Defining user properties (General tab)

The user's email address. This address is used to send user notifications, such as for process management.

This information can be referenced by using the function GetUserInfo.

The user's license type. By default, users are Standard users unless a different user type is selected. Standard users have the potential to access any feature or file in Axiom Capital Planning, limited by their security permissions.

In addition to standard users, the following user types are available:

• Axiom Support users are intended to allow Axiom Capital Planning support representatives to log into your system as part of requested support activities. Any user accounts assigned to this license type must acknowledge that they are Axiom representatives when they log into the system.

  Once a user has been assigned an Axiom Support license, that license can only be removed by another Axiom Support user. Support users must use either Axiom Prompt authentication or Internal AD authentication (Axiom Cloud systems only).

  NOTE: The Axiom Support license type is primarily intended for use in on-premise systems. For Axiom Cloud systems, active Axiom support representatives can access your system to troubleshoot reported issues without requiring a support user to be created in the system.

• Consultant users are intended to allow Axiom Capital Planning consultants to log into your system as part of contracted consulting engagements. Any user accounts assigned to this license type must acknowledge that they are Axiom representatives when they log into the system.

  Only Axiom support users can create a consultant user. Consultant users must use Internal AD authentication for Axiom Cloud systems, and Axiom Prompt authentication for on-premise systems.

• Viewer users allow for view-only access to Axiom Capital Planning. Viewer users can access files as read-only, but they cannot save files or data, and they cannot otherwise perform "change actions" on the files (such as submitting a plan file for process management). Viewer users also cannot perform any administration functions.

  Security permissions for viewer users can be set as normal, but any settings above read-only access to files will be ignored. The Effective Permissions will note that the user is being limited due to the Viewer license. However, if you switch the user to a Standard license, the settings will be honored.

The number of users that can be created and assigned to each license type depends on your Axiom Capital Planning license.

The method used to authenticate the user for access to Axiom Capital Planning. By default, new users will be assigned to your installation's configured authentication mode; however, this can be changed on a per user basis as needed.

• Axiom Prompt: Select this option if you want the user to be authenticated by using their Axiom Capital Planning user name and password. You would use this option if your installation is not configured to enable an external authentication method, or if you are using an external authentication method but you want to create a user who can log in directly.

• Windows User: Select this option if you want the user to be authenticated based on their Windows credentials. This option is only valid if your installation is configured to enable Windows Authentication. For more information, see Using Windows Authentication.

• LDAP Prompt: Select this option if you want the user to be authenticated via your LDAP directory. This option is only valid if your installation is configured to enable LDAP Authentication. For more information, see Using LDAP Authentication.

• OpenID: Select this option if you want the user to be authenticated using an OpenID provider. This option is only valid if your installation is configured to enable OpenID Authentication. For more information, see Using OpenID Authentication.

• SAML: Select this option if you want the user to be authenticated using a SAML identity provider. This option is only valid if your installation is configured to enable SAML Authentication. For more information, see Using SAML Authentication.

• Internal AD: This option can only be used with Consultant and Support license types, and only for Axiom Cloud systems. It allows the consultant or support user to be authenticated using Syntellis' internal Active Directory. The login name must match the email address for the user within Active Directory. For example, if the user's email address is jdoe@syntellis.com, then the user's Axiom login name must be jdoe@syntellis.com.

  In order to log in using Internal AD authentication, the user must go to the following page for the system: https://ClientName.axiom.cloud/internal.

An additional option of Unspecified exists to support backwards-compatibility for systems upgraded from older versions. Upgraded users may be assigned to it, but it cannot be selected otherwise. If you have users assigned to this option, we recommend changing their assignment to the appropriate authentication type.

The user's login name.

If the user's authentication type is anything other than Axiom Prompt, then the user's login name must match the user's login name for the designated authentication source (for example, it must match the user's Windows login name when using Windows Authentication). See the information on the appropriate authentication type for login name requirements.

For Windows Authentication only, you can validate that the login name matches a user name in one of the allowed domains by clicking the Validate icon to the right of the box. A message box will let you know whether the name was found or not. This feature is only available if Windows Authentication is enabled and at least one valid domain name has been specified as an allowed domain.

This information can be referenced by using the function GetUserInfo.

The user's Axiom Capital Planning password. Click the ... button to the right of the box to set or change the user's password. All users must have a non-blank password.

Users can change their own password later from within the application. See Changing your Axiom Capital Planning password.

NOTES:  

• By default, Axiom Capital Planning enforces a basic set password rules. If desired, you can disable these rules and allow any password. See Enabling password rules.

• The Password setting only displays for Axiom Prompt users. For all other authentication types, a randomly generated password will be created for the user and cannot be changed. Users cannot log in with this randomly generated password; they can only log in using their specified authentication type.

If you are an administrator and you need to log into Axiom Capital Planning as another user in order to test that user's security settings, you do not need to know that user's password. For more information, see Testing user security.

Specifies whether the user can access Axiom Capital Planning. If this check box is not selected, the user cannot log into any Axiom Capital Planning system.

NOTE: System administrators cannot disable other system administrators. The Administrator permission must be removed before the user can be disabled.

If a user has become locked out of the system due to exceeding the configured number of failed login attempts, then the system will automatically select this check box. You can clear the lockout by clearing this check box.

This setting only displays if you have manually configured a lockout threshold. For more information, please contact Axiom Support.

If an administrator becomes locked out, and no other administrator accounts are available to clear the lockout, the Axiom Software Manager can be used to reset the administrator's password and clear the lockout.

Specifies whether the user has administrator-level permissions. If this check box is selected, then the user has access to all features and data in the current system. For more information, see Granting administrator-level permissions.

NOTE: This check box only displays to users who have the Administrator permission. In other words, a user cannot make themselves an administrator, they have to be granted the right by a user who is already an administrator.