From wiki.ginstr.com
Jump to: navigation, search
m
Line 157: Line 157:
 
:Opens page with contact form that enables you to contact ginstr support via e-mail
 
:Opens page with contact form that enables you to contact ginstr support via e-mail
  
:In this form all fields are required to be filled.
+
:In this form all fields must be filled before clicking the <div style="display:inline-block;width:120px;height:auto;text-align:center;padding:0px 4px;vertical-align:middle;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;background-color:#66d9ff"><span style="color:#404040;font-size:88%;font-weight:bold">send</span></div> button.
  
 
====questions and answers (FAQ)====
 
====questions and answers (FAQ)====
Line 190: Line 190:
  
 
:Click on this menu item to log out of ginstr SSO and return to the SSO log in screen
 
:Click on this menu item to log out of ginstr SSO and return to the SSO log in screen
 
  
 
==My account page==
 
==My account page==
[[File:my_account.png|thumb|500px|my account page]]
 
 
This page contains multiple sections:
 
This page contains multiple sections:
 
*[[#my_account|my account]]
 
*[[#my_account|my account]]
Line 200: Line 198:
 
*[[#subaccounts|subaccounts]]
 
*[[#subaccounts|subaccounts]]
 
*[[#roles|roles]]
 
*[[#roles|roles]]
 
+
[[File:my_account.png|thumb|500px|my account page]]
 
===my account===
 
===my account===
  
Line 244: Line 242:
  
 
:<span id="hide/show content">'''hide/show content'''</span>
 
:<span id="hide/show content">'''hide/show content'''</span>
[[File:hideshow_section.png|thumb|500px|hide/show content section]]
+
[[File:hideshow_section.png|thumb|700px|hide/show content section]]
 
:This section consists of a list of application tables with option to change permissions on each table and a section where you can assign or unassign records that exist in table.
 
:This section consists of a list of application tables with option to change permissions on each table and a section where you can assign or unassign records that exist in table.
  
Line 251: Line 249:
 
::;list of ginstr applications: Here you will be shown a list of names of all ginstr applications which are enabled for your account.
 
::;list of ginstr applications: Here you will be shown a list of names of all ginstr applications which are enabled for your account.
  
::;list of tables of selected ginstr application: When you click on one or more application name in the ''''list of ginstr applications'''', then all tables of the selected application(s) are displayed in the ''''list of tables of selected ginstr application''''.
+
::;list of tables of selected ginstr application: When you click on one or more application names in the ''''list of ginstr applications'''', then all tables of the selected application(s) are displayed in the ''''list of tables of selected ginstr application''''.
 
:::For each table there are four permissions displayed: <code>create</code>, <code>read</code>, <code>update</code> and <code>delete</code> (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
 
:::For each table there are four permissions displayed: <code>create</code>, <code>read</code>, <code>update</code> and <code>delete</code> (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
 
:::There is also the option to select a table and then click on ''''<u>activate all</u>'''' link above the the list of tables and activate all permissions on the selected table.
 
:::There is also the option to select a table and then click on ''''<u>activate all</u>'''' link above the the list of tables and activate all permissions on the selected table.
Line 274: Line 272:
  
 
===subaccounts===
 
===subaccounts===
[[File:subaccount_section.png|thumb|500px|subaccounts section]]
+
[[File:subaccount_section.png|thumb|700px|subaccounts section]]
 
In this section a main account user can create subaccounts. The amount of subaccounts which can be created by the main account user is defined based on your [https://shop.ginstr.com/produkt-kategorie/subscriptions/ ginstr subscription].
 
In this section a main account user can create subaccounts. The amount of subaccounts which can be created by the main account user is defined based on your [https://shop.ginstr.com/produkt-kategorie/subscriptions/ ginstr subscription].
  
Line 299: Line 297:
  
 
:;list of tables for selected applications:This part is as described in [[#hide/show_content|hide/show content section]].
 
