Search

 

Concerns: Vision Management Site

Edition: Futurama Website

Module: Futurama Accounts

User: User Management Site

Prerequisites

- license to use Futurama Accounts

Introduction

Description how to use the Futurama Vision Management Site for the Futurama Accounts process

 

Description

Part of the Futurama Website edition is the optional module Futurama Accounts. Futurama Accounts can be used to secure access to your applications. With Futurama Accounts passwords can be created and you can force your members to follow a verification process. Result of this process is a validated e-mail address that can be used to communicate digitally with your members. The management of your account process can be done by using the Futurama Vision Management Site. If you use the module Futurama Accounts, some accounts specific parts of the Futurama Vision Management Site become applicable. At this page is explained how to use the Futurama Vision Management Site.

Steps

The Management Site has to be used for configuration how to use Futurama Accounts exactly for your application. After that the members have to be selected for which an account has to be created. When your members use their accounts to visit your application you can use the Management Site to manage the account process. So the next steps are important:

  1. configure your account process in the Management Site
  2. create accounts for your members
  3. use the Management Site for account and person management
  4. use the Management Site to manage encryption settings for accounts

These steps are explained in the next paragraphs.

Configure account process

First of all in the Management Site the configuration of your account process has to be done. You have to make a number of choices regarding your verification process. In the Management Site this configuration has to be made in the menu Management/Manage domain tables. In the 'AccountProductGroups' tab a new configuration can be made after clicking on '+ Add new record'. See below the explanation of all the settings:

Settings

  • Name: The name of your account application;
  • Block automatically: If this box is checked the account of a member will be automatically blocked after the member unsuccesfully tried to log in his account for a number of times. If the box is unchecked the account never will be blocked: the members can enter as many wrong passwords as they want to:
  • Block after (tries): Only applicable if the previous box is checked. This is the number of wrong attemps after when the account will be blocked;
  • Deblock automatically: Only applicable if you choose to automatically block the account. If you choose to do so, you can either deblock the account automatically or manually. If you want to deblock automatically check this box. In the next setting the deblock time can be chosen;
  • Deblock after (minutes): Only applicable if the previous box is checked. This is the time in minutes after the account is blocked that the account will be deblocked automatically.
  • Characterset x for password: For each account that is created a temporary password is generated. This temporary password has to be used by the members to activate their account. In the Management Site it is possible to define the structure of your temporary passwords. You can define 4 character sets and define how many characters from which set have to be used (see the next setting). For example, the first set can be 'abcdefghjkmnpqrstwxy', the second set 'ABCDEFGHJKMNPQRSTWXY', the third set '23456789' and the fourth set '!@#$%^&*()'. It is recommendable not to use similiar characters like 1 and I, or o and 0. The maximum number of sets is 4. It is also possible to use fewer sets;
  • Number from set x: The number of characters to be used from each of the defined character sets;
  • Productgroup: The ProductGroup for which the configuration of accounts has to be applicable;
  • RegEx password: When a member uses the his temporary password to create an account, he is forced to define his own password. With this setting you can determine the requirements of the password to be chosen. For example: minimum length 8 characters, at least one capital and one number. These requirements can be set by using a regular expression. For more information about regular expressions see the description of the Futurama formula ValidatePattern;
  • EmailAccountChangedTemplate: The path to the XSLT-template to be used to send an e-mail to your member when he changed his account. After an account is created it is possible to change for example password or e-mailaddress. After changing one of these settings an e-mail will be sent to the member with an activation link to confirm the changes. For this e-mail an template XSLT is used. Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the XSLT-file. See below 'Examples templates' for an example of such a template;
  • EmailAccount CreatedTemplate: The path to the XSLT-template to be used to send an e-mail to your member when he create his account for the first time (i.e. after using the temporary password to log in and create an account). After an account is created an e-mail will be sent to the member with an activation link to definitively create his account. For this e-mail an template XSLT is used. Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the XSLT-file. See below 'Examples templates' for an example of such a template;
  • EmailAccountReinitializedTemplate: The path to the XSLT-template to be used to send an e-mail to your member when he has forgot his password and want to receive a new (temporary) one. Only applicable if for the member a validated e-mail address is available. Otherwise the template mentioned below will be used. This e-mail contains a new password. For this e-mail an template XSLT is used. Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the XSLT-file. See below 'Examples templates' for an example of such a template;
  • EmailAccountReinitializedAdminTemplate: The path to the XSLT-template to be used to send an e-mail to an administrator when a member forgot his password and want to receive a new (temporary) one. This e-mail is sent in the situation that no validated e-mail address of the member is available, so an automatic reset of the password is not possible. For this e-mail an template XSLT is used. Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the XSLT-file. See below 'Examples templates' for an example of such a template;
  • E-mail administrator: The e-mail address of the administrator to be used to send an a-mail when a member forgot his password, and wants to receive a new one (only in the situation that no validated e-mail address of the member is available);
  • PersonDataXSLT: The path to the XSLT-template where you can define custom fields to be used in the account reset letter (see next setting). In the Vision Database you have imported your member data. For each member an XML is imported. In the PersonDataXSLT it is possible to use an XPath query to an element is this XML. This element can be used in the account reset letter. Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the XSLT-file. See below 'Examples templates' for an example of such a template;
  • AccountResetTemplate: The path to the DOC-template to be used when an administrator of the Management Site manually resets the account for a member. This template will be used to generate a PDF that can be sent to the member for which the account is reset. The merge fields that can be used in this template are defined in the previous 'PersonDataXSLT'.  Make sure that the identity of the application pool of the Futurama Vision Management Site has read permissions on the DOC-template. See below 'Examples templates' for an example how to use this template;
  • HashingType: Here you can select the hashing type that is used to store the password. There are four different hashing types that can be chosen (MD5, SHA1, SHA1WithSalt and SHA256WithSalt). Depending on the hashing type that is chosen, the password will be hashed in a different way. It is possible to first choose one hash and later another hash. For users for which the password is hashed according to the first chosen method the password will be hashed following this method until the users logs in again. From that moment the password will be saved according to the most recent chosen hash method. See for more information about the hash and the way how can be converted from another authentication system to Futurama this page;
  • Questions: The questions from which the user can select one when creating or changing his account. This security question will be used after clicking on the activation link in the e-mail to confirm the changes. 
  • Encrypted data: checking this box will encrypt both the e-mail address of the user and the answer to the previous mentioned security question. In caes this parameter is checked, make sure also the encryption key is given (see below).
  • Encryption key: In case you checked the previous checkbox, you should submit the name of the encryption key. A key with this name should be present in the AppSettings section of the web.config of the Management Site.

