Upload
others
View
29
Download
0
Embed Size (px)
Citation preview
EVRY EAS Admin Guide Page 1
EAS Admin Guide
V1.3 – 2014-06-11
This guide helps administrators of EVRY Environment Access Service (EAS)
Contents EAS Help Documentation ........................................................................................................................ 2
EAS Overview for administrators – READ THIS! ...................................................................................... 2
Key Tasks for Super Users ................................................................................................................... 2
Key Tasks for Block Admins ................................................................................................................. 3
Key Tasks for User Managers .............................................................................................................. 3
Frequently Asked Questions ................................................................................................................... 5
What is the link to EAS? ...................................................................................................................... 5
Who can help me? ............................................................................................................................... 5
Where can I get more information? .................................................................................................... 5
Service Requests and Orders ................................................................................................................... 6
Detailed Admin Guide ............................................................................................................................. 7
Login .................................................................................................................................................... 7
User Management ............................................................................................................................... 9
User Invitation ................................................................................................................................. 9
User Self Registration (after invitation) ......................................................................................... 15
User approval ................................................................................................................................ 19
User Profile Update ....................................................................................................................... 20
User Termination ........................................................................................................................... 22
User Role Management ................................................................................................................. 23
Activate/Deactivate User: Select User .......................................................................................... 26
Role Management ............................................................................................................................. 27
Role Memebership Management ................................................................................................. 27
Role Approvers Management ....................................................................................................... 30
Approval Tasks ............................................................................................................................... 32
EVRY EAS Admin Guide Page 2
EAS Help Documentation There are several User Guides for EAS:
EAS Login Guide – you find a link on the EAS login page – https://easi.evry.com
EAS User Guide – for normal users - see “HELP” link when logged in to EAS.
EAS Admin Guide – for super users and approvers - see “HELP” link when logged in to EAS.
EAS Overview for administrators – READ THIS!
Please read the EAS Overview section of EAS User Guide if you are new to EAS.
This guide is for EAS administrators. That is:
EAS Super Users – the most powerful users in EAS
EAS Block Admins – the users that administers a block. Usually approves roles.
EAS User Managers – line managers of a user that approves the user. Might approve roles.
Key Tasks for Super Users An EAS Super User is a user that has the “Super User” role.
Tasks for a Super User:
Invite new users
Approve new users – note that approving new users should only be done if the end user
person has legitimate reasons to use EAS and is authorized to do so. Approving the new user
registration confirms this.
View user lists – to get overview of which users have which roles e.g.
Disable users – Super Users should consider to disable unused accounts.
Delete users – Super Users should regularly clean up unused accounts.
Assign roles - users to become block admins (administrators of block access).
Redefine role approvers - if other roles should do approval than the default block admin
roles.
Note that Super Users are considered first line support to EAS users if they have questions or issues.
The organization should make sure that there are at least two active Super Users so the organization
is self sufficient in using EAS.
The Super User might also be involved in making Service Requests or Orders for extensions to the
EAS service. See
EVRY EAS Admin Guide Page 3
Service Requests and Orders section.
Key Tasks for Block Admins An EAS Block Admin is a user that has the “Block Access Administrator” role for a block.
Block Admins are frequently system owners or service owners of the IT systems that is contained
within the block.
EAS End users can request access roles that give personal user access to the servers in a system
block. Access requests are approved by the Block Admins – that is the EAS users that have the “Block
Access Administrator” role for a certain block. There can be several people that have the Block Admin
role for one block. And a person might be Block Admin for several blocks by having the “Block Access
Administrator” roles for these blocks.
Tasks for a Block Admin:
Invite new users
View user lists – to get overview of which users have which roles e.g.
Assign roles – Block Admins can assign users to block access roles for block they are Block
Admin for.
Note that Block Admins can be considered to be responsible for the access granted to the block.
The organization should make sure that there are at least one active Block Admin for each block
(otherwise requests for access would not be handled until escalated to Super User).
