Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Extranet User Manager User Guide
Version 3.1
November 28, 2014
Envision IT 7145 West Credit Avenue Suite 100, Building 3 Mississauga, ON L5N 6J7 www.envisionit.com/eum
TABLE OF CONTENTS
NOTICE .................................................................................................................................................................. 1
INTENDED AUDIENCE ............................................................................................................................................. 1
INTRODUCTION ..................................................................................................................................................... 2
EXTRANET USER MANAGER FOR SHAREPOINT OVERVIEW ...................................................................................................... 2
ABOUT THIS GUIDE ......................................................................................................................................................... 2
DOCUMENTATION ................................................................................................................................................. 3
THE VISITOR EXPERIENCE ....................................................................................................................................... 4
WELCOME EMAIL ........................................................................................................................................................... 5
SET YOUR PASSWORD ..................................................................................................................................................... 6
SITE DIRECTORY PAGE ..................................................................................................................................................... 7
LOGIN PAGE .................................................................................................................................................................. 8
FORGOT PASSWORD ..................................................................................................................................................... 10
CHANGE A PASSWORD .................................................................................................................................................. 12
CREATE EXTRANET USERS AND GROUPS .............................................................................................................. 14
INTRODUCTION ............................................................................................................................................................ 14
ACCESSING THE EXTRANET USER MANAGER ...................................................................................................................... 14
THE HOME PAGE ......................................................................................................................................................... 15
ADD GROUPS .............................................................................................................................................................. 16
ADD USERS ................................................................................................................................................................. 18
IMPORT USERS ............................................................................................................................................................ 20
APPROVE USERS .......................................................................................................................................................... 22
MANAGE USERS AND GROUPS ............................................................................................................................ 23
SEARCH FOR USERS AND GROUPS .................................................................................................................................... 23
EXPORT USERS AND GROUPS .......................................................................................................................................... 24
EDIT USERS OR GROUPS ................................................................................................................................................ 25
EMAIL USERS ............................................................................................................................................................... 26
VIEW USER OR GROUP SITES .......................................................................................................................................... 26
RESET A USER’S FORGOTTEN PASSWORD .......................................................................................................................... 27
APPENDIX A: SECURITY ....................................................................................................................................... 28
1 Notice
NOTICE For over 20 Years, Envision IT has helped our clients fully realize the potential they can gain by
bringing their processes to life on the Internet. Through customized business solutions involving
Business Intelligence, Business Process Automation, and Portals, we enable our clients to see
more.
For more information, please visit our web site or contact us:
Envision IT
7145 West Credit Avenue
Suite 100, Building 3
Mississauga, ON
Canada L5N 6J7
905.812.3009
No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, for any purpose other than the purchaser’s
personal use, without the expressed permission of Envision IT.
INTENDED AUDIENCE This guide is intended for business users that will be creating and managing extranet user
accounts as well as configuring the Extranet User Manager. Users should be familiar with the
fundamentals of how to manage groups and permissions in SharePoint.
2 Extranet User Manager User Guide
INTRODUCTION
Extranet User Manager for SharePoint Overview
The Extranet User Manager for SharePoint provides a simple and effective method for
organizations to create SharePoint sites that are accessible by people from outside of the
organization and who are not a part of the corporate network.
The Extranet User Manager gives business users the ability to manage the users of the site
without having to involve an IT administrator. Designated people who are responsible for a
SharePoint site can add new users, remove users, control their permissions and reset
passwords. The Extranet User Manager also provides features that allow extranet users to
change their passwords or reset passwords which is not normally possible with SharePoint’s
out-of-the-box features.
About this Guide
This guide provides instructions on how to create and manage the extranet users and groups, as
well as manage some of the configuration options. It is intended to provide instructions for the
typical deployments. Customized deployments may require additional information and/or
configuration.
3 Documentation
DOCUMENTATION This document is part of the following set of documents available at www.envisionit.com/eum.
Document Description
Extranet User Manager Deployment and
Configuration Guide
Installation and configuration guide for the
current release of EUM
Extranet User Manager Branding Guidelines Business document for gathering
requirements for the branding of the end user
pages, customization of the registration pages,
and configuration of the email templates
Extranet User Manager Developer Guide Developer guide for implementing the
branding of the end user pages, customization
of the registration pages, and configuration of
application text changes
Extranet User Manager User Guide User guide for the end user and admin
sections of EUM
Extranet User Manager Upgrade Guide Guide for upgrading from a previously
installed version of EUM
4 Extranet User Manager User Guide
THE VISITOR EXPERIENCE This section will provide an overview of how an extranet user can use the Extranet User
Manager to access a SharePoint site, change their password, or reset a lost password.
