Provide Settings for Automatic User Creation

If:

• the External Authentication feature is enabled at the ClearSCADA server (see Using External Authentication with ClearSCADA)
• the server is configured to Create users automatically from group membership (see Integrate ClearSCADA User Accounts with Active Directory or LDAP User Accounts)

you can specify whether to enable automatic user creation on each ClearSCADA User Group that is associated with a Windows domain group or LDAP user group. With automatic user creation, when a new user attempts to log on to ClearSCADA via ViewX or WebX, ClearSCADA will attempt to locate a Windows domain (Active Directory) user or LDAP user with the user credentials that have been entered. If such a user exists in Windows/LDAP but not in ClearSCADA, a new user account will be added to ClearSCADA automatically, to correspond with the Windows/LDAP user account. As part of this process, ClearSCADA applies various settings that are provided by the relevant User Group and its associated User Pattern for creating the new User account. Should the user be a member of more than one User Group, ClearSCADA will use each User Group's Priority to determine which User Group settings it is to use for the new User account. Additionally, it will automatically populate the new User account's Windows/LDAP User Name field with the name of the Windows or LDAP user that was used to log on to ClearSCADA and so resulted in the creation of that new User account.

To facilitate this:

• The relevant User Group(s) have to exist in ClearSCADA and be associated with corresponding Windows domain groups or LDAP user groups (see Associate a ClearSCADA User Group with a Windows Domain Group or LDAP User Group)
• At least one User Group has to be configured to Allow Automatic User Creation (see below). ClearSCADA will use the settings that apply to this User Group when creating a new User account for a user that is a member of this User Group. Such settings include the security permissions that apply to the User Group (see Allocating Permissions to a User Group or User Account).
• The above User Group has to reference a suitable 'User Pattern' - a special type of user account that determines the settings that the new user account will be assigned in ClearSCADA. These settings determine the ClearSCADA features to which the new user has access, and so on.

This topic explains the properties on the User Group Form that you have to configure to enable automatic user creation. To configure these properties:

1. Display the User Group Form in ViewX.
2. Select the User Group tab.
3. In the Link to Windows/LDAP Group section of the tab:

   

   1. Select the Allow Automatic User Creation check box if this User Group is to provide settings for automatic User creation. If, as part of the external authentication process, ClearSCADA determines that it needs to create a new User account automatically, it will identify the User Groups of which the new User is a member, including which of those User Groups are configured to provide settings for automatic User creation. If the user belongs to more than one such User Group, ClearSCADA will use the settings that apply to the User Group that has the highest Priority (see below). It will then use the settings that apply to that User Group and its specified User Pattern for creating the new User account.

      The check box is only available for use if:

      • the User Group is linked to a Windows Domain Group or LDAP User Group (see Associate a ClearSCADA User Group with a Windows Domain Group or LDAP User Group)
      • the server is configured to Create users automatically from group membership (see Integrate ClearSCADA User Accounts with Active Directory or LDAP User Accounts).

      (Clear the check box if this User Group is not to provide settings for automatic User creation. The rest of the fields associated with automatic User creation in the Link to Windows/LDAP Group section are 'grayed out' and unavailable for use.

   2. Use the User Pattern field to specify the full name (including the path) of the User Pattern that determines the settings that the new user account will be assigned in ClearSCADA. Use the browse button next to the field to display a Reference browse window. The window displays a list of User Patterns that exist in the database. Use the window to locate and select the required User Pattern.
   3. Use the Create Users in Group field to specify the name of the Group or Group Instance within which ClearSCADA should create the new User account. Use the browse button next to the field to display a Reference browse window. Locate and select the required entry from the window.
   4. Users can belong to multiple User Groups. Use the Priority field to specify which set of User Group settings ClearSCADA should use to create a new User account if it determines that the new User belongs to more than one User Group. The priority determines which User Pattern ClearSCADA uses for defining the User account settings, and the security permissions it assigns to that new User.

      Enter the required value in the range 0 to 255 inclusive, with 255 being the highest priority.

      We recommend that you configure the priorities to avoid ambiguity, by assigning a different priority to every User Group that is associated with a Windows Domain Group or LDAP User Group. If ClearSCADA finds that the User belongs to more than one User Group with the same priority, it will determine which User Group settings it should use for creating that new User account.
      

   The Link to Windows/LDAP Group section of fields is only available on User Group Forms when the External Authentication feature is enabled on the server (see Using External Authentication with ClearSCADA).

4. Save the configuration.