Examples templates

Above the configuration of Futurama Accounts is described. Part of this configuration is the definition of a number of templates. See here for an example of each of these templates:

  • EmailAccountCreatedTemplate.xslt
  • EmailAccountChangedTemplate.xslt
  • EmailAccountReinitializedTemplate.xslt
  • EmailAccountReinitializedAdminTemplate.xslt
  • PersonData.xslt
  • AccountResetTemplate.doc

E-mail templates

The first four templates are used as templates for the e-mails that are sent either to the owner of the account (the first three) or to the administrator. In each of those templates the content of the e-mail can be defined. Beside flat text it is possible to define parameters, to personalize the e-mail. Some of these parameters are determined by Futurama, the others can be defined using your XML datastructure. For both the Futurama parameters and the own parameters the XPath to these parameters have to be defined. The parameters defined by Futurama are:

  • The identifier: //vision:login
  • The password generated: //vision:password
  • The activation url: //vision:activationurl
  • The mail address of the identifier: //vision:recipient
  • The ReturnPath mail address to use for email bounces: //vision:returnpath
  • Value UseExternalSecurity (see the supportpages Change Account and Create Account): //vision:useexternalsecurity

The activation url is a combination of the url defined in the Management Site at the Futuramas section and an unique activation code. This activation code in this url will be compared with the activation code that is stored in the Vision Database to determince whether the right person wants to activate his account. Suppose that the url defined in the Futuramas section is: http://servername/futurama/application, then the activation url will be http://servername/futurama/application?activationcode=XXX-XXX-XXX, where XXX-XXX-XXX is the activation code. In your Futurama application you have to read the value of this parameter using the Futurama formula ReadRequestParameter.

Besides the predefined Futurama parameters it is possible to use information from your member XML in the e-mail (such as the name of the recipient). In the templates you can see the example: Dear . In this example the name of the recipient can be found with the XPath //policy/name in the member XML. In a simular way you can use an arbitrary element from the XML in the e-mail. If you use namespaces in your XML, this namespace also has to be defined in the xslt-templates. This can be done simular to the predefined namespace xmlns:vision.

Account reset template

The last two templates PersonData.xslt and AccountResetTemplate.doc interact with eachother. The AccountResetTemplate is used when an account is reset manually from the Management Site. In the example template you find a number of Word mergefields. Theste fields are defined in the PersonData.xslt. If an field is defined in this xslt, then it can be used a mergefield in the AccountResetTemplate. For the fields in the PersonData.xslt the same is appliacble as described above. It is possible to use data from your members XML by using the XPath to this data. In the example of the PersonData.xslt you find the fields Name, Address and City. Substitute 'XPath to Name in your XML' by the XPath to the Name of the recipient. The other fields go equally. The password is a Futurama parameter given by the XPath //vision:Password.