For an extranet user to access a SharePoint site, they need an account with a username (email
address) and password. The extranet user typically has an account created in one of the
following ways:
An authorized person uses the Extranet User Manager to create an account for the
extranet user who is then sent a welcome email with a username (email address) and a
link to set their password.
An extranet user completes an on-line form to request an account. An authorised
person then reviews the user account and approves it. The welcome email is then sent
to the extranet user.
5 The Visitor Experience
Welcome Email
When an extranet user account is created to access a SharePoint site, the extranet user will
receive a welcome email. The email contains their username (email address) and a link to set
their password. The email may contain additional information or instructions. A sample email
is shown below:
The email may be customized for different needs.
For security purposes, passwords are never sent in an email. Instead, a secured link is provided
that the user clicks in order to set their password. The secured link will have an expiry date,
after which time the user can request another password reset email.
6 Extranet User Manager User Guide
Set Your Password
When a user clicks the Click here to set your password link in the Welcome email, they are
presented with the following page:
The extranet user enters their password in the New Password field, enters it again in the
Confirm New Password field, and then clicks the Change Password button. A message is then
displayed that the password has been successfully changed.
Passwords may require a minimum or maximum number of characters or a minimum level of
complexity. If the password does not meet the requirements, an error message and
explanation is provided and the user must re-enter the password.
7 The Visitor Experience
Site Directory Page
After the password has been set, a user can click the link in the email to access the Site
Directory page. The Site Directory page displays all of the SharePoint sites that a user can
access.
A sample Site Directory page is shown in the figure below:
An extranet user may click on the names of the sites in the Site Directory page to open a site.
Alternatively, a site manager may also email the extranet users links to specific sites in
SharePoint, especially if there is only a single site they will be accessing.
In some cases, an extranet user may never use the site directory. For example, if the Extranet
User Manager is being used for a public web site to limit access to private areas, an extranet
user will simply go to the public site’s URL and login to the site.
8 Extranet User Manager User Guide
Login Page
Once a user account is created and a password has been set, the login page will be used each
time an extranet site is accessed in order for the extranet user to provide their email address
and password. If an extranet user has access to more than one site, they only need to be
authenticated once and they can then access all of the sites on the same extranet without
having to re-enter their credentials.
The login page can vary greatly in terms of appearance; depending if the SharePoint site is a
public facing site or a collaboration site, the branding that has been applied, and the
authentication method being used. A sample login page is shown in the figure below:
The login page will typically have the following:
Email: The extranet user enters their email address, provided in the welcome email, in
this location.
Password: The extranet user enters their password. Passwords are case sensitive.
9 The Visitor Experience
Forgotten Password Link: A link is provided in case the user has forgotten their
password. A user submits their email address and an email is sent to the user with a
secure link to reset their password. In the login page above, the link is Forgot
Password? if you have forgotten your password. The actual text may vary.
Remember Me: A checkbox may be provided to allow users to choose to remember
their email address for future visits to the extranet. This is stored as a permanent login
cookie.
Register Here: An optional add-on that allows for extranet users to self-register for an account by filling out a customizable registration form.
10 Extranet User Manager User Guide
Forgot Password
If an extranet user forgets their password, they can click the forgot password link on the login
page. The user will then be brought to a page similar to the one in the figure below:
The user enters their email address and clicks the Request New Password Email button. The
user then receives an email similar to the one below:
The Forgot Password email contains a link to reset the password. The extranet user clicks this
link and is brought to the Change Password page to enter a new password. This is the same
page that was used to set the password when the user received their welcome email.
11 The Visitor Experience
Password Reset Link Expiry:
The password reset link will expire after 2 hours by default. The expiry time may be
adjusted by an administrator.
While the password link is active, the user cannot request another password reset
email. They must wait for it to expire.
After the password reset link has expired, the user can request another password reset
email by returning to the login page and clicking the forgot password link.
12 Extranet User Manager User Guide
Change a Password
One a user has successfully logged into a SharePoint site, they can change their password if
desired. This is ususally done via a link within the SharePoint site that points to the
ChangePassword.aspx page within the Extranet User Manager application.
The user is then brought to the Change Password page where they enter their old password,
new password, confirm their new password and click the Change Password button.
