System Data - User Admin Central

User Admin Central (UAC) is a centralized user management solution that gives you full control over onboarding, permissions, and seamless Azure integration all in one place.

With User Admin Central, you can create users manually on the User Maintenance screen or set up automatic provisioning through our CMiC Azure Sync program. Once your permission templates are in place, users are auto-created in CMiC as soon as they’re added to the Azure Sync Group. It’s that simple!

Requirements

  1. System Setup: The necessary backend components have been included in Patch 20.

  2. AZR License: An AZR license is required to enable Azure Sync and Onboarding Error Logging. Please contact your account manager for assistance in activating these features.

    Notification message to acquire an AZR license

  3. Admin Privileges: Ensure Admins have UACACCESS and role-specific privileges, such as UACDELTMPT for template management and UACAZURE for Azure settings access.

    Sample of UAC system privileges on the User Maintenance screen

  4. API License: The System Data API License is required to run the sys-rest-api calls that the User Admin Central feature relies on. This license information appears in the API License Log (SDAPILICENSELOG) screen. For further details, please refer to System Data - API License Log.

    Screenshot of the API License Log

    Pgm: SDAPILICENSELOG - API License Log; standard Treeview path: API Management > Logs > API License Log

Adding UAC to the Treeview

  1. Launch the Treeview Builder and click the [Search] button to bring up a list of available Treeview menus.

    Sample of launching the Treeview Builder

  2. Select the required Treeview menu and click [OK].

    Sample of selecting a Treeview menu

  3. Right-click the System Data menu option and select "Add New" from the drop-down menu.

    Sample of adding a new menu item

  4. Enter the following values for the corresponding fields in the Item Properties section:

    • Label: User Admin Central

    • App Code: SD

    • Icon Type: Icon

    • Default Item State: Close

    • Target Type: External URL

    Sample of the Item Properties section in the Treeview Builder

  5. Click the [Create New Target] button to open the Create/Edit Target pop-up window, then enter the following details:

    • Name: UAC

    • Type: External URL

    • URL: https://[ENVIRONMENT]/construct-uac/ where [ENVIRONMENT] is replaced with the proper environment, e.g. https://qa.cmicpaas.com/cmicqadaily/construct-uac/.

    Click [Save] to save and close the pop-up window.

    Sample of the Create/Edit Target pop-up window

  6. Select "UAC" for the Target Name field, then click [Save].

    Sample of the Save button on the Treeview Builder

  7. Launch the environment and navigate under the System Data Treeview menu to access UAC.

    Sample of the new UAC menu option on the Treeview menu

Core Features of UAC

User Maintenance

The User Maintenance tab on User Admin Central

The User Maintenance tab contains a complete list of both internal and external users, including those synced directly from Azure. Admins have the flexibility to add new users here by clicking the [Add New User] button. From this screen, key user details, such as first name, last name, and email address, are all accessible.

For more detailed configuration, the [Advanced Settings] button provides a direct link to the User Maintenance screen in the System Data module.

Sample of the Advanced Settings button opening the User Maintenance screen in the System Data module

Plus, to streamline navigation, there’s a search field to quickly locate specific user records.

Sample of the search function on the User Maintenance tab

Permissions Template

The Permissions Template tab on User Admin Central

The Permissions Template tab brings efficiency to role-based access. Admins can create templates tailored to specific job titles. For example, a Product Manager template can be created with the right licenses, permissions, and securities. Whenever a user with the PM role is synced from Azure, they are automatically provisioned with everything defined in this template. These templates are flexible and can be updated as needed. Each user is linked to only one template, so if they switch roles, any permissions not included in the new template are automatically removed, keeping access secure and up to date.

Azure Integration

The Azure Integration tab on User Admin Central

The Azure Integration tab connects with Azure to sync users to CMiC based on tenant attributes like Tenant ID and App ID. The integration supports seamless updates, syncing at scheduled intervals (Frequency settings & Last Sync Time).

The sync isn’t enabled by default. It needs to be managed on a single WebLogic server in your farm, which DBAs handle. Lastly, the Attribute Mapping field is used for SSO configuration, ensuring that Azure AD’s OID is mapped as the unique identifier to match users in CMiC, preventing duplicate entries and maintaining consistent user profiles.

User Creation and Sync Process

In the sync workflow, users are created in Azure, then added to Sync Groups, and synced into CMiC through scheduled pulls. CMiC generates the necessary OID for seamless sign-in and syncs user attributes based on mapped fields.

Onboarding Error Log

The Onboarding Error Log on User Admin Central

The Onboarding Error Log on User Admin Central

With Azure Integration in place, the Onboarding Error Log tab becomes a helpful tool for troubleshooting. If the AZR license isn’t available, this screen will be inactive. When the AZR license is in place this log captures sync errors, allowing Admins to correct records in Azure or directly in UAC. If errors persist, they remain visible for further troubleshooting.

Email Templates

The Email Template tab on User Admin Central

Once a new user is successfully set up in CMiC, the next step is making sure they get the right welcome and onboarding information. Email templates provide a customizable experience for new users, ensuring clear, consistent onboarding messages. Admins can preview messages for accuracy and professional tone.

User Creation and Error Handling Process

  1. User Creation with Mandatory Fields: If all mandatory fields (first name, last name, job title, and email) are provided, the user is successfully created and a welcome email is sent to the user.

  2. Error Logging for Missing Fields: If any mandatory field is missing, the failed record is logged in the Onboarding Error Log.

  3. System Admin Intervention: The admin can correct the errors in Azure and retry the function from the error log or correct the record on the Onboarding Error Log.

  4. Successful Update: If the update is successful, the user is created and the record is cleared from the log.

  5. Persistent Errors: If the error persists, the record remains in the log and displays the new error message.