SSO Supervisor / Admin / Master Specific Content

General

In SSO server the following roles are defined, in ascending order of access rights:

USER
ADMIN
MASTER
SUPERVISOR

"Standard" users (i.e. registered via sign up form) have the role USER, which allows them to perform actions on themselves and their subaccounts only.

ADMIN, MASTER and SUPERVISOR are special user roles with increased permissions.

additional options in SUPERVISOR menu

action	`SUPERVISOR` role	`MASTER` role	`ADMIN` role	`USER` role
delete	can delete all users	can delete `ADMIN` & `USER` users only	can delete `USER` users only	cannot delete users
see	can see all users	can see `ADMIN` & `USER` users only	can see `USER` users only	can see himself and subusers only
modify	can modify all users	can modify `ADMIN` & `USER` users only	can modify `USER` users only	can modify himself and subusers only
add	can add all users	can add `ADMIN` & `USER` users only	can add `USER` users only	can modify himself and subusers only
update	can update all users	cannot update users	cannot update users	cannot update users

These roles are distinct from the roles defined here, which are user-created roles for permissions on tables of ginstr apps while SSO roles relate to permissions for SSO users.

When a user with SUPERVISOR permission logs in to SSO, the following additional options appear in the SSO lobby menu (accessed by hovering mouse over user name in top right corner of screen when logged in to SSO).

edit users
configure lobby
configure applications

When users with ADMIN or MASTER role log in to SSO, only the additional option 'edit users' appears in the SSO lobby menu.

edit users

'list of users' table

In this section are listed all SSO users with options to create new users, edit users, delete users and enable/disable ginstr for certain user.

This list of users is divided in multiple columns containing different info related to users. The table can be sorted by each of these columns by clicking on the sort icon located at the top right of each column heading.

DB num

this column contains id of user which is generated by SSO server automatically. Each id is a unique identifier for each user.

main account

this column is only filled if the user is a subaccount user, in which case it displays the main account of the subaccount user

account status

existing account statuses are:

ACTIVE
SUSPENDED (if for example user tried log in with incorrect password several times)
DELETED (if account is no longer in use it can be assigned DELETED status and will be completely removed after several days)
UNCONFIRMED (assigned to every new user until their account is activated by clicking on the activation link in e-mail sent after registration)

max subs: this column displays the maximum number of subaccounts which the selected user can create.; This number is defined by SUPERVISOR/ADMIN/MASTER when creating new user or editing existing user on the edit users page or by ginstr subscription purchased from the ginstr shop.

On the far right side of page there are several links which when clicked open new pages or make some status changes on user accounts:-

edit
remove
EULA decisions
enable ginstr/disable ginstr
reset ginstr

edit

This page is the same as the page for creating new user which is opened by clicking on the

new user

button at the bottom of the 'list of users' page.

user's general information

At the top left side there are fields with general information related to the selected user account.

e-mail: In this field you can enter a personal or company e-mail address for the selected user.
password and re-enter password: These two fields are used to change the current password for the selected user.
NFC: In this field you can enter an NFC tag id, allowing the selected user to log in to ginstr apps by scanning this NFC tag on Android devices with built-in NFC technology.
first name and last name: In these fields you can modify first and last name which were entered on account creation.
mobile number: In this field you can enter a personal or company mobile number for the selected user.
company (optional): In this field you can enter the name of the selected user's company.

attachments upload disable / enable and setting attachments limit section

At the bottom left side there is a section where a SUPERVISOR/ADMIN/MASTER can set restrictions on attachments uploaded by the selected user.

disable chat support: This checkbox disables support chat so that the chat window will no longer be displayed to the selected user in either SSO or ginstr web.
enable upload of videos: if checked, the selected user is permitted to upload video files to ginstr web.
max. size per video in MB: defines the maximum size permitted for each video file uploaded by selected user.
max. size all videos in MB: defines the maximum total size permitted for all video files uploaded by the selected user.
enable upload of pictures: if checked, the selected user is permitted to upload image files to ginstr web.
max. size per picture in MB: defines the maximum size permitted for each image file uploaded by the selected user.
max. size all pictures in MB: defines the maximum total size permitted for all image files uploaded by the selected user.
enable upload of voice notes: if checked, selected user is permitted to upload audio files to ginstr web.
max. size per voice note in MB: defines the maximum size permitted for each audio file uploaded by the selected user.
max. size all voice notes in MB: defines the maximum total size permitted for all audio files uploaded by the selected user.
enable upload of documents: if checked, the selected user is permitted to upload document files to ginstr web.
max. size per document in MB: defines the maximum size permitted for each document file uploaded by selected user.
max. total size of all documents in MB: defines the maximum total size permitted for all document files uploaded by the selected user.
max. size account in MB: defines the maximum total size permitted for all files uploaded by the selected user.