13 The Visitor Experience
After changing their password, a user receives a confirmation message that the password was
successfully changed.
Click on the Continue button to return to the /Landing Home page.
14 Extranet User Manager User Guide
CREATE EXTRANET USERS AND GROUPS
Introduction
This section provides detailed instructions on how to create and manage extranet user
accounts.
It is usually easiest to manage permissions on a SharePoint site via groups. A group is assigned
specific permissions on a site, list, library or item in SharePoint. Users are then added as
members of specific group(s) and inherit the permissions of the group.
The Extranet User Manager allows you to create groups and assign users to these groups.
These are not SharePoint groups. These are groups stored in a separate database. The
following steps should normally be taken to provide access to a SharePoint resource:
1. In the Extranet User Manager, create the group if it does not already exist.
2. Assign the appropriate permission to this group in SharePoint.
3. Create user accounts and add them to the group.
If you assign users to a group (step 3) prior to assign the permission to the group, the extranet
user will receive their welcome email but will not have access to the SharePoint resources. The
extranet user will be able to set their password, but cannot access the SharePoint resources.
Accessing the Extranet User Manager
Only authorized personnel will be able to access the Extranet User Manager. The Extranet User
Manager can be access via the URL https://site/LandingAdmin/UserSearch.aspx where site is
the name of the IIS site where the Extranet User manager is installed. Check with your
administrator for details.
If configured, you may also access the Extranet User Manager through the Site Action menu by
clicking Site Actions > Site Settings>Manage Users.
15 CREATE Extranet Users and groups
The Home Page
The Extranet User Manager Home page provides links to all of the tasks that a user manager
needs to create users and manager users and groups and configure the Extranet User Manager.
Note that only those tasks that a user is permitted to perform will be visible. For example, if a
user cannot configure the Extranet User Manager, the Configure option will not be available.
16 Extranet User Manager User Guide
Add Groups
As discussed earlier, it is recommended that you manage user permissions by groups.
Create a Group
1. On the home page, under Add click Group or click Add>Group in the menu.
The Group Details page appears.
2. Enter the name of the group in the Group Name field.
Make sure to use a descriptive and unique name.
3. Verify the group status is set to Active. This field can be set to Deactivated if you want to remove all of the rights of this group in the future.
4. Optionally, click the Add Owners button. A dialog box will appear.
Group Owners can add and remove members for the group. It is not required that you have Group Owners if you want to manage group membership on your own.
5. Add the name of a user or group you want to assign as a Group Owner by selecting the
domain containing the user/group and typing the name of the user/group in the Name field. Note that you must type the exact user or group name and that a lookup or validation is not available.
17 CREATE Extranet Users and groups
6. Click OK.
7. If you have existing users already created, you can add them to this group. Click the Add Member button.
The Add members dialog box appears.
8. Enter the search criteria for the user(s) you wish to find and click the Search button.
9. Select the users by clicking the checkbox next to each user name.
10. Click the OK button.
11. Remove Group Owners or members by clicking the X next to the owner or member name.
18 Extranet User Manager User Guide
Add Users
If the extranet user does not already have an account, you must add a new user. Adding a new
user creates an account for the user and sends them a welcome email with their username
(email address) and the set password link.
User accounts may be deactivated at any time in order to remove a user’s access to all
SharePoint resources. This does not delete the account. The account may be re-activated.
As you create a user, you can assign them to groups. As explained in the Introduction section of
the Extranet User Manager, it is normally best to create the group and assign the group
permissions before adding users to a group. In this way, when the user receives their welcome
email, they will have immediate access to the SharePoint resources. In certain cases though,
you may want to create user accounts and not give the users access to resources until a later
time.
Create a User
1. From the Home page of the Extranet User Manager under Add click User or click Add>User from the menu.
The Add New User page appears.
2. Enter the user details. The following fields are required:
First Name: The user’s first name.
Last Name: The user’s last name.
Email: The user’s email address. This address is used to send the welcome email, and
reset password emails.
Username: this is the user’s login name, for example jsmith, johnsmith, smithj. If your
Extranet User Manager uses Active Directory, email addresses may not be used for the
username since it contains the @ symbol. If the username contains @ symbol or other
restricted characters imposed by Active Directory, when the account is activated these
characters area automatically replaced with “_”. If your Extranet User Manager uses
SQL, email addresses may be used. Check with your administrator for details.