:;list of tables for selected applications:This part is as described in [[#hide/show_content|hide/show content section]].
::When you click on some application name in the ''''list of ginstr applications'''' then all tables of selected application are displayed in the ''''list of tables of selected ginstr application''''.
+
::When you click on an application name in the ''''list of ginstr applications'''' then all tables of selected application are displayed in the ''''list of tables of selected ginstr application''''.
 
::For each table there are four permissions displayed: <code>create</code>, <code>read</code>, <code>update</code> and <code>delete</code> (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
 
::For each table there are four permissions displayed: <code>create</code>, <code>read</code>, <code>update</code> and <code>delete</code> (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
 
::There is also the option to select a table and then click on ''''<u>activate all</u>'''' link above the the list of tables and activate all permissions on the selected table.
 
::There is also the option to select a table and then click on ''''<u>activate all</u>'''' link above the the list of tables and activate all permissions on the selected table.
Line 317: Line 315:
  
 
===roles===
 
===roles===
[[File:roles_section.png|thumb|500px|roles section]]
+
[[File:roles_section.png|thumb|700px|roles section]]
 
In this section you can define different roles that can be assigned for each subaccount. Roles are templates of permissions and records assignments for apps and if a role is assigned to some subaccount then tables permissions and records assignments defined in that role will be applied on that subaccount for any app enabled for that subaccount in the [[#subaccounts|'''subaccounts''' section]].
 
In this section you can define different roles that can be assigned for each subaccount. Roles are templates of permissions and records assignments for apps and if a role is assigned to some subaccount then tables permissions and records assignments defined in that role will be applied on that subaccount for any app enabled for that subaccount in the [[#subaccounts|'''subaccounts''' section]].
  
Line 325: Line 323:
  
 
:;interface to add new role and list of existing roles: When you click on the ''''add role'''' button, the interface for adding a new role opens with ''''enter role name'''' and ''''enter description'''' fields. Once you fill these fields and click on the <div style="display:inline-block;width:60px;height:auto;text-align:center;padding:0px 4px;vertical-align:middle;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;background-color:#33CCFF"><span style="color:white;font-size:88%;font-weight:bold">add</span></div> button, the new role is created and displayed in the list of existing roles.
 
:;interface to add new role and list of existing roles: When you click on the ''''add role'''' button, the interface for adding a new role opens with ''''enter role name'''' and ''''enter description'''' fields. Once you fill these fields and click on the <div style="display:inline-block;width:60px;height:auto;text-align:center;padding:0px 4px;vertical-align:middle;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;background-color:#33CCFF"><span style="color:white;font-size:88%;font-weight:bold">add</span></div> button, the new role is created and displayed in the list of existing roles.
::Existing role has an option to ''''show settings'''' which, when clicked enables you to edit the name and description of a role,a ''''delete'''' button, which when clicked enables you to delete existing row and there are names displayed and total number of subaccounts assigned to that role.
+
::Existing role has an option to ''''show settings'''' which, when clicked enables you to edit the name and description of a role, a ''''delete'''' button, which when clicked enables you to delete existing row and there are names displayed and total number of subaccounts assigned to that role.
  
 
:;list of applications enabled for main account: When you click on existing role then on right side appears list of all applications enabled for main account
 
:;list of applications enabled for main account: When you click on existing role then on right side appears list of all applications enabled for main account

Revision as of 17:11, 4 November 2016

SSO Common Content

Introduction and general points

Single Sign-On (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system.

This means that a single page is used to log in to multiple applications which are enabled/disabled for each user account, depending on which software modules have been ordered from ginstr.

