Skip to main content

Configure Users and Groups

Note: A user should not be allocated to multiple groups at a time. If a user is added to more than one group, when logging-on they will only ever be assigned the permissions etc. from the first of the groups alphabetically.

Add a User

Under the Users and Groups node within your repository in Administrator, users can be added in one of two ways:

  1. Manually
  2. Imported and synchronized from your ERP system

    Note: For EBS customers, once a valid username is added in Administrator, the application also picks up the responsibilities assigned to the user. Upon logging in to Hubble, the user will select one of these responsibilities.

Create a User Group

In Administrator, you can create groups in which to organize users; this can particularly be useful not just for organizational purposes but also when performing tasks at the group level such as when setting permissions or capabilities.

  1. Log into your repository if you are not logged in already.
  2. Expand the Users and Groups node in the left panel.
  3. Highlight the level above which you want to create the new group, whether it be Everyone or another level that already exists.
  4. Right-click on this level and New> Group.
  5. In the Group Definition dialog, create a name for the group and, optionally, a description. (Leave the Members section in this dialog blank for now; it will show the users included in this group after you have added them in at a later step.)
  6. Click OK.
  7. You will now see this group listed in the tree structure under Users and Groups.

Edit a Group

Once created, a user group can be deleted. It is important to know that when a group is deleted, all users and groups within it will be deleted as well. The exception to this is for users who also belong to other groups; in that case the user will not be deleted. Additionally, you cannot delete the ‘Administrator’ or ‘Everyone’ Groups.

  1. Log into your repository if you are not logged in already.
  2. Expand the Users and Groups node in the left panel.
  3. Right-click on the group you wish to delete and select Delete.
  4. You will be prompted to confirm this action.

Manually Add a New User

You can manually add Hubble users within Administrator. If you manually create a user, you must manually assign permissions for the profiles. (This is different than synchronizing a user when the system automatically assigns permissions for that user to the associated profile.)

  1. Log into your repository if you are not logged in already.
  2. Expand the Users and Groups node in the left panel.
  3. Highlight the level above which you want to add the user, whether it be Everyone or another level that already exists.
  4. Right-click on this level and New> User.
  5. In the User Definition dialog, enter in the requested information and activate the options as desired:
    1. Name [Hubble username]
    2. First Name
    3. Surname
    4. Email
    5. Password
    6. Confirm password
    7. Enforce password policy
    8. Enforce password expiration
    9. User must change password at next login
    10. Enforce account expiration
    11. Account is disabled
  6. Click OK.
  7. You will now see this user listed in the tree structure under whichever group you placed them in.

Note that:

  • Passwords may not be too common, e.g. the password 'password' can no longer be used.
  • Passwords may not contain sequences, e.g. 123456 or 111111, qwerty, and abcdef are not allowed.
  • The minimum password length is 6 characters.
  • The default setting is that new users must change the password when they first login.
  • Entry of an email address is mandatory. Upgraded and imported users can still login to Desktop without having the email address, but when the account is edited the Administrator must enter their email address.

    Note: Each Hubble user is required to have a valid email address regardless of whether or not they use Web Single-Sign on (SSO).

If a customer is using the Desktop Simplified Sign-On (reduced login) functionality either of these two workflows may be followed:

  1. The user enters a password once (no change):
    1. The user is created in the Administration tool, logs into Hubble and enters a password 1 time.
    2. On this login Hubble will record the user’s Windows domain user identity.
    3. On subsequent logins they will not be requested to enter a password.
  2. The user never enters a password (small change):
    1. The user is created in the Administration tool and the Administrator sets the Windows domain user so the user never needs to enter a password.
    2. There is an additional step to enter the users email address, as this is now required when editing the user definition in the Administration tool.

The user can then login with no password.

Edit and Delete Users

A user’s profile can be edited after it is created. The only setting that cannot be changed is the user’s Hubble username.

You can only delete the Administrator User when there is at least one other Administrative Account available (other than System). The System User cannot be used as a login and cannot be deleted, renamed or moved even by Administrators as it is used for internal operations.

Before deleting a user, you may want to review what is contained within their profile by using the Browse as User functionality.

  1. Log into your repository if you are not logged in already.
  2. Expand the Users and Groups node in the left panel.
  3. Right-click on the specific user and select Edit or Delete, depending on which action you wish to do.

Move a User to a Different Group

In Administrator you can move users to different user groups by completing the following steps:

  1. Log into your repository if you are not logged in already.
  2. Expand Users and Groups in the left panel.
  3. Select Everyone (or whichever group the users are currently included in).
  4. Highlight the users in the right panel and drag them over to the desired group.