Key Tasks for User Managers Each EAS end user has a Manager (aka Organizational Manager) – this is usually the line manager or
the person responsible for the user. It might also be the Super User that did invite the user. It is
recommended to have correct manager set for users to ease audits and have clear responsibilities in
the organization.
Each EAS end user might in addition have an Approving Manager that takes care of approving roles
for this user instead of the manager. This can be useful in matrix organization or when special
delegation of authority is used in the organization.
Tasks for a Super User:
Approve new users – note that approving new users should only be done if the end user
person has legitimate reasons to use EAS and is authorized to do so. Approving the new user
registration confirms this.
Approve roles – If a role is set up with “_USERS MANAGER_” approval this will happen: If
user have an Approving Manager, then the Approving Manager will approve the role.
Otherwise it will be the Organizational Manager that will do the approval.
EVRY EAS Admin Guide Page 4
EVRY EAS Admin Guide Page 5
Frequently Asked Questions
What is the link to EAS?
https://easi.evry.com
Who can help me? You can contact your local manager or the IT helpdesk in the organization you work for.
You can also contact the Super User. That is the person in CC on the mail that you got. Please make
contact by sending an email.
Where can I get more information? When you have logged into EAS, you can click the “HELP” link to find EAS User Guide.
Information about how to become a user, login can be found in EAS Login Guide on login page
https://easi.evry.com
Super users and approvers can find more information in EAS Admin Guide – click “HELP” link to find
it.
EVRY EAS Admin Guide Page 6
Service Requests and Orders
EAS is a service provided by EVRY.
Different kinds of additional service options can be delivered for EAS. Requests for changes can also
be made to extend or change the service. Please contact your customer contact for more
information. Key service items:
User Requests
EAS - Super User - New Super User (only if Super Users cannot make it themselves)
Block Options
EAS - System Block - New
EAS - System Block - Change (other changes)
Block Endpoint Options
EAS - System Block - Add Endpoint to block
EAS - System Block - Move Endpoint to another block
EAS - System Block - Remove endpoint from block
Role and Policy Options
EAS - Role Model - New Generic Block Access Role (Standard)
EAS - Role Model - New Specific Block Access Role (Custom)
EAS - Role Model - Change Block Access Role (other changes - custom)
EAS - SRP Policy - Adjustment of generic SRP Policies (Custom)
EAS - SRP Policy - Extended SRP Policies (Custom)
Deployment Options
EAS - Direcory Provisioning - New AD/LDAP provisioning of EAS users
EAS - Direcory Provisioning - Change AD/LDAP provisioning of EAS users (other changes)
EAS - Direcory Provisioning - Change provisioning of group memberships (group mapping)
EAS - OpSec2 Endpoint - Deploy OpSec2 on Windows Standalone Server
EAS - OpSec2 Endpoint - Deploy OpSec2 on Windows Member Server
EAS - OpSec2 Endpoint - Deploy OpSec2 on Linux/Unix Standalone Server
EAS - OpSec2 Endpoint - Deploy OpSec2 on Linux/Unix Directory Connected Server
VPN Options
EAS - VPN Integration - New
EAS - VPN Integration - Change
EAS - VPN Network Block - Restrict IP access to network block
Web Portal Options
EAS - WebPortal - Tenant Specific & Branded Login Page (Custom)
EAS - WebPortal - Federated Single Sign On to EAS from own portal/domain (Custom)
EVRY EAS Admin Guide Page 7
Detailed Admin Guide
This chapter describes how to use EAS for administrators.
Note that administrators have the same “Environments” page as end users, but the menu items
under “Users & Roles” are different. Some additional tasks are Super User specific, others available
for both Super User and Block Admin.
Login See the EAS Login Guide for information about login to EAS.
After successful login the following Start Page appears:
EVRY EAS Admin Guide Page 8
EVRY EAS Admin Guide Page 9
User Management
User Management tasks can be found under “Users” tab.
