Authorization Process - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0

Security Administrator System Technical Bulletin

Brand
Metasys
Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0
Revision date
2022-08-05
Language
English

After you have passed through the authentication process, the authorization step is next. Authorization is the process of verifying that a known, authenticated user has the authority to perform a certain operation. Within this process, you determine your access rights by looking up your permissions in the Metasys Security database. You may assign Active Directory service user permissions directly or through Metasys roles. You determine permissions in the same manner as for a Metasys local user.

If authorization is successful, the Metasys SMP UI appears. If either authentication or authorization fails, or if SSO is disabled, the Metasys SMP UI login screen reappears and you must continue the login process by entering either your Active Directory service or Metasys local credentials.

Table 1 lists scenarios that may occur when you log in.

Table 1. Login Scenarios for Active Directory Service Users

Are You Logged in to OS as Active Directory Service User?

Does Active Directory Service User Account Exist in the Metasys System?

Action When You Attempt SSO Login

Yes

Yes

SSO login permitted. Metasys login screen does not appear.

Yes

No

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, the following message appears:

User Access Denied.

Yes

Yes

SSO login not permitted. Login screen appears with message:

Unable to Login. Unexpected error.

If you try to log in with your Active Directory service credentials, system access is permitted.

Yes

No

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, this message appears:

User Access Denied.

No

Yes

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, system access is permitted.

No

No

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, this message appears:

User Access Denied.

No

Yes

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, system access is permitted.

No

No

SSO login not permitted. Login screen appears with message:

Unable to authorize Active Directory user.

If you try to log in with your Active Directory service credentials, this message appears:

User Access Denied.

To log out, click the Logout button on the SMP UI of the Metasys server. This action returns you to the Metasys login screen or Warning Banner screen, if enabled, but does not log you out of Microsoft Windows or the Active Directory service. The login screen or the Warning Banner screen, if enabled also appears if your session becomes inactive and times out.

If you exit the Metasys system by closing the Metasys SMP UI window, you are logged out, but the Metasys login screen does not appear.

Active Directory service passwords are not maintained or cached within the Metasys Security database; therefore, they cannot be changed using the Metasys SMP UI. The Security Administrator system maintains passwords for Metasys local accounts.