User account rules - Metasys - LIT-12011279 - General System Information - Metasys System - 13.0.50

Network and IT Guidance Technical Bulletin
Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-12011279
Version
13.0.50
Revision date
2024-01-26
Product status
Active

The following rules apply to Active Directory service users who are added with the Metasys Security Administrator System:

  • For Metasys Release 8.1 or later, and SCT Release 11.1 or later, the full domain UPN format or the exact or alternate UPN format is used for the username. For example, myUser@my.corp.com or myUser@corp.com is specified. The fully qualified username or exact or alternate username appears on the main Metasys Site Management Portal UI screen to identify the currently logged in user. It also appears as the username on Metasys reports and logs.

  • Each specified user must exist and be enabled in Active Directory service. Properties of the user (for example, phone number and email address) are read when the user is added to the Metasys system. These items are displayed by the Metasys Site Management Portal UI under User Properties. For details, see Information obtained from Active Directory services.

  • If the username for an Active Directory service user changes, you do not need to specify the new name with the Security Administrator System tool. The update of the new username occurs within the Security Administrator System when you left-click the Active Directory service user account.

  • If an Active Directory service user is deleted from the Active Directory service database, delete that user from the Metasys system as well. If, for any reason, an Active Directory service user with the same username is later added to the Active Directory service database but you did not delete this user from the Metasys system, the new user cannot be added to the Metasys system until the original user is deleted.

  • If an Active Directory service user is disabled in the Active Directory service database, the Metasys Access Suspended property check box under the user’s Properties window is selected. Once the service user for Active Directory is re-enabled, a Metasys Administrator must manually click to clear the Metasys Access Suspended property check box before the user can log in again.

  • The Metasys system follows the text case format dictated by Active Directory services. In other words, if you add a user called MYUSER@my.corp.com, and the Active Directory service format uses all lowercase characters, the username adjusts to myuser@my.corp.com when added.

  • At least one defined Service Account must have the privilege to read the user’s Active Directory service attributes.