Security is based on user accounts and roles. Roles are groups of users with a specific function within the Metasys system. To access the system, an administrator provides a username and the password. When creating users within the Metasys system, use ASCII characters only. Do not use the characters @ or \ to create Metasys local user names. The @ and \ characters are reserved for Active Directory service usernames that are added to the system.
Click Login on the Login screen to send your user credentials. If Active Directory service is enabled, you also need to select your user domain or enter a local username and select Metasys Local from the domain selection drop-down menu.
For local users, the extended architecture Security Administrator system authenticates the user’s information against the Security database. For Active Directory service enabled users, the selected Active Directory service domain authenticates the user and no Security database authentication occurs.
Microsoft® Active Directory Federation Services (ADFS) and Microsoft AD Lightweight Directory Access Protocol (LDAP) is supported in Metasys UI only. ADFS integration with two-factor authentication is an add-on, licensed feature to add support for Metasys using ADFS, a single sign-on solution developed by Microsoft®. ADFS can then, in turn, be used to provide two-factor authentication for access to Metasys. ADFS helps prevent unauthorized access to Metasys, which, if not prevented, could result in data, financial, and reputational loss, system disruption, and other negative consequences. LDAP authenticates your identity against AD for Metasys access as a user of the system.
A unique session opens when your user credentials match the logon requirements. The session provides access to the system for a configurable period. When the credentials do not match, a dialog box appears indicating that the credentials are incorrect or user access is denied. For more details on possible logon error messages, see Table 1. The security system generates an audit trail and tracks all logon attempts.
When you click Login, the IPv4 address of the computer you are using is recorded in the Metasys Audit file. You can view the login transaction by opening the Audit Viewer. If the user logs in to the Metasys Advanced Reporting System and the SMP UI, the SMP UI login time is recognized as the last login time. If the user logs in for the first time, the status box indicates Never as the last login time.