Knowledge Base

 View Only

User Management Best Practices

By Carmen Santos posted 01-12-2016 08:58


Creating Groups

User groups should be created prior to users in Jama Software. This allows adding permissions to Groups instead of individual users, making permissions management much easier. Groups are then assigned access to Projects and granted permissions, and can have different permissions for each project.

Both Organization Admins and Project Managers can create user groups and set these permissions. For on-premises customers, Project Manager permissions to Add Groups and set Project permissions can be controlled from the System Properties > General Properties. These options are enabled by default on hosted instances.

Where possible, user group permissions should be set at the project level or at one or two top-level components or sets. Avoid setting them too deep in the Project Tree since breaking inheritance too much will make permissions management needlessly complicated. 

Once a user group is created, users may be assigned to it. 

Creating Users

Only Organization Admins can create users in Jama Software. When creating users accounts, permissions are granted by adding the users to one or more user groups. A license type must be assigned to a user as the user is being created, determining the user's role in Jama Software. It is recommended to learn how roles can affect permissions before stepping into this configuration.

Note: by selecting the Send Email to New User option when creating a new user, Jama Software will send the account details to that user, saving you work.

When saving a new user, it is possible to get the message: “A User with that username already exists. Please choose a different username."

If you run into this message, start by checking the View Inactive Users box to confirm if the user already exists but is inactive.

In a situation where you have received this message yet confirmed that the new user does not exist, a re-index may be needed. However, we recommend you look for the user in the database first (if you are an on-premises customer).

Authentication Method

If a different authentication method, such as LDAP or Crowd, is enabled in your instance then Jama Software’s local authentication will automatically be disabled and Jama Software-authenticated users will automatically be deactivated, hiding them from the Users list.

If you later switch back to Jama Software authentication, you will need to select View Inactive Users to see and reactivate them.

When LDAP authentication is enabled, the new users are added via LDAP but an option to allow users' self-registration can also be selected from the Jama Software System Administration window.

With self-registration enabled, users will be asked to fill in a form when they log into Jama Software for the first time. This will create a new user account in Jama Software, but permissions still need to be assigned by the Organization Admin to each account.

If a user gets a 'Wrong password' login error when LDAP authentication is enabled, System Admins should try manual sync from the Authentication Properties > Synchronize Now. If the issue persists, check if the username matches exactly what is in LDAP.

This issue can be caused by an option located in the System Properties > Authentication Properties > Allow users to change their username. If you don't want this permission to be granted to users, be sure to uncheck this box.

When Crowd authentication is enabled, all users in the directories mapped on Crowd will sync to Jama Software, therefore it is recommended to utilize a users' directory created in Crowd specifically for mapping to Jama Software. 

This is particularly recommended for versions of Jama Software prior to 8.1 due to a bug, titled SOS-DEF-774, that causes Crowd to assign the 'highest' license type available to all of the newly added users in Jama Software as soon as it syncs them. As an example, if your license contains at least one creator license, all of the newly added users will be assigned a creator license regardless of the number of licenses available, making the users automatically active in Jama Software. As a result, if you need to update your license you may have too many users with a particular license type assigned which will prevent you from applying for the new license. For the same reason, some users may not be able to log in.

Users created in Jama Software prior to the Crowd authentication method will be automatically disabled but are still kept in the user's list along with the users synced from Crowd. Organization Admins will need to be sure to select the right account when (re)activating users or assigning licenses.

More useful information about Crowd can be found in this Crowd FAQ article.

#tutorial #administration