Managing security can be an easy task when there are clear and written instructions on how to add, update, and remove users. Always ensure that the administrators are using the same methodologies and there is documentation in a shared location for new administrators and for reference.
Managing Security
Application |
Tasks Include |
|---|---|
Active Directory |
Domain Users |
|
Resetting user passwords |
Editing Users |
|
Concordance |
Security Console |
|
Modifying security settings |
Resetting lost passwords for individual users |
|
Exporting security files for reference files or to import into another database |
|
Overriding security settings for locked databases or lost administrator accounts |
Managing External Authentication
Managing domain users in Microsoft Active Directory involves resetting user passwords or editing user accounts.
To Reset User Passwords in Microsoft Active Directory
You must have a user’s current password in order to reset the same password in the Active Directory. Once the password is reset in the Active Directory, you need to reset it for the user on the Management tab in the FYI Admin Console and then inform the user of the new password.
1.Open Microsoft Active Directory and expand the Client Accounts tree view.
2.Double-click the folder containing the user account.
3.Right-click the user’s name.
4.Type the new password, and then retype the password to confirm it.
5.Click OK.
i.A message is displayed confirming that the password is updated.
6.Click OK to save the changes.
To Edit Users in Microsoft Active Directory
1.Open Microsoft Active Directory and expand the Client Accounts tree view.
2.Double-click the folder containing the user account.
3.Double-click the user’s name.
4.In the Properties dialog box, click the Properties tab and make the applicable edit to the user account.
5.When you are finished, click the Apply button to save your changes, and then click OK.
Managing Concordance Security
When you set up security, Concordance automatically saves passwords and security setting in a .sec file. You should always export a copy of your security profiles to a .csv file and store the file in a secure location on your server to reference in an emergency. The .csv file can then be imported into existing or new databases. Share this file with your supervisor or secondary database administrator.
There are three files that hold a database's security information:
•The CSV file stores all users’ field and menu access rights
•The SEC file store all user IDs and passwords
•The DCB file stores the security console administrator’s user ID and password
Restricting Field Access
In Concordance, you can apply read-only rights to fields in the Data Entry Attributes dialog box (Edit > Validation). Any field selected as read-only in the Data Entry Attributes dialog box applies to all database users and overrides field rights defined on the Field rights tab in the Security dialog box.
Changing User Access
Changing user access includes lost passwords, resetting all user IDs and passwords, and how to access locked databases.
Lost Passwords
To reset security accounts in Concordance databases, you must know the Concordance Security Console user ID and password.
If a user has forgotten their password, you can change their Concordance password for all registered databases from the Management tab in the FYI Admin Console. This only works for Concordance passwords as it will not change passwords that are set with external authentication.
Resetting All Users
If you need to reset all user passwords in a Concordance database or have forgotten your user ID, but still have the Concordance Security Console's administrator user ID and password, you can do so by deleting or renaming the .sec file. This file is located in the same directory as your database and stores all user IDs and passwords.
By deleting or renaming the file, you are able to open the database with the Concordance Security Console's administrator user ID and password. Once you login, you will not see any data because security is still enabled, but you can access the Security dialog box (File > Administration > Security) to reset each individual user in the database. If you have an existing .csv file, you can bulk import your users into the database.
|
When applying security to a new user or template account, you can click Cancel to exit the Concordance Security Console before clicking the Apply button to ensure changes are not saved. |
For detailed instructions on resetting all user passwords in Concordance, see the Concordance Answer Center.
For more information about resetting all passwords in the FYI Admin Console, see Changing passwords in FYI Server.
Accessing Locked Databases
If your organization finds itself unable to access a database, there are two options available:
•Try exporting the database. For more information about exporting Concordance databases, see the Concordance Answer Center.
•Contact Concordance Technical Support
Reapplying Security
When exporting as a Concordance database, security and tag history are not included. If you have an administrator or user who has access to the Export command on the Documents menu in Concordance, they can export the database, create a new security administrator ID and password, and then apply security for all users. When exporting a database, you are only able to export the fields that a user has access to under their existing security settings.
For detailed instructions on exporting security settings, see the Concordance Answer Center.
Contacting Technical Support
Concordance Technical Support analysts can reset access to the Concordance Security Console and restore all user IDs and passwords. But this is not cheap or quickly done, and has the following requirements:
•You must first supply a technical support analyst with a notarized affidavit from the owner of the database verifying your security files. This is most often from your corporate entity or that of your clients and requires a legal document on corporate letterhead with the appropriate stakeholder’s signature.