Note that the display name is omitted, the display name will be first name + last name. The
name displayed in SharePoint will be the user’s email address.
All other fields are for information purposes only.
19 CREATE Extranet Users and groups
3. Verify that the User Status is set to Active.
4. Assign the user to group(s) by locating and selecting the group in the Available Groups box
and then clicking the Add button.
If the user belongs to any groups for which you are not allowed to add or remove them, these groups will appear under the heading Unmanaged Groups. This is for information purposes only.
5. If you are creating a new user, using the Send Email options is not required. A new user will automatically receive a Welcome email. If you are editing an existing user, use these options to send the user an email. For example, if you add a user to a new group that gives them additional rights, you can inform them of the change.
6. Click OK.
A confirmation message is displayed confirming that your changes have been saved.
The extranet user will now receive their welcome email with the link to set their password.
20 Extranet User Manager User Guide
Import Users
If you have a large number of users to add to the Extranet User Manager, you can do this by
importing a spreadsheet with all of the user’s details. The user details must be arranged in a
specific way in order for the import process to work. A template is provided so that all you
have to do is fill in the details or copy the details from another spreadsheet. For example, if you
already have a database of customers, you can export the customers to a spreadsheet and then
copy and paste the details into the provided template.
Download the Import Template
The first step is to download the template for the spreadsheet from the Extranet User Manager.
Download the Import Template
1. From the Home page, under Add, click Import Users or click Add>Import Users from the menu.
The Import Users page appears.
2. Click the Downloads Import Template link.
3. Click the Save button in the dialog box and then save the file to a location on your computer. The file name will be Import Users Template.csv.
21 CREATE Extranet Users and groups
Enter the User Details
After downloading the template, you will need to open the file and complete all of the user
details.
Fill in User Details
1. Open the file Import Users Template.csv that you downloaded. The file should open with Microsoft Office Excel.
2. Enter the user details. Similar to adding the users through the Extranet User Manager’s Add Users page, the first name, last name, email and username fields are required. Other columns are optional.
Do not add or delete rows or columns or change any column headings in the template.
All users are required to be in the IdentityServerUsers group in order to logon to a relying party.
3. Save your changes and close the file.
Note: The country and province codes must match with the list that is available in the Extranet User Manager. To download a list of the acceptable codes, click the links Download Country Codes or Download Province /State Codes on the Import Users page. If country codes and Province/State codes are not entered into the template, the country will default to Canada and the province will be blank.
Load the Import File
With the template completed, you can upload it to the Extranet User Manager.
Load the Import File
1. From the Import Users page, click the Browse button. Locate the Import Users template.csv file, select it, and click the Open button.
2. Click the Load Import File button. The list of users to import appears on the page. Review the list for accuracy.
Any users with missing required fields will not be imported. If a username already exists, usernames will be highlighted and you must edit the csv file and re-import the file.
3. Click the Confirm and Import button. A confirmation message is displayed.
22 Extranet User Manager User Guide
This button is only available if the list of users is error free.
Approve Users
In some cases, extranet users may need to be approved before the account can be activated. A
typical scenario is where an extranet user creates completes an on-line form to request an
account. In this case, the account is created but the status is set to Pending Approval.
The person who approves the extranet user accounts may receive an email to notify them of
the pending approval and the email may contain a link to the user account page. This is a
customization of the Extranet User Manager. Check with your system administrator for further
details.
Approving a Pending User Account
1. Use the Search for Users page and search for all accounts pending approval
2. Click the name of the user or the Edit icon for an account requiring approval.
Alternatively, if you received an email to approve an account, click the link in the email that opens the Edit User page.
3. Change the status field from Pending Approval to Active.
4. Click the OK button to save your changes.
A confirmation message is displayed.
23 Manage Users and Groups
MANAGE USERS AND GROUPS Once users and groups are created, you may need to edit the details, deactivate the user or
group, reset a user’s password, or you may want to see which SharePoint sites a user or group
can access.
The first step is to locate the user or group you want to manage. Once you have found a user
or group, it is easy to edit the item. The search results provide links to the various tasks you
may want to perform.
Search for Users and Groups
You may need to edit an existing user or group. An easy way to locate the user or group is to
use the Search feature and entering the search criteria. You can enter multiple search criteria.
For example, you can enter a first name ‘John’ and the status ‘Active’ and you will only find
users with the first name John whose accounts are active. Partial field searches are also
allowed. For example, if you search for the last name ‘Smi’, you will find all users where the last
name starts with ‘Smi’, such as Smith, Smithe, or Smitherman.