In addition to the parameters mentioned above there is also a special kind of parameter defined in the PersonData.xslt: checkdataforreinitialization. This element is used when a person wants to reset his account (because he forgot his password). If the e-mail address of this person is known, there will be send an e-mail to the validated e-mail address with the new password. Before sending this e-mail it is recommendable to let the person fill in a check field (for example date of birth). The e-mail then only will be send when the person fills in the right date of birth in combination with his login name.

Create accounts

After the configuration of your account process it is possible to create accounts for your members. First of all the members for which an account have to be created must be imported in Futurama Vision. So make sure the next two steps are followed:

  1. Import the data into Futurama Vision
  2. Import this data into your Futurama Vision application

After this accounts can be made for your members. Futurama Vision will detect for which of your members already an account is made and for which members an account have to be made. See the first tab of the menu Accounts in the Futurama Vision Management Site for this process.    

The page is divided into two parts. The left part with information about the persons available for your application. The right part with information about the accounts created for your application. Both the left part and the right part of the page is divided into three more blocks. Each of these blocks give the number of persons with a policy and the number of persons without a policy. Once you have imported members into your Futurama Vision application they will be treated as persons in Vision. For each of the persons will be checked whether a policy with member data is available. This makes the distinction between 'with policy' and 'without policy'.

Synchronization

Futurama Vision will check whether there is a mismatch between the persons with a policy and the persons for whom an account is available. If there are persons with a policy without an account, there can be accounts created. If there are persons with an account without a policy, accounts can be deactivated and deleted. See below for the steps to take.

Persons

The total number of persons can be divided into the number of persons with an account and the number of persons without an account. If there are persons with a policy, but without an account (the new members that are imported into your Futurama Vision application) in the left bottom block the ">> initialize accounts" buttom becomes clickable. Follow the next steps to make new accounts:

  1. Click the >> initialize account button
  2. Download the passwords by clicking >> download passwords
  3. Save this file to use it for further processing (for example as input for password letters to be sent to your members with information how to log in to your webapplication) 

The passwords.xml file downloaded in step 3 contains the list of persons for whom an account is made with a password that can be used to log in into your webapplication. The password is created based on the configuration you made in the Management Site (see the paragraph 'Configure account process').

Note: the passwords.xml file that can be downloaded is only available at the moment that you download this file. This file will disappear if you visit another page in the Management Site.

Accounts

The number of accounts can be divided into the number of active accounts and the number of inactive accounts. Active accounts are accounts that can be used to log in your application. The inactive accounts are not able to log in your application. These inactive accounts can be made manually by an administrator in the Futurama Vision Management Site or automatically. Manually for example when you want to temporary block access to your application for a person. Automatically when you import a full new dataset of members and there is a mismatch between the members already imported and the new dataset.

If there are active accounts without a policy (i.e. previously a policy was available, and an account is made. In the current dataset for that person there isn't a policy available anymore. In that situation an account is available, but no policy) it is possible to deactivate these accounts. Deactivation means that the account becomes inactive and cannot be used to log in your application. Deactivate accounts by clicking on the button ">> deactivate accounts". After deactivation the account information remains available for later use.

In the right bottom block the number of inactive accounts are given. For the inactive accounts without policy it is possible to delete the entire account. After deleting the entire account information will be delete. If it appears that at a later moment a policy is imported for a deleted account, this will mean that the policy is treated as any other new policy: a new account is made ans a temporary password is available for the member to create his own account. For the inactive accounts with a policy it is possible to reactivate the account. After reactivating the account the member can log in again, using the same credentials before the account became inactive. 

Account management

After the first two steps the Futurama Vision Management Site can be used for account management. There are different types of account management:

  1. Use the Futurama Vision Management Site to view the status of the account of each of your members
  2. Use the Futurama Vision Management Site to get insight in the use of your application by your members
  3. Use the Futurama Vision Management Site to change the status of the account of your members

These three types are explained below. The status of the account is important for each of these pages. See below for an overview of the different statuses. 

Account status

Below an overview of these different statuses. (The ID of the Account status is the value of the column Account_STATUS_ID in the Vision database) 

  • Account status 0 - INITIALIZED: The account has been created with a temporary password, but a new password needs to be filled in by the user.
  • Account status 1 - CREATED: The account was filled in by the user but has yet to be activated with the hyperlink.
  • Account status 2 - ACTIVATED:  The account is activated by clicking at the hyperlink and answering the secret question correctly
  • Account status 3 - BLOCKED: The account is blocked.
  • Account status 4 - RESET: The user has made changes in his account (for example another password), and these changes have not yet confirmed by clicking on the activation link in the e-mail.
  • Account status 5 - REINITIALIZED: The account is completely redefined with a new temporary password. The account did already exist in this situation but it is now reset
  • Account status 6 - DEACTIVATED: The account is deactivated. The user cannot log in

Overview status

In the Futurama Vision Management Site it is possible to see how many of your member does have which status. See in the Account menu the submenu Overview status. For your ProductGroup you can see the total number of members in your dataset divided into the different statuses. The status INITIALIZED is divided in two statuses, 'Initialized visited' and 'Initialized not visited'. The accounts who are assigned to the first category are the accounts that have logged in with their initial password but didn't continue the password process. The accounts assigned to the second category never logged in with the initial password. For the status REINITIALIZED the same division is applicable.

