrator can manage applications as well as users and groups. Other users can only view and edit their own profile.
We have added the following authentication providers to access Data Platform applications securely”
Customizable password policy
Passwords are key to an application’s security. It’s a recommended practice to have a password that cannot be predicted by anyone. The password policy feature in the UMS helps strengthen user passwords.
Most systems have a fixed set of password policies that cannot be changed by the system administrators. In UMS, the system administrator can customize the password policy based on the organization’s requirements.
You can customize the password policy by going to Settings > Accounts > Password Policy.
Customizing the Password Policy in User Management Server
Customizing the Password Policy in User Management Server
UMS manages the Data Platform applications and provides authentication for their users when needed. Administrators can add, edit, or delete Data Platform applications in the User Management Server.
We can have single or multiple Data Platform applications to work with the User Management Server. Also, we can have multiple URL bindings to a single application.
In addition, we have a simple user interface for manipulating the applications within the User Management Server.
You can go through the help documentation to learn more about managing applications in the User Management Server.
UMS administrators can create, edit, and delete users and groups within the User Management Server. They have the ability to manage users from the following directories:
Make any user an administrator, by adding them to the System Administrator group.
An administrator user and system administrator group will be created during the installation process, and these must be present in the User Management Server to work seamlessly. Also, they can synchronize the user and group attributes from the previously mentioned directories.
Seamless synchronization occurs between the User Management Server and different directories. We can also schedule the synchronization of user attributes with the different directories.
In addition, we can add a bunch of users into the User Management Server through a CSV file. You can find more functionalities about managing users and groups in this documentation.
Single sign-on helps save time and money in enterprise-level organizations by avoiding managing multiple user credentials separately.
Additionally, the common login allows users to log in to multiple applications with the same user credentials. This avoids access problems and provides a better user experience.
We have also provided single sign-on with the following directory services:
You can find more details on how to configure single sign-on for Azure Active Directory in this documentation.
Similarly, for Windows Active Directory, we don’t have to configure the User Management Server. Instead, the browsers must be configured to make single sign-on work as described in this Knowledge Base.
I hope I have successfully provided an introduction to our Identity and Access Management system and explained some of its premier features.
If you have any questions or require clarifications, you can contact us by submitting your queries on our website, or if you already have an account, you can log in to submit your questions.