In the example below, we will move 2 users from the Everyone level to the Finance Group. This is done by focusing on the Everyone level, highlighting the 2 users, and then dragging and dropping them from the right panel to the correct group in the left panel:

The users now are listed under the Finance Group:

Change the Properties of Multiple Users

You can edit the user properties for multiple users at once. To do this:

  1. Log into the repository (if you are not logged in already).
  2. Expand Users and Groups in the left-hand panel.
  3. Select Everyone (or whichever group the users are currently part of).
  4. Select multiple users in the right-hand panel using the Shift or Control key.
  5. Right-click and select Edit. The Edit Users dialog is displayed:

  6. Make whichever change is needed within the dialog and click OK.

Import and Synchronize Users

After creating Connections and Profiles, you can then import and synchronize user names and information from your Enterprise Resource Planning (ERP) system with Hubble. Synchronizing allows you to check for users not currently stored in the Repository and also to cross-reference user data such as Group or Role information. Any subsequent amendments to Group/Role structures in the ERP system can then be mirrored by running the Synchronize tool.

  1. Log into your repository if you are not logged in already.
  2. Expand the Users and Groups node in the left panel.
  3. Highlight Everyone.
  4. Either right-click and select Synchronize or click Synchronize Users on the Ribbon. (To view it on the Ribbon, you need to click the drop-down menu on the right side in order to see it.)
  5. In the upper left-hand corner of the ERP User Synchronization dialog, choose the ERP profile from which you wish to synchronize users.

  6. In the bottom left-hand corner of the dialog, click Settings to set all synchronization settings prior to bringing in the users. Set the options within Synchronization Settings as needed.
    1. Repository Users – select from all users or just those from the profile previously defined in the main ERP User Synchronization screen.
    2. Profiles – select to group users under their ERP Role, ERP Group or a specific group within Hubble.
    3. Password – select the default password for each user being synchronized in.
    4. Hide password in Details form – hides the password in the Details dialog, accessed from the ERP User Synchronization screen (after selecting a specific user).
    5. Expire passwords for new users – automatically expire the original passwords for new users so they are forced to create new passwords when logging into Hubble for the first time.
    6. Disable new users – automatically set new users’ status to disabled until you enable them individually.
  7. Back in the ERP User Synchronization dialog, click Analyze to list all users from the defined profile in the upper left corner:

    1. Optionally, adjust the Display drop-down to show specific users:
      1. Show All - show all users in your ERP system.
      2. Show Changes - show only those users whose ERP information has changed since last being synchronized with Hubble.
      3. Show Additions - show only new users who have been added to your ERP system since last synchronizing.
      4. Show Removals - show only those users who have been removed from your ERP system since last synchronizing.
      5. Show Updates - show only those that will be updated when you next synchronize. It is important to show these users prior to synchronizing to verify which users will be updated. You want to uncheck any users that do not need updated because otherwise synchronizing them again changes their existing grouping in Hubble.
      6. Show Selected - show only those users who have been selected in the ERP User Synchronization dialog.
    2. To search for specific users, user the Filter in the upper right corner. This will display the specified user.
  8. Optionally, you can set the group where these users will be placed within the Users and Groups folder.
    1. Select all the appropriate users (you can use the Shift/Ctrl keys to select users), right-click and select Set Group:

    2. Mark the group you wish to place them under and select OK:

    3. You see their group has changed appropriately:

  9. To see details about any one user, highlight the user’s name and select Details to bring up the Details dialog. You can change settings in here as needed. Click OK when finished.
  10. Use the Shift/Ctrl keys to select users. Check the boxes next to the users you are synchronizing.
  11. Prior to synchronizing, change Display to Show Selected to confirm which users you are updating. (This way you know only the selected users are being added and users that had already been synchronized will not be synchronized again as they will lose all previously set groupings and permissions.) The users who will be synchronized have check marks next to their names. To prevent any users from being synchronized, uncheck the box next to their names.

  12. Click Synchronize to synchronize users:

  13. Assign licenses as needed.
  14. The action status has changed to ‘Added’ or ‘Removed’.
  15. Click Close to complete the process.

    Note: If you change a user name in your ERP system or in Hubble, the synchronization will be lost and the user is treated as a new addition.

Disassociate a Hubble User from a Windows User

By default, Hubble users are linked to their Windows account. This error is saying that the Hubble username being used to login is associated with a different user account than that which was used to log into Windows.

This error specifically states the current user (current Windows user) and the expected user (expected Windows user), based on the Hubble username being used to login.

Your Hubble Administrator can help determine whether there is a need to disassociate the Windows user account from the Hubble username. This is done from within Administrator as described in the steps below.

