For SmartServer 4.1 (Beta), see Defining Users (Release 4.1).

For SmartServer 4.0 and prior, see Defining Users (Release 4.0 and Prior).

You can create and manage SmartServer user accounts if you are signed into a SmartServer account with system administrator, owner, or supervisor privileges. User account management includes assigning roles and capabilities of each user account. To limit a user's access to specific devices, first assign the device to a context and then assign the user access to specific contexts.

This section consists of the following:

Creating a User

You can add a new SmartServer user by creating a user account. User types can be User, Owner, Supervisor, or Admin. Only Admin users can create an Admin user type.

To create a new user account, follow these steps:

Open the SmartServer CMS.
Open the CMS Users widget. Click the Expand button ( ).
Click the Action button () and select the Create User action.

The Create User view → General tab appears.
Enter the following information for the new user:
- Username
- Email
- First Name
- Last Name
Select the User Type as follows:
- User – is assigned by the system administrator, owner, or supervisor, and has access to widgets as specified on the Access tab and will be limited to the contexts specified on the Contexts tab. See the following section, Setting User Access and Context Permissions, for more information regarding how to set these permissions.
  
  If you select User, then a User Role field and a Save As button appear.
  
  The User Role field has the following default user roles:
  - Field Technician – initial setting is read/write access for Device Types, Devices, Datapoint Properties, and Datapoints widgets, and read-only access for all other widgets.
  - Scheduler – initial setting is full access for the Calendar widget and read-only access for all other widgets.
  - System Integrator – initial setting is full access for all widgets.
    
    If you select a user role and modify any of the widget access settings, then the settings associated with a user role will be changed.
  - You can can create a new user role by clicking the Save As button. A dialog box appears (shown below) prompting you to enter a name for the new user role. Enter a name for the new user role and click Save to copy the current widget access settings to the new user role and to save the new user role.
- Owner – has access to all tasks in all contexts.
- Supervisor – has access to all tasks in specified contexts, except for changing the licensing customer ID, returning license keys, and adding license keys.
- Admin – has access to all tasks in all contexts; can only be created by an Admin user type.
Set the user password in Password field. The Confirm Password field appears requiring you to match the password.

Instead of manually setting the password, you can click the Generate Password button for a password to be automatically created by the system. You can enable the Send Password on Save option to send the current password to the email address that is provided. This option may be useful when an Admin or Owner creates a new user or when the password is created using the Generate Password button. The Send Password on Save option is disabled if a new password has not been entered or generated, an SMTP server is not defined, or an email address is not specified. If this option is enabled, then the CMS will send the new password to the user using the configured SMTP server.

To display the disguised password characters, click the Show Password button (). See Managing SmartServer IoT Passwords for more information.
Optionally, set the Session Timeout (minutes) field with the number of minutes after which a user session will be closed, requiring the user to login again if they still need access. Users will be able to view their timeout, but only an admin, owner, or supervisor can change them. Valid values are None (blank) or an integer value from 1 to 10080 minutes. None means that there is no user session timeout. The default is 90 minutes.
Optionally, set the Password Expiration (days) field with the number of days when the password for the user will expire after either setting the expiration option, or changing the password after the expiration option was set. Valid values are None (blank) or an integer value from 1 to 36500 days. The default is None for no password expiration. This field may only be modified by Admin, Owner, and Supervisor user types, and is disabled for admin user types. This field is only applicable when the Authentication Method is set to Basic.
Optionally, set the User Account Deactivation (days) field with the number of days when the user account will be deactivated after either setting the deactivation option, or the last user login after the deactivation option was set. Valid values are None (blank) or an integer value from 0 to 36500 days. The default is None for no user account deactivation. This field may only be modified by Admin, Owner, and Supervisor user types, and is disabled for admin and owner user types.
Optionally, set the Homepage field as follows (only Admin, Owner, and Supervisor users can modify the Homepage field):
1. CMS Dashboard – selects one of the currently-defined CMS dashboards. The first dashboard listed will be the Default dashboard.
2. Custom Web Page – opens the Custom Web Page field where you can select from the custom web pages that are defined on the CMS host (Local CMS or Remote CMS).
  1. For Local CMS, any .html file that is stored in the /var/apollo/www/user/custom directory can be selected as a custom web page.
  2. For Remote CMS, any .html file that is stored in a specified directory on the host system can be selected as a custom web page. To link the directory inside the container with a directory on host system, add the following -v parameter to the command that is used to start Remote CMS:
    -v <host full path of the directory containing custom web pages>:/usr/lib/apollo/www/user/custom
    See Creating Custom Web Pages for more information.
Optionally, set the Tags field with an optional comma-separated list of tags for the user. Each tag may be a key, or a key=value pair, where a key is a string of up to 100 characters, and the optional value is a string of up to 64K characters. This field may only be modified by Admin, Owner, and Supervisor user type.
For Admin user:
- Optionally, set a Google API Key for maps display. The Google API Key is used for access to Google Maps for maps display in the Locations widget (prior to SmartServer 3.4, the Locations widget was called the Map widget). The default admin user will have an embedded key. New admin users should be supplied with a key in order to view maps. The same key that is used for the default admin user can also be used for new admin users.
- Optionally, set an External Login. This login is used to associate a user with an external account. It is needed to link the CMS user accounts with SAML provider accounts (i.e., the email address) or when OAuth authentication is enabled.
Click Save to create the new user.

