User Interface

• 1: LDAP Attribute Mapping Configuration
• 2: Business Units & Projects
• 3: Groups Management
• 4: Roles Management
• 5: Users Management
• 6: IQ & CDM Users map
• 7: Settings

1 - LDAP Attribute Mapping Configuration

The LDAP Attribute Mapping page allows you to configure how user’s attributes from an external LDAP connection will be translated to the CDM-Server’s internal representation. In the first section you will be able to set a group dn, which will determine the users available in the system. Afterwards you can configure the individual mapping between attributes in the next section. Finally you will be able to save, review and finalize the configuration.

Key Features Overview

• Two distinguished configuration sections for more oversight
• Easy mapping possibility with validation

Procedure

Introduction

The first time you login (and after that as long as you have not finalized the mapping) to a freshly configured instance with an LDAP ID-Provider as the admin user, you will be automatically redirected to the LDAP Attribute Mapping Configuration page.

Group DN

The next action should be to configure the group dn. Therefore navigate to the text field and enter a previously copied (to prevent typing errors) group dn into this field. Next you should validate it by clicking on the validate button.

The following results are possible:

• The group dn is valid: Everything is fine and you can procede to the next bottom section.
• The group dn is not valid: Please check the group dn for errors and validate again.

Attribute Mapping

The goal of this section is to configure a mapping between CDM and LDAP attributes, so that the CDM-Server will have a proper translation between those.

It contains a table with two columns, the CDM attributes on the left side and the LDAP attributes on the right.

On the left upper side next to the table, you can choose the type of your LDAP installation (Unix or Microsoft) depending on the type of OS on the LDAP host machine, which is used to apply a preconfigured mapping. If you do not wish for this automatism, you can choose Manual instead.

For each attribute on the left you have the following options to procede on the right:

• Enter the name of an LDAP attribute: After typing in the name of an LDAP attribute you wish to map, please validate it directly afterwards. If it is valid, you will find additional information by clicking on the information icon to the right of the text field. If it is not valid, please adjust the entered name and validate again.

• Enter nothing: If you enter nothing, the attribute will not be mapped.

All attributes except those marked with a star (*) are optional, you can finish the mapping without those.

After you have finished the mapping, you have the possibility to save the mapping and finalize the configuration. To do so, you may click on Finalize, which will present you a side by side comparison of your chosen mapping. Please review it carefully, because it can not be changed after you finalize the configuration.

If you wish to modify the mapping again, before you have finalized the configuration, you are free to do so. Please note, as long as you do not finalize the configuration, no user except the admin will be able to login.

2 - Business Units & Projects

The Business Units & Projects Management section allows you to organize and manage your Business Units structure and Projects. This section provides hierarchical representation of the relationships between business units and projects, and allows for easy navigation and updates.

Key Features Overview

• Hierarchical Structure: The business units and projects are displayed in a tree-like format, making it easy to visualize their relationships. Business units can contain other business units and projects, helping you clearly organize your company’s structure.

• Search Functionality: At the top of this section, you will find a search input that allows you to quickly locate a specific business unit or project by name.

Working with Business Units and Projects

You can manage both Business Units and Projects using a context menu that appears when you right-click on an item. Here are the available actions:

Business Unit Actions

• New Business Unit: Create a new business unit within the selected unit.

• New Project: Create a new project within the selected business unit.

• Update Business Unit: Modify the name of the selected business unit.

• Delete Business Unit: Remove the selected business unit from the hierarchy.

Project Actions

• Update Project: Modify the name of the selected project.

• Delete Project: Remove the selected project from the hierarchy.

Adding or Editing Names in Multiple Languages

Each Business Unit and Project has a Name field, which can be defined in multiple languages. When adding or editing a name, you will see a language selector on the right side of the input field. Use this selector to specify the language for the name, allowing for multilingual support throughout your structure.

Reorganizing the Structure

The hierarchical representation of business units and projects can be easily reorganized using drag-and-drop functionality. You can drag both business units and projects to different positions within the hierarchy to adjust the structure as needed. This makes it simple to adapt to changes in your company’s organization.