This multiple log in is ensured with common ticket which is added as post-fix in browser address of each application (e.g. https://my.ginstr.com/?ticket=*number_generated_by_SSO_server*)

Each application opens in a separate browser tab so that the SSO server tab remains open and user can easily operate in both the SSO server tab and in each application tab simultaneously.

ginstr SSO server is located at https://sso.ginstr.com/

SSO login screen at https://sso.ginstr.com/
Legend
1
e-mail field
2
password field
3
sign up! link
4
forgot password? link
5
log in button
6
questions and answers (FAQ) link
7
facebook sign up button
8
Google sign up button
9
ginstr Support Chat
10
Language selection drop down
11
ginstr logo (linked to http://ginstr.com/)
12
Info about current version of ginstr SSO server



e-mail field

If you used an e-mail address to sign up, enter this e-mail address in the e-mail field. Before you can log in, you must confirm your registration by clicking on the link in the e-mail that you received after signing up (see activation for more details.

password field

This field is for the password chosen during sign up associated with your ginstr iD email address entered above. If you have forgotten your password you can use the "forgot password?" button to assign a new password.
registration form to create new ginstr iD account

Signing up for new SSO account

To register a new account on ginstr SSO, click on the 'sign up!' link positioned above the e-mail field to display the form for registering a new ginstr iD (ginstr account).
The registration form consists of the following fields:
  • e-mail (required field)
  • password (required field)
  • re-enter password (required field)
  • first name (required field)
  • last name (required field)
  • mobile number (optional)
  • company (optional)
  • language (drop down)
NOTE:
Your ginstr account will be created in the language selected in the language drop down. Currently, not all listed languages are supported. If you select an unsupported language then content will be displayed in English.
The registration form also contains links to frequently asked questions and the ginstr Privacy Policy.
appearance of ginstr iD activation e-mail
After filling all required fields and clicking the
register
button, you will be taken to a page informing you that your account is now registered and that a confirmation e-mail has been sent to the e-mail account used for registration.
Activation
An activation e-mail will be sent from address notifications@ginstr.com with the subject 'ginstr iD activation'. This e-mail contains a link "Activate your ginstr iD" which must be clicked to activate your account. Upon successful activation, you will be taken to a page confirming that your ginstr iD is activated and you can now log in with the newly created ginstr iD & password at https://sso.ginstr.com/.
NOTE:
In case you do do not receive the activation e-mail shortly after completing the registration form, please check your junk/spam folder

login button

After entering your ginstr iD email address & password, press the
log in
button to proceed to the SSO lobby.
questions and answers (FAQ) page

FAQ

Below the password field on the right side there is a "questions and answers (FAQ)" link which, when clicked, opens a page with frequently asked questions regarding the registration process and other content relevant to starting work with the ginstr SSO platform.

Signing up with Facebook or Google account

If you already have a Facebook or Google account then the two buttons below the
log in
button allows you to log in to ginstr SSO with your existing Facebook or Google credentials.
If you are already logged in to Facebook or Google, you will be asked to grant access to ginstr.
If you are not already logged in to Facebook or Google, you will be asked for authorization.

forgot password

If you have forgotten your password you can use the "forgot password?" link to assign a new password. This link is located on right side of log in form under password field.
On the password reset screen, enter the e-mail address used for registration and click on the 'reset password' button and an e-mail with instructions will be sent to that e-mail address.
Language selection drop down

ginstr Support Chat

If you have a question which is not answered in the FAQ page or in this manual, clicking the 'Chat now' button on the right side of log in screen opens a chat window where you can chat directly with ginstr customer support.

Language selection

In bottom right corner of SSO log in screen there is drop down selection which allows you to select the language in which SSO content will be displayed.
NOTE:
Currently, not all listed languages are supported. If an unsupported language is selected then content will be displayed in English.

SSO lobby

Once logged in to ginstr SSO, the default set of applications icons will be displayed in the SSO lobby.

default applications icons in the SSO lobby

These default applications are:

ginstr home page
opens https://www.ginstr.com/
ginstr web
opens ginstr web client which contains tables where the master data for ginstr applications is defined and where data sent from ginstr applications is stored
OpenCellID
opens OpenCellID application

Upon clicking on the ginstr web icon for the first time, you will be asked to accept the 'Conditions of Use for ginstr Applications'. After accepting these conditions of use, they will not appear again on launching of ginstr web application.

