Users and Groups

User accounts are configured in EnterWorks, then the users are assigned to user groups. To efficiently manage system security, EnterWorks recommends it is managed at the group level, therefore groups should be defined according to user roles, such as Administrator, Product Manager, Publications Manager, or Syndication Manager. During configuration, groups are analyzed and designed to align with an organization’s specific business processes and operational requirements.

EnterWorks group security defines which functional areas of the application a user is allowed to view, functions they can perform, and what level of access a user has to objects within EnterWorks (e.g. code sets, users, groups, repositories, etc.). Each type of object can be configured as to which groups can create an object of that type, and for existing objects of that type, who can read, edit or delete them. For details on the assignment of user and group permissions, see Security.

User Password Management

There are three methods used to manage user logins to EnterWorks:

  • Local User

  • LDAP/LDAPS and Active Directory

  • Single Sign-on

If local user authentication is used, an EnterWorks system administrator uses EnterWorks to manage user passwords. EnterWorks performs all user authentication.

Active Directory is a Microsoft application hosted on an Active Directory server. It manages user passwords and performs user authentication. The protocol used to communicate with the Active Directory server is either LDAP (Lightweight Directory Application Protocol) or LDAPS (Secure LDAP, also known as LDAP over SSL).

If single sign-on (SSO) is used, users access EnterWorks through a corporate login (i.e., on a corporate web page) and subsequently follow a link to the EnterWorks application. In this instance, the organization using EnterWorks is responsible for authenticating users.

The local user and LDAP (Active Directory) methods can coexist – some users can be defined as local while others are defined as using LDAP. If single sign-on is used, then all users must be authenticated from the corporate login and there cannot be any local or LDAP (Active Directory) users.