Setting User Access and Context Permissions

To set user access and context permissions, perform the following steps:

Open the SmartServer CMS.
Open the CMS Users widget. Click the Expand button ( ).
Go to the Create User view. See the Creating a User section above.
Click the Access tab at top of the Create User view (only Admin, Owner, and Supervisor users can modify settings on the Access tab).

The Create User: Access view appears. The figures that follow show the default settings for the default user roles (i.e., Field Technician, Scheduler, and System Integrator).

User role: Field Technician

User role: Scheduler

User role: System Integrator
Use the slider to configure user access for each widget. You can set the slider to the following positions, from left to right:
- No Access – restricts all access to the widget.
- Read-Only – allows the user to view the widget, but not perform any modifying actions such as creating, updating, or deleting any elements in the widget.
- Read/Write – allows the user to perform any read or write action that is supported by the widget, but not create new entities or delete existing ones. (Default when creating a new user.)
- Create/Read/Write/Delete – allows the user to perform any action that is supported by the widget.
Set the Default Visibility checkboxes. When checked, the widget will be included in the default dashboard and any new dashboards that are created by the user. When cleared, the widget will not be included in the default dashboard or any new dashboards; however, the user will be able to add the widget to any of their dashboards.
Click the Contexts tab at the top of the Create User view (only Admin or Owner users can modify settings on the Contexts tab).

The Create User: Contexts view appears displaying all contexts (in a tree view) that are defined in the CMS as shown in the following example:

The CMS creates a top-level World context by default that includes the Earth's surface. A user with suitable permissions can create campus, building, or area contexts directly in the World context, and can also create segment controllers and edge devices directly in the World context.
Use the checkboxes to the left of each context to set user permissions for contexts. These checkboxes enable access to devices located in specific contexts. If devices are assigned to different contexts, then users will only have access to devices that are assigned to selected contexts. When an Admin or Owner user checks or clears a non-leaf node context, all contexts under the node will be checked or cleared. Admin and Owner users have access to all contexts; therefore, all checkboxes, including the World context, are set and disabled by default. When a new user is created, all checkboxes are cleared for Supervisor and User users by default.
When you are finished setting user widget access and context permissions, click the General tab at the top of the Create Users view to finish creating the user account. See the Creating a User (step #5) section above.

Editing a User

Once you have created a user account, you can make changes to it using the edit feature. You can also edit the Apollo Owner user account that is available by default as the primary CMS user for the SmartServer IoT.

To edit a user account, follow these steps:

Open the SmartServer CMS.
Open the CMS Users widget.
Click the Edit button () for the user account that you want to edit. You can also click directly on the name of the user account.

The Edit User view appears.
Edit the user account as needed. Refer to the Creating a User section for more information.
Click Save to confirm the user account changes.

Resetting User Passwords

For information regarding resetting user passwords, see Resetting User Passwords in the Managing SmartServer IoT Passwords section.

Removing a User

You can remove a user account to disable access to a SmartServer for a user. To remove a user account, follow these steps:

Open the SmartServer CMS.
Open the CMS Users widget. Click the Expand button ( ).
Click the Action button () for the desired user and select the Remove User action.

A confirmation dialog box appears.
Click OK to confirm removing the user.

Removing Multiple Users

You can remove multiple user accounts to disable access to a SmartServer for the selected users (you will need to leave at least one user for system access). To remove multiple user accounts, follow these steps:

Open the SmartServer CMS.
Open the CMS Users widget.
Select the users to be removed. Or, if you have many users on the system and want to remove all of them, you can use the Select All button () to select all users. If you are deleting all users from the system using the Select All button, then be sure to deselect (at least) the Apollo Owner user in order to leave at least one user for system access.
Click the Action button () and select the Remove Selected Users action.

A confirmation dialog box appears.
Click OK to confirm removing the selected user accounts.