3 - Groups Management

The Groups Management Interface provides administrators with the tools to organize users into groups, a fundamental component of the Role-Based Access Control (RBAC) inside the CDM-Server.

This page allows you to create, view, update, and delete groups within the system, ensuring flexible and secure user management.

Types of Groups

There are three types of groups available on the Groups Management page:

• Normal Groups: These groups are fully managed within the system. Administrators can add or remove users from these groups as needed to align with access requirements.
• Remote Groups: Remote groups are synchronized from external ID-provider (LDAPS and Azure). These groups list remote users in a read-only mode.
• Singleton Groups: These are system-generated groups that are automatically created when a user is either created (for local) or registered (for LDAPS and Azure). Each Singleton Group contains only the individual user for whom it was created. Singleton Groups are read-only, meaning additional users cannot be added to them, nor can the user be removed from their Singleton Group.

Creating a Group

• Click on the + button in the table header to open the Create Group dialog.
• Fill the Name field (multiple languages are allowed) and the Remote Id field (only for LDAPS and Azure)
• Click Save to add the group to the system. The new group will appear in the groups table.

Assigning and Removing Users

Once a Group has been selected, in the right panel of the Groups Management page, administrators can assign or remove users from normal groups to adjust access as needed:

• Assign Users: Click on the + button of the panel and select a one or more users from the “search users dialog” and add them to the selected group, granting them the permissions associated with the group’s roles.
• Remove Users: Click on the “trash” icon button once at least one user has been selected to revoke the associated permissions.

4 - Roles Management

The Roles Management Interface allows administrators to define and organize roles within the CDM-Server.

On this page, you can create, view, and delete roles as needed, though roles cannot be updated once created. After creating roles, you can assign or remove groups to manage which users have specific access rights.

Creating a Role

• Click on the + button in the table header to open the Create Role dialog.
• Define the new role by selecting the Role Template and level in the organization’s tree (see RBAC integration).
• Click Save to add the role to the system. The new role will appear in the roles table.

Assigning and Removing Groups

Once a role has been selected, in the right panel of the Roles Management page, administrators can assign or remove groups as needed:

• Assign Groups: Click on the + button of the panel and select a one or more groups from the “search groups dialog” and add them to the selected role. This will grant all users in those groups the permissions defined by the role.
• Remove Groups: Click on the “trash” icon button once at least one group has been selected to detach it from the role. This action will revoke the permissions associated with that role for all the users of the group.

5 - Users Management

The Users Management Interface provides the capability to create, view, and manage user accounts.

Key Features Overview

This view provides a centralized interface to view and manage user profiles along with simplified user creation with optional system-generated passwords, workflows for password resets and forced password changes.

Creating a New User

(This option is available only when Local is selected as the Id-Provider)

• Click on the + button in the table header to open the Create User dialog.
• Fill in the required fields. Login should be a unique identifier for the user. Password should be either entered manually or click Generate Password for a secure system-generated password.
• Click Save to add the user to the system. The new account will appear in the user table.

Editing Existing Users

Locate the user in the table and click the Edit (pencil icon) to open the Edit User form. Update user details as necessary.

Password Reset

(This option is available only when Local is selected as the Id-Provider)
When a password reset is initiated for a user, a Temporary Password is generated and displayed in a pop-up. The administrator can copy this password and share it with the user. Temporary Password Validity Temporary passwords are valid for a limited period (e.g., 2 days). If the password expires, a new reset must be initiated by the administrator.

User Workflow with Temporary Passwords

When a user logs in using the temporary password, the system redirects the user to the Change Password dialog. The user must enter the current password (the temporary password). A new password must be set and confirmed before access is granted. Once the password is changed, the temporary password becomes invalid, and the user gains access to the system.

Self-Service Password Management for Users

Users have the ability to manage their passwords directly

From the user menu in the header, select Change Password. In the Change Password dialog, enter the current password. Set and confirm a new password. Click Continue to complete the password update.

