Set Up Users

The process of setting up users identifies the users to the system and defines user-related information that the system requires. This process consists of:

Users can be set up either manually or automatically using LDAP for user synchronization. Before proceeding, determine if you are defining users one by one through User Maintenance, or synchronizing user accounts using LDAP. If you are defining users one by one, continue with Types of Users. If you are synchronizing user accounts using LDAP, continue with User Synchronization.

User synchronization is the process of synchronizing the user accounts of the multiple QAD applications with Directory Services, such as Active Directory or Open LDAP.

With user synchronization, QAD Enterprise Edition user accounts can be synchronized with a corporate LDAP directory (Active Directory). The configuration for user synchronization includes the use of a DSML (Directory Services Markup Language) gateway for LDAP communication between QAD Enterprise Edition and a corporate LDAP directory.

User and group synchronization allows you to simplify and securely manage information about users on multiple applications. Typically users are centrally managed on an identity management system, and access to applications is enabled through an application management portal. Centralizing the management of user information enables organizations to support the creation, management, and deactivation of users across multiple systems.

The user information in the Directory must be expanded to include information about which QAD applications a user is allowed to access. Each QAD application must have a unique identifier and the roles must correspond to the roles defined in the applications.

See Authentication for details on setting up LDAP and Verify LDAP Instance Definition for DSML Gateway Using User Sync for details on user synchronization.

Once users are synchronized, continue setting up users with Specify Access to Domains and Entities.

One of the fields that you specify when you create a user indicates the user type. Most users represent your company employees who perform day-to-day functions such as receiving purchased inventory, replenishing work centers, and filling sales orders.

However, the system also requires a number of users for performing background tasks that require system sign in. These users do not represent real individuals, and are typically given a user type of API (application program interface). Generally, this type of user should be associated with a role that grants full access to all domains, entities, and resources so that the required background tasks can be performed.

• All of the daemon processes require a valid user ID and password for signing into the system. Typically you should create one user with access to all domains, entities, and resources and specify the same user for all the daemons. This makes administration simpler.

• System Maintain (36.24.3.2) requires a user ID and password for system startup activities that are initiated from the operating system or from a shortcut. This ID is used to establish that a valid user session can be created.

• A user role is defined during installation for QAD .NET UI administrative functions, that again needs access to all system resources.

• If you are using other components of QAD Enterprise Applications such as QAD Customer Self Service or QAD QXtend Inbound or Outbound, you need to configure a special user for interaction between the components.