NOTE:
Even though your account is now activated, you will not be able to use ginstr web without first purchasing some ginstr subscription from the ginstr shop error (1017) ginstr is disabled
User name at top right-hand corner of the lobby

SSO lobby menu

contact form appearance
configure private applications page

Your user name is displayed at the top right corner of the SSO lobby screen when logged in. When you hover the mouse over this user name, a drop down menu opens.

Items in this menu are:

contact form

Opens page with contact form that enables you to contact ginstr support via e-mail
In this form all fields must be filled before clicking the
send
button.

questions and answers (FAQ)

Opens the frequently asked questions page

configure private applications

Displays private applications created by user.
Private applications are only visible to their owner.
Here you can view information on each private application and have the option to permanently remove each private application from the server.

my account

Opens the my account page containing settings related to your user account. See here for more information.
conditions of use for ginstr applications

conditions of use

When you hover your mouse over this menu item, a sub-menu appears.
Clicking on the 'ginstr web' sub-menu item displays the 'Conditions of Use for ginstr Applications' which you agreed to upon launching the ginstr web application from SSO lobby for the first time.

imprint

Click on this menu item to open the imprint page on the ginstr web site

privacy policy

Click on this menu item to open the privacy protection page on the ginstr web site

log out

Click on this menu item to log out of ginstr SSO and return to the SSO log in screen

My account page

This page contains multiple sections:

my account page

my account

This section contains two sub-sections: general and hide/show content

general
This section displays all details related to your user account, some of which are editable.
The general section consists of the following items:
account
Your ginstr iD user name is displayed here. This item is not editable
role
The SSO role of your account is displayed here. This item is not editable
account status
The status of your account (active, suspended, deleted) is displayed here. This item is not editable
language
Allows you to select the language in which SSO content will be displayed. Currently supported languages are English, German, Spanish, French, Hebrew and Arabic.
After selecting your preferred display language in the drop down, click the
apply
button at the end of the general section to apply the language change.
e-mail
In this field you can enter your personal or company e-mail.
password and re-enter password
These two fields are used to change the current password.
In order to change your password, you must enter the same new password in both password and re-enter password fields before clicking on the
apply
button at the end of the general section.
The new password must contain at least one number, one uppercase letter and not less than 8 characters.
NFC
In this field you can enter an NFC tag id, allowing you to log in to ginstr apps by scanning this NFC tag on Android devices with built-in NFC technology.
first name and last name
In these fields you can modify first and last name which were entered on account creation.
mobile number
In this field you can enter your personal or company mobile number.
company (optional)
In this field you can enter the name of your company.
disable chat support
This checkbox disables support chat so that the chat window will no longer be displayed in either SSO or ginstr web.
delete all data of all tables in this account older than (days)
In this field you can define how long the data in all tables of all applications enabled for your account will be kept.
Default value is 0 which means that data will be kept in tables forever.
Value must be positive number up to a maximum of 999 days.
After entering the desired value, click the
apply
button at the end of the general section to apply the change.
maximum number of rows that can be displayed in each table
Here you can define how many rows can be displayed in each ginstr web table before 'filter by record creation date' appears in table. Once the defined number of records is reached in a table, the records in the table will be grouped based on record creation date. This number of records is defined on browser and server level.
hide/show content
hide/show content section
This section consists of a list of application tables with option to change permissions on each table and a section where you can assign or unassign records that exist in table.
The hide/show content section consists of the following items:
list of ginstr applications
Here you will be shown a list of names of all ginstr applications which are enabled for your account.
list of tables of selected ginstr application
When you click on one or more application names in the 'list of ginstr applications', then all tables of the selected application(s) are displayed in the 'list of tables of selected ginstr application'.
For each table there are four permissions displayed: create, read, update and delete (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
There is also the option to select a table and then click on 'activate all' link above the the list of tables and activate all permissions on the selected table.
  • If create permission is enabled on a table, this means that user will be able to create new records in that table
  • If read permission is enabled on a table, this means that user will be able to see that table in ginstr web
  • If update permission is enabled on a table, this means that user will be able to modify existing records in table
  • If delete permission is enabled on a table, this means that user will be able to delete records from that table in ginstr web
list of records in selected table
When you select some table in the 'list of tables of selected ginstr application', then a 'list of records in selected table' appears with the option to assign/unassign existing records in table.
When records are added to a table they are assigned by default and they are listed in form of record id's in the ASSIGNED list.
If you click on some id in the ASSIGNED list then that id moves to the NOT ASSIGNED list on the left side.
When you click on the
apply
button above the ASSIGNED list, changes will be saved and the record which is moved to the NOT ASSIGNED list will not be displayed in the selected table in ginstr web.
interface for defining how much days to keep records in tables on application and table level
Above the 'list of tables of selected ginstr application' and 'list of records in selected table' there are fields where you can define how long data in all app tables or in single app table will be kept.
This feature exists on 3 levels
  1. all applications level (which exists in the general section and is described here)
  2. single application level - this field exists above the 'list of tables of selected ginstr application' and when some number of days is defined there, data in all tables of that app will be kept for the defined number of days before being deleted.
  3. single table level - this field exists above the 'list of records in selected table' and when some number of days is defined there, data in that particular table will be kept for the defined number of days before being deleted.
General rule: If an amount of days is defined on level 1, then this amount of days will be applied on levels 2 and 3 for all apps. If an amount of days is defined on level 2 for some app, then this amount of days will be applied on level 3 for all tables of that app and for all other apps (and the tables therein) the amount of days defined on level 1 will still apply. If an amount of days is defined on level 3 for some table then this amount will be applied for that table only and all other tables of that application will have amount of days defined on level 2 of that application.

