5 Replies Latest reply on Jul 18, 2012 6:57 PM by mhz

    Is there a way End Users can use a different login method.....


      based upon an attribute on the user table ?


      Many many moons ago when we first had ITBM installed we were asked if we wanted users to login using their UserID or email address.  We opted for UserID and has been working as expected ever since.  However, while we having been building processes and demostrating to customers and even built custom processes and given varying levels of access to perform their own functions, they continue to come up with ideas and requirements.  About a year ago we built three new processes (Starter, Amendment and Leaver) which all End Users have access to.  In the drive to reduce pressure on the Service Desk we are trying to put the logging of these incidents back on the customers (especially as they all have a specific department for organising various access to systems/buildings etc etc.  All have agreed in principle, but there are questions around security.  What we are looking to do is to build custom forms based on each customers requirement and ONLY give access to each person in the relevant department using roles.  The problem is End Users have never had passwords as most struggled to remember their UserID.  Obviously the SAL loggers will need to set passwords but some are requiring the ability to log in using their email address (as most of them know this.....wonders will never cease!) and some want to remain with UserID's.  From what I remember it has to be one or the other.  The only other way I can think of doing it is by setting up new end user accounts using email address in the UserID field (for those that require this), but the downside being if they leave their current employment we would delete them from the system and if they come back (you'd be surprised how many do!) I wouldn't be able to recreate them.


      Has anybody else been asked something similar and how did you get round it?


      Any ideas gratefully received


      Version 7.3.2

        • 1. Re: Is there a way End Users can use a different login method.....

          If the people are on a trsuted domain, how about using integrated login.  That way people don't need to know their ID, they just login to the network as usual and run the app.  Failing that, if you have an LDAP server with peoples details on, you could authenticate to that.


          You don't have to use user id- you could rename people so that their NAME details use some other field contents such as email address.  The trick would then be knowing how to import these users as some might want to use an email address and some their current ID.  So ideally you'd switch everyone to using the new format.  A bit of scripting work should enable you to bulk rename people if thats the route.

          • 2. Re: Is there a way End Users can use a different login method.....

            Hi Dave, thanks for the reply.  Unfortunately we support 10 different customers all of which have a varied mix of infrastructure with different levels of accuracy (Novell, AD etc) so trying to implement integrated login would be an absolute nightmare and I know that our customers wouldn't stump up the readies for any such work. We've tried on many occassions to obtain up to date user information and it is like trying to get blood out of a stone (and I'm not convinced half of them actually know!).  We have almost 50,000 end users on our database when all 10 customers employ approximately 33,000 and we have to run a script to try and stop this getting totally out of hand as most of our customers don't inform us when a user leaves.

            However, our customers still want us to be able to perform miracles.  All of the customers want us to increase security and some are quite particular in how we achieve this (I'm all for switching the whole lot over to email but other customers are opposing this).

            So, to satisfy all my customers I need to be able to choose which method is used based on which customer an end user works for (which is identified at level 1 of a location category).  If it can't be done then we'll have to get one group to shift but at least I can go to them and say I tried.

            • 3. Re: Is there a way End Users can use a different login method.....

              Tricky.  I'd consider a usage charge and maybe using different instances to divide up those that insist on things being done a particualr way.  Appropriate charges might influence peoples decisions :-)  Some of the new stuff in 7.4 on partitioning might be of significant interest [hint]

              1 of 1 people found this helpful
              • 4. Re: Is there a way End Users can use a different login method.....

                Just to update really, We upgraded to 7.4 last summer and implemented two 'sites as now in 7.4 each site has its own config file and you can configure one for explicit login and the other for integrated login. Set the integrated as default but add a failover in iis for a 401.1 error to redirect to explicit. Happy days

                • 5. Re: Is there a way End Users can use a different login method.....

                  Did you then have to import an additional user account for each person, with email address mapped to the [tps_user[.[tps_name] attribute? 


                  And if there is now an additional account for each user, did you create a "link" between the two accounts?  Does whoever maintains the database still consider this a "success?"