•A fee may be assessed for this service.
•The notarized letter needs to accompany a backup copy of your database files before a technical support representative has permission to overwrite your security.
If you do not know this information ahead of time, there will be a delay in getting approval for the support override. Please ensure that you always have a current backup copy of your security profiles and settings, and that a supervisor or other administrator has access to this information.
Setting Up Security Options
The Concordance and FYI Security Integration table demonstrates the different security setup options.
In addition to external authentication and Concordance security, with the FYI Server you have the option to show or hide databases that do not have security enabled, also known as public databases, to all users with access to Concordance .FYI or FYI Reviewer. The Show public databases setting on the Settings tab in the FYI Admin Console determines whether public databases are shown.
The Authentication type setting on the Settings tab in the FYI Admin Console determines whether external authentication or Concordance is used for authentication.
Security is enabled for a database when the Enable security check box is selected on the Field rights tab in the Security dialog box in Concordance. The Logon required check box on the Field rights tab in the Security dialog box determines whether all database users are required to log on each time they access the Concordance database.
In the Concordance and FYI Security Integration table, a black box indicates the specific option is enabled, and a white box indicates the specific option is not enabled.
Concordance and FYI Security Integration
Concordance Security |
FYI Authentication |
Public Databases |
Description |
|---|---|---|---|
|
|||
□ Enable Security □ Logon Required |
■ Concordance □ External
|
■ Show public databases |
•No security enabled. Least secure option. •Password needed to access FYI Admin Console. If database security is not enabled, no password is needed to access databases via FYI Reviewer or .FYI. •Databases are visible and available in all matters, to all users. |
□ Show public databases |
•Databases with the enable security option disabled are not displayed to users. |
||
□ Concordance ■ External
|
■ Show public databases |
•Secure only through the external authenticator. •Databases are visible in all matters, and available to all users |
|
□ Show public databases |
•Databases with the enable security option disabled are not displayed to users. |
||
|
|||
■ Enable Security □ Logon Required |
■ Concordance □ External |
■ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •Password needed to access FYI Admin Console. If database security is not enabled, no password is needed to access databases via FYI Reviewer or .FYI. •Databases are displayed for FYI Reviewer users after login. |
□ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •Password needed to access FYI Admin Console. If database security is not enabled, no password is needed to access databases via FYI Reviewer or .FYI. •Databases are displayed for FYI Reviewer users after login. |
||
□ Concordance ■ External |
■ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •If a user’s network ID is listed the same as the user account in the Concordance Security Console, then the user has access to that database. •Databases are displayed for FYI Reviewer users after login. |
|
□ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •If a user’s network ID is listed the same as the user account in the Concordance Security Console, then the user has access to that database. •Databases are displayed for FYI Reviewer users after login. |
||
|
|||
□ Enable Security ■ Logon Required |
■ Concordance □ External |
■ Show public databases |
•Users must enter their Concordance login and password to access the server and database. •Databases are displayed for FYI Reviewer users after login. |
□ Show public databases |
•Databases with the enable security option disabled are displayed to users. Important: We do not recommend this specific setup, this setup is informational only |
||
□ Concordance ■ External |
■ Show public databases |
•Users must enter their external (i.e. Active Directory) login to gain access to the server and database. •Databases are displayed for FYI Reviewer users after login. |
|
□ Show public databases |
•Databases with the enable security option disabled are not displayed to users. |
||
|
|||
■ Enable Security ■ Logon Required |
■ Concordance □ External |
■ Show public databases |
•Users only have the field rights assigned to them in each database in Concordance. •Users must enter their Concordance login and password to access each database. •Databases are displayed for FYI Reviewer users after login. |
□ Show public databases |
•Users only have the field rights assigned to them in each database in Concordance. •Users must enter their Concordance login and password to access each database. •Databases are displayed for FYI Reviewer users after login. |
||
□ Concordance ■ External |
■ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •Users must enter their external (i.e. Active Directory) login to gain access to the server and database. •External user ID must be added to the Concordance database. •Databases are displayed for FYI Reviewer users after login. |
|
□ Show public databases |
•Users only have field rights assigned to them in each database in Concordance. •Users must enter their external (i.e. Active Directory) login to gain access to the server and database. •External user ID must be added to the Concordance database. •Databases are displayed for FYI Reviewer users after login. |
||
|
|||