subaccounts

subaccounts section

In this section a main account user can create subaccounts. The amount of subaccounts which can be created by the main account user is defined based on your ginstr subscription.

The main account is also called the 'company' account which means that, for example if a company has 10 workers which will be using application they will need to create 10 subaccounts on their main ('company') account, one for each worker that needs to log in to the application.

The main account is used as an administrator for subaccounts created by that main account and can choose which applications each subaccount can use and which permission the subaccount will have for each table. The main account user can also delete subaccounts they have previously created.

The subaccounts section consists of the following items:

interface to add new subaccount and list of existing subaccount
When you click on "add subaccount" button on top of this section, an interface will open where used can enter required data to create new subaccount.
  • In 'e-mail' field you should define the e-mail address which will be used as username of new subaccount.
  • In 'password' field you should define the password which will be used by new subaccount for logging in. Under this field there is a checkbox labelled "show password" which, when checked will display the password in plain text.
  • In 'NFC' field you can define the NFC tag id which can be used by that new subaccount to log in to ginstr launcher and ginstr apps.
  • In 'role' drop down you can select some of the roles which can be created by user. More information on roles can be found here.
  • In 'applications' drop down you can select which applications will be enabled for subaccount
  • In 'access status' drop down you can select between active and suspended status. You can create an unlimited number of subaccounts with suspended status but the number of subaccounts with active status is dependant on your ginstr subscription. Only active subaccounts will be possible to use ginstr web and ginstr apps.
  • In 'idle timeout (hh:mm)' field you can define amount of time after which if inactive subaccount will be logged out. Value should be set in range 00:20-24:00
  • Thecreating subaccounts allowed checkbox, if checked, allows subaccount to create its own subaccounts (This option is not yet supported)
  • 'user can use ginstr apps' and 'user can use ginstr backend' checkboxes allow the main account to define whether or not each subaccount will be able to use ginstr web and/or ginstr apps.
Once all data is filled and the
add
button is clicked, the newly created subaccount appears in this section.
In the list of existing subaccounts, the main user has the option to 'show settings', which opens the interface to edit existing subaccount or delete existing subaccount by clicking the trash can icon.
list of applications enabled for selected subaccount
This section displays the names of all ginstr applications which are enabled for that subaccount
list of tables for selected applications
This part is as described in hide/show content section.
When you click on an application name in the 'list of ginstr applications' then all tables of selected application are displayed in the 'list of tables of selected ginstr application'.
For each table there are four permissions displayed: create, read, update and delete (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
There is also the option to select a table and then click on 'activate all' link above the the list of tables and activate all permissions on the selected table.
  • If create permission is enabled on a table, this means that user will be able to create new records in that table
  • If read permission is enabled on a table, this means that user will be able to see that table in ginstr web
  • If update permission is enabled on a table, this means that user will be able to modify existing records in table
  • If delete permission is enabled on a table, this means that user will be able to delete records from that table in ginstr web
The main difference is that in hide/show content section tables are created with enabled permissions and in subaccount section tables are created without permissions so that the main user can define permissions on tables for subaccount.
Both main account and subaccount are using the same tables of applications so there are not two set of tables but only different permissions on the same tables.
list of records in selected table
This part is same as described in hide/show content section.
When you select some table in the 'list of tables of selected ginstr application' then a 'list of records in selected table' appears with option to assign/unassign existing records in table.
When records are added to a table they are assigned by default and they are listed in form of record id's in the ASSIGNED list.
If you click on some id in the ASSIGNED list then that id moves to 'NOT ASSIGNED' list on left side.
When you click on the
apply
button above the ASSIGNED list, changes will be saved and the record which is moved to the 'NOT ASSIGNED' list will not be displayed in the selected table in ginstr web.
Since same tables are used for both main account and subaccount records created by main account and all existing subaccounts of that main account will be displayed in this section but it can be defined per each subaccount here which records will be displayed in table for that particular subaccount