user settings

In the top right corner there is a section related to the selected user account settings.

comment about user: This field can be used to save some comment(s) related to the selected user account.
account status: This drop down menu can be used to change the status of account (ACTIVE/SUSPENDED/DELETED)
role: This drop down menu can be used to change the SSO role of the selected account (USER/ADMIN/MASTER/SUPERVISOR)
enforce password expiry policy?: If checked, the selected user will be forced to renew password after certain period of time
ignore password and username minimum requirements for this account?: If checked, the default password requirements (password must have one number, one uppercase letter, one lowercase letter and at least eight characters) will not be disregarded on next renewal or change of password by the selected user
language: This drop down menu can be used to change the language in which SSO content will be displayed for the selected user
number of booked subaccounts: In this field you can define the maximum number of subaccounts which the selected user can create.; This field is not displayed if editing a subaccount.; Once this amount is set here manually, it is no longer set by a user's ginstr subscription, and can only be changed by a user with SUPERVISOR/ADMIN/MASTER role (unless a reset is performed).
account was created by: This field, which is only shown if the selected user is a subaccount, displays the name of the main account which created the subaccount.

section for editing user's applications

dialog for defining maximum amount of rows in each table of the selected app

dialog for generating demo data of PLUS applications

In the bottom right corner there is a list of all existing applications where SUPERVISOR/ADMIN/MASTER can enable/disable each app for the selected user, remove tables and data of certain apps for that user, set maximum amount of rows that can be added in table of some app and generate demo data for PLUS applications.

On top of this section there are 3 links :-

activate all: enables all applications in the list below
deactivate all: disables all applications in the list below
remove all tables: removes all tables and data from the applications enabled in the list below

Below these links is a list of modules (which are displayed in SSO lobby) and ginstr apps (which are displayed in the hide/show content section of the my account page for every main user account).

Before each module and application name there is a checkbox which can be used to manually activate / deactivate each separate module and application.

After each ginstr application name, one or more of the following icons will be displayed :-

delete icon: The delete icon appears after every ginstr application name, and when clicked opens a 'delete' dialog window with a security question.; If a SUPERVISOR/ADMIN/MASTER chooses 'yes' in the security dialog then all tables and data of the selected app belonging to the selected user will be removed.
pencil icon: If tables of a ginstr app are already generated for the selected user, there will also be a pencil icon next to the application name.; Clicking on the pencil icon will open a dialog window to set the maximum amount of rows in each table of the selected app.; In this dialog window you can define the maximum amount of rows that can be added to each app table by user.; If the user attempts to add more rows than the maximum amount defined here, they will be shown an error message.; If no value is entered in a field, this means that an unlimited amount of rows can be added to table.; The limits applied here are saved when disabling an app for the selected user and are applied again if application is subsequently enabled for that user again.
arrow icon: For PLUS applications there is an additional arrow icon.; Clicking on the arrow icon opens a dialog window for applying the predefined demo data for the language selected in the drop down to the PLUS app on the selected user account.

remove

Clicking the remove button on the 'list of users' table sets the selected account status to DELETED.

After several days, the selected account and all of its data will be completely removed from the ginstr cloud.

EULA decisions

EULA decisions page

Clicking the EULA decisions button on the 'list of users' table opens a dialog box which contains a record of when the EULA (End User License Agreement) was accepted or declined by the selected user.

enable ginstr/disable ginstr

Disabling ginstr for a certain account means that the selected user will not be able to use the ginstr module at all.

Upon the expiry of a ginstr subscription, ginstr is automatically disabled for that account.

The enable ginstr/disable ginstr links in the 'list of users' table allows a SUPERVISOR/ADMIN/MASTER to manually enable/disable ginstr for some accounts.

In case ginstr is enabled/disabled manually then ginstr shop no longer has control over that account and all further actions in this regard on that account must be performed manually by a SUPERVISOR/ADMIN/MASTER (unless a reset is performed).

reset ginstr

Clicking on the reset ginstr link for some account returns control of the account to ginstr shop and all changes previously made manually by SUPERVISOR/ADMIN/MASTER are overridden.

configure lobby

configure lobby page

In this section a SUPERVISOR can configure modules which are displayed in SSO server lobby.