It is possible to export this overview to Excel. Do do this, follow these steps:

  1. Click on the Excel icon on the top right of the table.
  2. Subsequently, you will get a message that the files do not have the right file format indicated by the file extension. This is the because of the way the XSLT is composed. However, you can open the file safely.
  3. Now you will see in Excel the activity overview. Here it is possible to use this overview for further analysis.

Overview activity

In the Futurama Visoin Management Site it is possible to see the activity in a given time period. See in the Account menu the submenu Overview activity. At this page you can choose a time period for which you want to see an overview of a type of activity. For example the activity 'Logged into account'. You can see both the total number of logged ins (if a person has logged in several times each of the logged ins is counted) and the number of different persons that have logged in.

A selection can be made with the next parameters:

  1. Time period: choose both the start date and the end data
  2. Timescale: Here you can choose to display the overview on a daily basis or to display it on a monthly basis.
  3. Module: Here you can choose from which module you want to see an overview from.
  4. Type activity: Here you can choose for what kind of activity you want to see the overview for. For example, if you want to know how many times people logged into the account in the time period you chose, select "Logged into account" as type of activity.
  5. ProductGroup: Here you can choose for which ProductGroup you want to see the overview.

After you clicked on the button to retrieve the overview, you will get the result of your selection. It is possible to export this overview to excel by following the next steps:

  1. Click on the Excel icon on the top right of the table.
  2. Subsequently, you will get a message that the files do not have the right file format indicated by the file extension. This is the because of the way the XSLT is composed. However, you can open the file safely.
  3. Now you will see in Excel the activity overview. Here it is possible to use this overview for further analysis.

Change status account

In the Futurama Vision Management Site it is possible to search for one of your members and see information regarding the account process for this specific member. See the first submenu in the General menu to search for members. Choose the ProductGroup that is applicable for your member and enter the member identifier. For each member you now can see for example the e-mail address (in the situation a validated e-mail address is available) and the last event. The last event is the last action of the member in the account process. For example 'Logged into account' or 'Account created'. Furthermore you click at the 'Details' button to see more detailed information.

At the bottom of this page the total overview of the events is given. You exactly can see when the member has used his temporary password to log in, when he has created an account, when he has logged in, etcetera. At this page you can also change the status of an account. Which actions are possible depends on the current status of the account. If for example the account is blocked, you can unblock the account. See below for the possible actions:

  • Block: You can block an account manually. After it has been blocked, the member has no access to his account. This action is only available if the account isn't already blocked, and the automatic unblocking mechanism has not been enabled;
  • Deactivate: An account can be deactivated manually. When an account is deactivated, the participant can no longer log in using his/her information. A deactivated account can only be activated through the Management Site;
  • Reset: An account can be reset. After this action a new temorary password will be generated, that can be used to reactivate the account by the participant. A PDF is created with the temporary password. The template for this PDF is configured in the Management Site (see AccountResetTemplate in the paragraph 'Configure account process' for more information;
  • Deblock: Should an account be blocked and the automatic deblocking mechanism is not enabled, this action will deblock the account;
  • Reactivate: A deactivated account can be reactivated by performing this action. After reactivation, the account will have the same status as it had before deactivation. The previous login information will also be valid to be used by the participant.

Person management

Person management is done in de person details screen. Find this screen through the menu General – Search Person.

Delete Person

Find this button by hovering the management button. Deleting a Person deletes its accounts, policies, events and data items. In case this person is registered on the NPR website, deleting a person will unregister this person automatically for all Apps it is Npr-registered for.

Export data

All data of a person can be exported in Xml format by hovering the management button. All encrypted person data will be automatically decrypted. To configure access to this page you should include the page Export person data in the appropriate functional group. If you leave this page not included, any functional group that has the unassigned checkbox ticked will automatically allow its users to export person data. For administrators that are restricted to a certain ProductGroup the system does an additional check if the exported person belongs to the ProductGroup tree of the admin.

Delete Policy

All Policies of a person are listed in the person details screen as well. Delete a policy by clicking the delete button. In case this person is registered on the NPR website, for the App this policy belongs to, deleting the last policy of this person (last policy within to the App), will unregister this person automatically for this App.

Manage encryption settings for accounts

This is done by changing encrypted and encryptionkey fields in the the account_productgroup. (Menu: management>manage domain tables)

This works exactly as with Apps and Datasets, you can read the details on the Futurama Vision central encryption page vision data.

Feedback

If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.

Updated: 2018-04-10