User Invitation
The Registration by Invitation Process allows designated EAS users that have the Super User role or
Block Admins to invite others to register to get their own EAS User identity. The Registration By
Invitation process includes an invitation via email and SMS, two component identification check,
acceptance of Usage Terms, collection of user information and authentication information, approval
of registration, assignment of initial access roles and welcome message on email.
It is your responsibility as an admin user to make sure the user is aware of that he will receive 2
verification codes during the registration process. One verification code is in “User invitation mail”
and another in a SMS sent out at the same time as the mail. Both verification codes has to be entered
when the user clicks on the link in the User invitation mail.
EVRY EAS Admin Guide Page 10
Go to USERS & ROLES -> Users -> Invite New User to start.
The following screens show how to invite a new user:
Note: Remember to select initial roles for the user on the Access Roles tab.
Operator
SMSOTP
E-MailProcedure
Automated registration
Complete registration
Super User
Role request
Registration details
Role request
E-mail addressCountry
Phone number
E-MailRequest
Super User
Approval Access granted
EVRY EAS Admin Guide Page 11
Fill in details about the user.
Take special care with:
Domain User ID = yyyyyy
When you login to Endpoint Servers you need to use the username given to you on the
server. This is usually your “Domain User ID”, but in some cases it might be different
depending on the organizations naming standards. Super Users or Block Admins can give you
information if you need to use another username than the DomainUserID.
Your DomainUserID is the username that is your main user id in the organization.
Example: James Bånn, has always had username “james” for the Windows login in his
organization. This is his main corporate ident. His DomainUserID is then “james”.
EVRY EAS Admin Guide Page 12
Select the initial roles for the user.
If you select roles that require approval – the approvers will receive approval notification emails
immeadiatly so that the roles can be ready and approved when the user is done with self
registration.
EVRY EAS Admin Guide Page 13
EVRY EAS Admin Guide Page 14
When clicking “Submit”, this screen shows. It means that the invitation process has started.
User will now receive an invitation email with instructions and an SMS with a one time code.
A Super User might reinvite if the first invitation gets lost.
EVRY EAS Admin Guide Page 15
User Self Registration (after invitation)
The following screens show how an user registers after having received the invitation email and SMS
message.
First some information:
Fill in the one time codes: (this serves as a “two factor identification” of the user)
EVRY EAS Admin Guide Page 16
When codes are verified, the user must read and accept the EAS End User agreement.
EVRY EAS Admin Guide Page 17
Then user must complete the user profile. Especially setting the password that will be used for
Endpoint Server login.
This page is the last one in user self registration.
Next the registration goes to Manager for approval.
EVRY EAS Admin Guide Page 18
EVRY EAS Admin Guide Page 19
User approval
The Manager of the user will receive an email about approving the new user.
Note that approving new users should only be done if the end user person has legitimate reasons to
use EAS and is authorized to do so. Approving the new user registration confirms this.
Approver MUST verify the following requirements:
User is a legitimate user (check with others in the organization if you are not certain – call the
person on the mobile number might help to verify)
Domain User ID is correct
OTHERWISE THE USER MUST BE REJECTED!
It is the responsibility of the person doing the user approval to verify and reject if not all
requirements are fulfilled.
A rejected person must be invited from scratch if he is to become an EAS user after all.
EVRY EAS Admin Guide Page 20
User Profile Update
EVRY EAS Admin Guide Page 21
EVRY EAS Admin Guide Page 22
o
User Termination
EVRY EAS Admin Guide Page 23
User Role Management
EVRY EAS Admin Guide Page 24
EVRY EAS Admin Guide Page 25
EVRY EAS Admin Guide Page 26
Activate/Deactivate User: Select User
EVRY EAS Admin Guide Page 27
Role Management
Role Memebership Management
o
EVRY EAS Admin Guide Page 28
EVRY EAS Admin Guide Page 29
EVRY EAS Admin Guide Page 30
Role Approvers Management
EVRY EAS Admin Guide Page 31
EVRY EAS Admin Guide Page 32
Approval Tasks
EVRY EAS Admin Guide Page 33
EVRY EAS Admin Guide Page 34