For each module, the following modifications can be made:

name of module that will be displayed in SSO lobby
link to module address
icon which will be displayed in SSO lobby for that module
whether module should be displayed for all users by default in SSO lobby

configure applications

configure application page

On this page a SUPERVISOR can edit existing ginstr applications or add a new ginstr application to server.

The 'configure applications' table contains the following columns :-

App ID
Display Name
owner of private application
Active By Default
App version
Minimum ginstr launcher version
App Icon
Uploaded by
Uploaded on date

new application page

new application page

When a SUPERVISOR clicks on the

new application

button, the 'new application' page is opened consisting of the following fields:-

type

This drop down contains two options - private or public

A private application is published only for a certain user and is visible only for that certain user and no one else.

A public application can be active by default or not active by default.

If a public app is active by default then it will be displayed for all existing and future accounts.
If a public app is not active by default it will be displayed only for those accounts where a SUPERVISOR enables that app.

owner of private application: If private is chosen from the type field, this drop down is used to select the username of user who will be able to use that application
Display Name: This field is used to enter the name of the new app which will be displayed in SSO and in ginstr web.
Active by Default: This checkbox is not editable for private applications because such applications are visible only to the user defined in the 'owner of private application' drop down.; For a public app, enabling this checkbox means that the new app will be displayed for all existing and future accounts.
App ID: This field is for the unique identifier of the new app and must be entered for both private and public apps. App ID must be in camel case and be the same as the name of the application zip file.

After all required fields are filled, click on the

Browse...

button to select the new application .zip file from your local PC.

Once the .zip file is selected, click on the

save

button to start the upload process. The upload progress is displayed in the bar below the

Browse...

button.

When the upload is complete, a success message (with green background) confirms that the app has been added to the server and is now displayed in the configure applications page.

If there was a problem during the upload then an error message (with red background) will be displayed with advice on further steps required.

edit application page

edit application page

When a SUPERVISOR clicks on an app name on the configure applications page, the 'edit application' page is opened. This page is similar to the 'new application' page with a few differences.

With the exception of the checkbox 'Active By Default', none of the fields on this page are editable - only an updated zip can be uploaded with same app id.

If the new application zip file has some changes in table structure then a simple upload of new app version will not be possible and errors will be displayed when the upload is completed. In this case, a SUPERVISOR must remove the existing app and then create new app with same ID and upload the new zip containing the new table structure.

At the bottom of the edit application page, there are 3 buttons that do not exist on the new application page:

usage statistic CSV file example

usage statistic: When a SUPERVISOR clicks on this button, a CSV file is exported containing information regarding which accounts are using the selected application and how many records those accounts have in tables of that app.
remove tables: When a SUPERVISOR clicks on this button, a dialog window will appear with a security question.; If 'yes' is chosen then all tables of the selected application will be deleted for all accounts where that app is enabled.; Removal of tables means that the app tables are temporary deleted and their data is permanently deleted. On next log in, an account which has that app enabled can generate tables again but new tables will be empty
remove ginstr app: When a SUPERVISOR clicks on this button, a dialog window will appear with security question.; If 'yes' is chosen then the selected application will be removed from SSO and ginstr web and also all tables and data will be removed for all accounts where the app is enabled.

Remote Commands

For troubleshooting/debugging purposes it is possible to execute certain commands on user devices remotely from ginstr web.

The Remote Commands feature can help to greatly reduce the length of time required to resolve ginstr launcher issues on specific user accounts or specific devices by remotely accessing system settings and automatically retrieving relevant information from devices without the direct involvement of the end user.

The LauncherPreparedCommands system table is used to prepare the remote commands for execution, and the results of executed commands are reported in the LauncherExecutedCommands system table.

for SUPERVISOR users, Remote Commands can be used on all devices belonging to all user accounts.
for Main Users, Remote Commands can be used only on devices previously connected with the Main User account.

`LauncherCommands`

The LauncherCommands system table provides a list of possible remote commands as detailed below.