Search for Users
1. From the Home page of the Extranet User Manager under Search click Users or click Search>Users from the menu.
The Search for Users page appears.
2. Enter the search criteria and click the Search button.
The search results are displayed on the page with a list of users that meet your criteria.
3. To start a new search, click the Reset button to clear all of the search criteria and start over.
24 Extranet User Manager User Guide
Search for Groups
1. From the Home page of the Extranet User Manager under Search click Groups or click Search>Groups from the menu.
The Search for Groups page appears.
2. Enter the search criteria and click the Search button.
The search results are displayed on the page with a list of groups that meet your criteria.
3. To start a new search, click the Reset button to clear all of the search criteria and start over.
Export Users and Groups
The Export To Excel button can be enabled / disabled by going to Configuration -> System
Settings and toggling the Enable “Export To Excel” Button checkbox under Search Options
You can export a list of users or groups to Excel. This can be helpful to perform other analysis,
use the email addresses for sending emails to a large number of users or other uses.
Export Users and Group
1. Perform a user search or group to display a list of desired users or groups.
2. Click the Export button.
A file download dialog box appears.
3. Select a location to save the file, change the filename if desired, and click the Save button.
25 Manage Users and Groups
Edit Users or Groups
Edit a User or Group
1. Use the Search for Users page to locate the desired user or group.
2. In the search results, click the user/group name or click the Edit icon.
User Search Results:
Group Search Results:
3. Change the user or group details and click the OK button.
26 Extranet User Manager User Guide
Email Users
This feature can be used to send an email to a user.
Email a User
1. Use the Search for Users page to locate the desired user.
2. In the search results, click the email address of the desired user.
A new email opens addressed to the user.
3. Complete the email subject and message and send the email.
View User or Group Sites
This feature will provide you a list of SharePoint sites and sub sites that the user or group can
access. This is very helpful to see all sites a user can access since SharePoint does not provide
this feature.
View User or Group Sites
1. Use the Search for Users or Search for Groups page to locate the desired user or group.
2. Click the View link for the desired user or group.
3. Review the page and view the list of SharePoint sites and sub sites which the user can access. Click the + and – symbols to expand or collapse the sites and sub sites.
4. If you have the appropriate rights, you can click the icon for a site to access the people
and Groups page of the SharePoint site. You may also click the icon to access the site permission settings.
27 Manage Users and Groups
Reset a User’s Forgotten Password
If an extranet user has forgotten their password, they can click a link in the login page to reset
their password and should not need to contact someone for help. However, in the event that
an extranet administrator needs to reset a password for an extranet user, this can be done.
When the password is reset, the extranet user will receive an email with a password reset link
that they can click to change their password. This is the same email they would have received if
they used the forgot password link on the login page.
Note that an administrator cannot create the password for the user. Instead, the reset
password feature sends the email to the extranet user and they must enter a new password.
Reset a User’s Password
1. Use the Search for Users page to locate the desired user.
2. Click the Change Password button for the user for whom you want to reset their password.
3. Verify that the email address is correct and click the Request New Password Email button.
The following message appears: An e-mail has been sent to the e-mail address you provided. Please open the e-mail and click the link to access the website. You will be required to change your password. The link in the e-mail will expire in two hours.
The extranet user will receive an email with the link to reset their password.
28 Extranet User Manager User Guide
APPENDIX A: SECURITY This section describes security aspects of the Extranet User Manager and how users can be
provided with access to the Extranet User Manager in order to create groups and users or
modify configuration settings.
The table below describes each of the roles that exist in the Extranet User Manager. Roles are
cumulative; for example, configuration editors can perform all actions and group editors can
perform group owner actions.
Role Description
Configuration Editor Can perform all functions in the Extranet User Manager. To be a Configuration Editor, users must be a member of the EditConfigurationGroup group which is specified in the web.config for the EUM.
Group Editor Can add and edit groups, users, and group members. The GroupEditor group is defined in the system configuration with the Edit Groups Group Domain and Edit Groups Group fields.
Group Owner Can add and edit users and update the group membership for the groups for which they have been defined as an owner.
Extranet User No rights in the Extranet User Manager. This is a user with an extranet account but has no rights to use the Extranet User Manager for configuration.
IdentityServerUsers An extranet user will not be able to logon to a Relying party unless they are in that group. Automatically added to that group once their account is created.