roles

roles section

In this section you can define different roles that can be assigned for each subaccount. Roles are templates of permissions and records assignments for apps and if a role is assigned to some subaccount then tables permissions and records assignments defined in that role will be applied on that subaccount for any app enabled for that subaccount in the subaccounts section.

Once a role is created, it can be assigned to each subaccount (new or existing) in the interface for adding/editing subaccounts. In the subaccounts section, each subaccount can be assigned a role by clicking 'show settings', selecting the desired role in the roles drop down and clicking the
update
button to save changes. This role will be applied to the applications assigned to that subaccount in the 'applications' drop down.

The roles section consists of the following items:

interface to add new role and list of existing roles
When you click on the 'add role' button, the interface for adding a new role opens with 'enter role name' and 'enter description' fields. Once you fill these fields and click on the
add
button, the new role is created and displayed in the list of existing roles.
Existing role has an option to 'show settings' which, when clicked enables you to edit the name and description of a role, a 'delete' button, which when clicked enables you to delete existing row and there are names displayed and total number of subaccounts assigned to that role.
list of applications enabled for main account
When you click on existing role then on right side appears list of all applications enabled for main account
list of tables for selected applications
When you click on some of applications from the list of applications enabled for main account part then in the list of tables for selected applications appear all tables of that selected app. Tables are displayed without enabled permissions so that user can define permissions.
For each table there are four permissions displayed: create, read, update and delete (CRUD permissions). By clicking on the name of a permission, you can either enable or disable that permission for the selected table.
There is also the option to select a table and then click on 'activate all' link above the the list of tables and activate all permissions on the selected table.
  • If create permission is enabled on a table, this means that user will be able to create new records in that table
  • If read permission is enabled on a table, this means that user will be able to see that table in ginstr web
  • If update permission is enabled on a table, this means that user will be able to modify existing records in table
  • If delete permission is enabled on a table, this means that user will be able to delete records from that table in ginstr web
Permissions defined here will be applied on subaccount if that role is assigned to subaccount and it will override permissions defined directly on subaccount in subaccounts section
list of records in selected table
When records are added to a table they are assigned by default and they are listed in form of record id's in the ASSIGNED list.
If you click on some id in the ASSIGNED list then that id moves to the NOT ASSIGNED list on the left side.
When you click on the
apply
button above the ASSIGNED list, changes will be saved and the record which is moved to the NOT ASSIGNED list will not be displayed in the selected table in ginstr web.
Assignments of records defined here will be applied on subaccount if that role is assigned to subaccount and it will override assignments of records defined directly on subaccount in subaccounts section.