Name	id	Description
enable system log	`enableSystemLog`	Enables system log on device
disable system log	`disableSystemLog`	Disables system log on device
get system log	`getSystemLog`	Retrieves system log files from specific device
delete system log	`deleteSystemLog`	Deletes system log files on device
enable kiosk mode	`enableKioskMode`	Enables kiosk mode for specific device (see here for more information)
disable kiosk mode	`disableKioskMode`	Disables kiosk mode for specific device
get database	`getDatabase`	Retrieves internal storage database from specific device
get device serial number	`getDeviceSerialNumber`	Retrieves device serial number from specific device
get launcher information	`getLauncherInfo`	Retrieves launcher version, list of all installed apps and their versions
get screenshot	`getScreenshot`	Initiates screenshot capture and retrieval from specific device
get settings	`getSettings`	Retrieves ginstr launcher settings from SharedPreferences for specific device
send SMS	`sendSMS`	Sends an SMS from device to specified phone number (see here for more information)
Update launcher to latest version	`forceLauncherUpdate`	Checks if installed ginstr launcher version is equal to launcher version specified and if not, blocks all replication threads and ginstr app execution and opens Google Play Store on device to update to latest version (see here for more information)

`LauncherPreparedCommands`

The LauncherPreparedCommands system table is used to prepare the remote commands for execution and consists of the following columns :-

commandDescription
companyName
userName
deviceSerialNumber
command
commandParams
network
eventType
validFrom
validUntil
active

commandDescription

The column commandDescription is required to define a unique description for each command to be executed.

companyName

The column companyName is required to define which user accounts are targeted by the remote command. Each main user account has a unique, 6 digit identifier number which is displayed in brackets next to their user name in ginstr web general settings (displayed to user logged in to ginstr web upon clicking 'setup' in the drop down menu at top right of screen).

This identifier number should be entered in to the companyName field in the format mainUser101010. The remote command would therefore be executed only on the account with identifier number 101010, and also on the subaccounts belonging to that main user account.

SUPERVISOR users also have the option to target all ginstr user accounts by entering all in to the companyName field.

Note: using the all option without filling either deviceSerialNumber and/or userName fields will execute the remote command for all users of the ginstr platform and should be used with caution in exceptional circumstances only

userName

The column userName is used optionally to target a specific user name belonging to the main user account defined in the companyName column.

The specified user name should be entered in to the userName field in the format user@email.com

deviceSerialNumber

The column deviceSerialNumber is used optionally to target a specific device only belonging to the main user account defined in the companyName column.

The specified device serial number should be entered in to the deviceSerialNumber field in the format 123456789123456

Note: the deviceSerialNumber field can be used in conjunction with the userName field to target a specific user on a specific device

command

The column command is required to select the desired remote command from a drop down menu.

The remote commands available are listed in the LauncherCommands system table.

commandParams

The column commandParams is required only for the following remote commands in order to specify necessary parameters.

Name	id	Description	commandParams	commandParams example
enable kiosk mode	`enableKioskMode`	Specifies password to be set for kiosk mode on device	kiosk mode password	`kioskPa55word`
send SMS	`sendSMS`	Specifies recipient phone number and message to be sent via SMS	`phonenumber\|message`	`+385916665519\|Hello world`
Update launcher to latest version	`forceLauncherUpdate`	Specifies ginstr launcher version required on device. If device has an earlier launcher version installed, Google Play Store will be opened on device and the user will be instructed to update to latest version	launcher version	`15072016`

network

The column network is required to define which network the specified device(s) should be connected to when the remote command is executed.

With WIFI selected, only devices connected to the internet via a WiFi connection will be targeted by the remote command (when active)
With 3G selected, only devices connected to the internet via a 3G network connection will be targeted by the remote command (when active)
With ALL selected, all devices connected to the internet via WiFi or 3G network connection will be targeted by the remote command (when active)

eventType

The column eventType is required to define when the remote command should be executed.

With APPSTART selected, the remote command will (when active) be executed when the user starts a ginstr app
With LOGIN selected, the remote command will (when active) be executed when the user logs in to a ginstr app or ginstr launcher
With IMMEDIATELY selected, the remote command will (when active) be executed immediately

validFrom

The column validFrom is used optionally to define a start date/time, after which the remote command is executed (when active).

validUntil

The column validUntil is used optionally to define an end date/time, after which the remote command is no longer executed.

active

The column active provides the option to toggle each remote command on/off with a double-click.

Care should be taken to ensure that all other fields have been set up correctly before setting a remote command to active status.

`LauncherExecutedCommands`

The LauncherExecutedCommands system table provides an overview of the result of each remote command executed.

The companyName column displays the companyName (user account id) targeted by each remote command executed.

The userName column displays the userName targeted by each remote command executed.

The deviceSerialNumber column displays the deviceSerialNumber targeted by each remote command executed.

The command column displays the commandDescription assigned to each remote command executed.

The timestamp column displays the date & time when each remote command was executed.

The attachment column contains a link to any files retrieved by an executed remote command. Retrieved files can be downloaded to local PC by clicking the filename (e.g. report.zip)

The result column displays whether each executed remote command was a SUCCESS or if it FAILED for some reason.

Contents