  1. Log into your repository if you are not logged in already.
  2. Expand Users and Groups in the navigation tree on the left panel and select Everyone.
  3. Expand the group that contains the user, highlight the specific user and then right-click and select Disassociate Windows User:

  4. This user can now log into the Hubble application.

Password Policy

The Password Policy is used to define and manage password protection for Hubble users. A Password Policy can be set for any individual or group. When set at the group level, whether it is Everyone or another group, it will then apply to all users and sub-groups within that group. A password policy defined at a group level can be overridden by a policy set at a lower level. So if settings for an individual user are different than those in the group the user belongs to, the individual user’s settings will take precedence.

The Password Policy options, such as minimum length, are enforced only when a password is being changed – they are not retroactive. The default settings in the Password Policy are minimal.

To access view and potentially change settings in the Password Policy:

  1. Log into your repository if you are not logged in already.
  2. Expand the Users & Groups node in the left panel of Administrator.
  3. At the level you want to view/edit the Password Policy, such as Everyone, right-click and select Password Policy.
  4. Use the checkboxes to set and define any additional password criteria:
    1. Inherit Policy
    2. Disable user after failed login attempts
    3. Restrict password re-use
    4. Restrict number of times a password can be changed
    5. Set minimum password length
    6. Enforce password strength
    7. Password should expire after x number of days
    8. Password can be the same as user name
    9. Password can be a dictionary word
    10. Password is case-sensitive
    11. Password must contain numerics
  5. Click OK to make the changes.

Password Strength

Passwords are converted into a rating number (typically between 0 and 100) as follows:

  1. Rating = password length in characters * 5.
  2. If password contains repeating characters, then rating = rating * 0.75. (An example of a password with repeating character is 'aaa4xup'. Repeating characters at the beginning or end of the password slightly reduces the rating.)
  3. If password can be found in a dictionary, then rating = rating * 0.5. (A British dictionary is used currently. There is also an American dictionary available but it is not currently used.)
  4. If password contains lower case letters, then rating = rating + lower case letters count, else rating = rating * 0.95.
  5. If password contains upper case letters. then rating = rating + upper case letters count, else rating = rating * 0.95.
  6. If password contains digits, then rating = rating + (digits count * 2), else rating = rating * 0.9.
  7. If password contains punctuation (i.e. ?, ‘, “! characters), then rating = rating + (punctuation count * 2), else rating = rating * 0.9.
  8. If password contains symbols (i.e. +,=,%,$,Aœ,\,/,@,#,^,&,| characters), then rating = rating + (symbol count * 2), else rating = rating * 0.9.

Strength bands:

  • Weak passwords have a rating is less than or equal to 30.
  • Medium passwords have a rating between 30 and 55.
  • Strong passwords have a rating between 55 and 80.
  • Best passwords have a rating greater than 80.

So, for example, if the password is “drill”, the score would be 5*5= 25 (5 characters * 5) and then 25 *.75 = 18.75. The *.75 is because of repeating characters. Total = 25 + 18.75 = 43.75 (Medium).

We reserve the right to update the algorithm at any time.

User Login and Password

The passwords for users of Hubble are not stored, so they do not need to be encrypted and they are not transmitted during login. Instead, we do what most secure applications do: we calculate a special value which is based on the chosen password, called a hash value, and store that. The hash function (SHA-2/ 256) is such that it is considered very difficult to deduce the password from the hash value, and each password has a distinct hash value. When the user logs in, we calculate the hash value of the password they have entered and compare it to the stored hash value. If they are the same, the password is confirmed correct.

There is another consideration however, which is the login information used for the repository database connection and the ERP database connection. For database connections to the repository and to the ERP database, we store the connection string, which is encrypted using AES / Rijndael with a key size of 256 bits. The connection string typically includes the database username, password, server name, and schema name. Unlike a hash value, the encrypted text can be decrypted by Hubble. The symmetric key for this encryption is stored in source code and thus ends up embedded within the application binary. The encrypted repository connection string is stored in a file on disk on the client PC, in the Hubble installation folder (repositoryselection.xml). The encrypted ERP database connection string is stored in tables in the repository database, within a serialized object: a .NET object serialized to binary format, ZIP compressed, and then base-64 encoded.

Browse as a User

If you want to review what functions and visibility a user has within Administrator, you can use the Browse as User functionality to open a new tab in the left-hand panel of Administrator.

To browse the repository as a specific user:

  1. Log into your repository if you are not logged in already.
  2. Expand the Users & Groups node in the left panel of Administrator.
  3. Select the user and either click the Browse as User button on the Ribbon or right-click and select Browse as User.
  4. A new tab, named after the user, will open in the left-hand panel of Administrator. Within this tab, you can see what access this user has. In the example below, user John only has access to the Documents folder:

  5. To close this tab, right-click and select Remove Tab Page:

Changes to the functionality or items that a user has access to in Administrator are done via Capabilities and Permissions.