Register a User

(This option is available only for LDAP and Azure as Id-Provider)
Registering an external user in the system is a crucial task that enables the CDM-Server to effectively manage and track users. Rather than duplicating user data, the server creates a reference entry in the database, allowing seamless integration of the external user into RBAC and other essential processes. This approach ensures that external users are fully enabled within the system without redundant data storage, maintaining efficient and streamlined access management.

6 - IQ & CDM Users map

The IQ & CDM Users Map section enables you to link IQ Persons (referred to as candidates) with CDM users.

Procedure

1. Selection of a project

To begin, select a project containing unapproved candidates. Only projects with unapproved candidates will be available in the project selection dialog. A candidate is considered approved once they are mapped/linked to a CDM user. Selecting a project will lock it to prevent simultaneous modifications by other users. If another user has locked the project, you will not be able to select it until they release the lock.

2. List of candidates

Once a project is selected, the left-side list will display IQ Persons (candidates) pending a match. Use the additional filter at the top of the list to refine your list as needed. Candidates are displayed with their Name, First Name, and E-mail by default. To reveal more details, click the button next to the “UNAPPROVED CANDIDATES” title. Changes to the displayed attributes are saved automatically and will be applied the next time you use the tool.

3. List of users

In the next step, you can search for CDM users by applying search criteria, then clicking “Search”. Users appear with their Login and First Name by default, but additional details can be displayed by clicking the button next to the “USERS” title. These display settings are saved for future sessions.

Create new Users (Local only)

If the required CDM user does not exist, you can create a new user by selecting the “New User” option. This option is available only if you are using local as the IdProvider on the CDM Server and you have admin privileges.

Creating Users

• Right-click on “New User” to open a dialog with all fields for a CDM user. Fill in the necessary information and submit to create the user.
• Create from Selected Candidates option is enabled when selecting at least one candidate and right-click “New User”. A dialog will open with all fields for a CDM user, with the option to select one of the previously selected candidates as template to pre-fill some of the fields and make the creation process faster.

4. Match Candidates with Users

To match a candidate with a user, select at least one candidate from the left list and exactly one user from the right list. This enables the " » " button, allowing you to move candidates to the user.
NOTE: This won’t perform any definitive change.

5. Review and apply changes

After mapping candidates to users, review the changes before applying them. Each candidate (IQ Person) can be mapped ONLY ONCE; this is a permanent action and cannot be undone. If you are ready to proceed, click the confirmation button to finalize the mappings.

6. Approved candidates

Once a candidate is mapped, they are considered approved and will be removed from the candidate list. If no candidates remain, the project selector will clear, and the project lock will automatically be released.

Reset changes

Click “Reset” to clear your progress, including any selected project, releasing the lock on the project and clearing all changes made in the current session.

7 - Settings

The Settings page allows all users to customize system preferences, including language settings and user interface layout. Changes made on this page are applied upon saving, and the page will automatically reload to reflect the updates.

Configuring General Settings

The General tab in the Settings page allows users to adjust their system-wide preferences, including language options and UI layout.

• Content Language The Content Language dropdown allows users to set the language for system content. For example, you can select “Deutsch” or “English” based on your preferred language for viewing data and content within the system.
• Interface Language The Interface Language dropdown allows users to change the language of the application’s user interface. This ensures that menus, buttons, and labels are displayed in the selected language.
• Identity Provider The IdProvider dropdown displays the authentication provider for your account. This setting can not be changed.
• Left-Side Menu Layout Left side menu collapsed: Checking this box collapses the menu on the left-hand side of the interface by default.
• Saving Changes Adjust the settings as needed in the General tab. Click Save to apply your changes. The page will reload automatically, and the new settings will be reflected immediately.

Configuring User-Specific Settings

The Users tab on the Settings page allows users to configure how attributes are displayed in the Users Management interface.

Attribute Order The Attributes Order section lets users reorder the fields displayed in the Users table, such as Title, Name, Login, Department, Email, Phone, and more. To reorder attributes:

• Drag and drop the fields to arrange them in your desired order.
• Click Save to apply the changes.
• The page will reload automatically, and the new order will be reflected in the Users table