System Data - User Audit

Pgm: SDUSRAUDIT - User Audit

NOTE: Access to this screen is granted via a security role. Admins must be assigned security access to the Graph Services program in the Security Roles screen in CMiC Field (standard Treeview path: CMiC Field > Security > Role Maintenance).

The User Audit screen is used by admins to review all user email addresses to ensure they are valid and unique (within the tenant). This is also the screen where admins can invite their users as Guest Users in Azure by selecting the user and clicking on the [Send To Azure] button. Selected users will receive an invitation to use CMiC SSO.

To invite a user to SSO, their email must be unique. A duplicate email in the Enterprise system contact, PM project contact, or PM system contact will prevent the user from being invited when sending to Azure in the User Audit screen.

The Azure Timeout in Hours field displays every hour that users are prompted to re-authenticate their devices. For example, if the field is set to "24", then users will prompted to re-authenticate every 24 hours. The [Reset Timeout] button opens a pop-up window that allows users to set the timeout value for the entire tenant. After saving the new timeout setting, a new pop-up window will appear and update all users within the tenant with the new settings. This gives the user security that requires their users to re-authenticate after every idling period they have on their devices.

The Azure Timeout can be changed indefinitely, and if a user has had it set for a longer period of time when logging in (e.g. 8 hours) and another user changes it (e.g. 2 hours) when they log in, the original user will also have to re-authenticate on the second hour.

The key columns on the User Audit screen are described in more detail below.

Sent to Azure

This field will be set to Y when the invitation has been sent from Azure.

Azure Guest User

This field will be set to Y when the invitation has been accepted by the end user.

Valid

This field will be set to Y when the user email is unique within the tenant and is a valid email format.

Azure Login Id

This field shows the Azure login associated with users who have accepted the Azure SSO invite.

Edit Azure Login

Clicking the Edit icon () under the Edit Azure Login column opens a pop-up window that allows the user to edit and change the Azure Login ID from the Enterprise application on web. This assists the user to resend the SSO invite to the appropriate login ID if it was sent incorrectly. The pop-up window prompts the user to enter and confirm their new Azure Login ID. Clicking [Confirm] will permanently save the new Azure Login ID and closes the window.

NOTE: The user editing the Azure Login ID must have company access to the users listed within the User Audit screen, otherwise an error regarding privileges will occur.

LDAP Login Disabled – Checkbox

By default, users who have received an Azure SSO invite are no longer allowed to use the legacy login method. In the event that users need to switch back to legacy login, uncheck this box. The User Audit screen also has a [Sync User LDAP Logon Status] button, used to re-synchronize the status of the 'LDAP Login Disabled' checkbox with the login method that the user is supposed to be using.

NOTE: If the user has been using a browser to access CMiC using Azure SSO, please switch to another browser or use private/incognito mode. If that is not viable and the same browser needs to be used, browser cookies for cmiccloudr12.com will need to be cleared.

Accessing User Audit Screen

The User Audit screen will not be available in the standard Treeview menu as it is only used by administrators. The screen can be added in two ways, as shown below.

Method 1

Using Treeview Builder, add the User Audit screen to a custom menu by selecting "SD - User Audit" in the Target Name field's LOV.

Example of adding User Audit screen in Treeview Builder by selecting the target

Method 2

Instead of adding the screen to a custom Treeview menu, users that are logged in can access the User Audit screen by opening a new browser tab and pasting the URL that directly accesses the screen .

The URLs for ATLAS and NOVA are as follows:

• ATLAS PROD

  https://atlas.cmiccloud.com/cmicprod/UIRuntime/faces/toDisplay.jspx?page_id=258826530

• NOVA PROD

  https://nova.cmiccloud.com/cmicprod/UIRuntime/faces/toDisplay.jspx?page_id=10642539

Launching Treeview Builder

The URLs to access Treeview Builder for CMiC SSO ATLAS and NOVA are as follows:

• ATLAS PROD

  https://atlas-az.cmiccloud.com/cmicprod/UITreeViewBuilder/faces/display.jspx

• NOVA PROD

  https://nova-az.cmiccloud.com/cmicprod/UITreeViewBuilder/faces/display.jspx