Settings - Quantum Cloud

Using Settings in Quantum Cloud, you can manage users and accounts based on your role, for example, inviting users, assigning roles to users, managing reports and environments permissions, deleting users, and exporting users.

Roles Permissions to Access Fabric Console

Roles help to users to access Fabric Console and perform certain operations. There are four types of roles Fabric including the owner, admin, member, and Dev portal.

  • Owner: An Owner role has access to the complete functionality of Fabric Console. An Owner has access to advanced configurations and operations such as external auth configuration, MFA for account level, and so on. An Owner is a super-set of the Admin role.
  • Admin: An Admin role has access to the functionality of the Fabric Console.
  • Member: A Member role has access to the limited functionality of Fabric Console.
  • Dev Portal: Lets you create a Portal for exposing APIs created using Quantum Fabric. Developers from internal and external partner teams can access the portal created to explore and test the APIs.

Refer to the following screen-shot for more details.

NOTE: The following features can be granted by using the Custom Access functionality:
- Build Client App
- Engagement Services
- App Services
- Logic Services
- Logging Console

NOTE: The Feature Level Access Permissions (Custom Access) functionality supported only for Fabric Clouds.

 

Environment Permissions - Fabric Clouds

An environment can have 3 types of access permissions to users.

  • No Access: Users cannot access a Quantum environment.
  • Full Access: Users can access a Quantum environment, which helps to build apps, publish apps, and Admin Console.
  • Custom Access: The Feature Level Access permission is supported only for Fabric clouds. Based on these permissions set for a specific Fabric Cloud, users are privileged to access a specific set of features of Fabric accordingly.

IMPORTANT: By default, all the roles have Full Access to Visualizer, Fabric Starter, and Cloud Build environments. For the remaining environments, all the roles have No Access by default.

NOTE: The Custom Access permission is supported only for Fabric Clouds.

NOTE: By default, all users have access to Fabric Console to create apps.

The following table details you about the features with access level permissions of an environment:

Environment Permissions - Custom Access

 

Features in an Environment

Feature Level Access Permissions
Disable Access Enable Access

Build Client App – If this feature is enabled, users can view the environment configuration from Visualizer and build a client app that connects to the environment.

It allows a user to only have Build Client App access, if the user is only allowed to build binaries pointing to an environment, but not publish or make changes to the server from Visualizer or from Fabric console. This feature is very useful when developers need to build binaries pointing to a production server. However, only admins are allowed to modify the server runtime by allowing the publishing capabilities.

IMPORTANT: You can build apps using Visualizer if you have access permissions to the Build Client App feature in the Cloud.

To build and publish apps, you must have access to the App Services feature in your cloud.

App Services: If this feature is enabled, users can build apps using Visualizer and publish apps as well. This is a superset of Build Client App access and provides both the build and publish capabilities.

  • For example, If a developer has been given access to App Services, the developer can build and publish to the server from Visualizer or from Fabric console.

Engagement Services – Access to the Engagement Server’s admin console associated with this environment.

Logic Services - Access to the Integrate Node.js Services to Fabric Applications.

Logging Console - Access to the logs for this environment from the Log Console.

You can configure the Environment Permissions, as follows:

 

Users - Cloud

The Users tab in Quantum Cloud helps you manage users in your account. Only users having an owner/admin role in the account can access this Users tab.

Manage Users

To manage users of an account, follow these steps:

  1. In the Quantum Fabric Console, click Settings in the left pane. By default, the Users > Manage Users page is displayed.

  2. In the Manage Users page, you can perform various actions such as inviting a user, deleting a user(s), exporting users, and controlling user access.

Invite User to an Account

A user invited to an account can access reports and clouds in that account based on the role. Follow these steps to invite a user.

  1. Go to Fabric Console, click SettingsUsers > Manage Users.
  2. Click Invite. The Invite User dialog window appears. You need to fill the required user details such as email, account role, Reports Access, and environment permissions.

    NOTE: This is a sample screen shot, which has Full Access for a Visualizer Cloud. The Full Access is also applicable for the following clouds: Licensing Cloud and AppFactory.

  3. Enter the following details in the Invite User dialog window:
    StepFieldAction
    aEnter the email IDEnter the user email address
    bAccount Role

    Select the role available from the Account Role list.

    • Admin/Owner: By default, a user with an Admin/Owner role has Full Access to reports. For example, Full Access (Standard Reports, Dashboard, Funnel Reports, Custom Reports, Custom Metrics, Custom Dashboards)

      NOTE: An invited user cannot modify the Reports Access field of an Admin/Owner.

    • Member: By default, a user with the Member role has Standard Access to reports.

      NOTE: An Owner/Admin can change the Report Access permissions while inviting a Member role.

    • Developer Portal Only: By default, a user with the Developer Portal Only role has Standard Access permission to reports.

      NOTE: A user with account role Developer Portal Only will have the Reports Access as Standard Access. You cannot modify the Reports Access field of the Developer Portal Only user.

    cReports Access

    If you have selected Member as Account Role, select one of the following Report access permissions:

    • Standard Access (Standard Reports, Dashboard). This is selected by default.
    • Custom Access (Standard Reports, Dashboard, Custom Reports, Custom Dashboards)
    • Full Access (Standard Reports, Dashboard, Custom Reports, Custom Metrics, Custom Dashboards)

    IMPORTANT: A user with Reports Access permissions as Full Access and Custom Reports Access can access these reports even if the user does not have access to any of the environments.

    dEnvironment Permissions

    Displays the clouds under the CLOUD NAME column created for a specific account.

    1. Under the FEATURE LEVEL ACCESS permissions column, click the required tab, for example, No Access, Full Access, and Custom Access.

      NOTE: For more information on the environment permissions, refer to Feature Level Access Permissions - Fabric Cloud.

      NOTE: The Custom Access permission is supported only for Quantum Fabric clouds.

    1. Select the required permissions for the Fabric Clouds:
    • No Access

      All features of this cloud are disabled for the selected user.

    • Full Access

      Access to all features of this cloud is enabled for the selected user. Each of these features is enabled with a tick mark.

    • Custom Access - Supports from Quantum Fabric V9 onwards only for Quantum Fabric Clouds.

      You can select all the features or specific ones of a cloud by using the Custom Access permission.

      For example: When you select Custom Access, all features of this cloud are enabled to the selected user by default. Each of these features is enabled with a tick mark.
      If you want to disable a specific feature, select that feature.

    • Build Client App
    • App Services
    • Logging Console
    • Engagement

    IMPORTANT: If a Cloud version below V9 and if it contains legacy features such as Sync Server and EMM, these features are not displayed in the Manage Cloud Access > FEATURE LEVEL ACCESS section. As a result, you cannot change these features.

    IMPORTANT: When you change the cloud access permissions, the cloud users must log in to Quantum Fabric again. This is to ensure that these features are reflected in their environments.
    For example,
    Let us say there is a member user called Member1, and an admin user called admin1.
    The Member1 has access to features in a specific Cloud, such as Build Client App, Engagement Services, and App Services.
    1. Member1 logs in to Fabric Console.
    2. Member1 is accessing the Fabric Console and Engagement Services Console.
    3. At this point, Admin1 logs in to Fabric Console and removes access to Engagement Services for Member1.
    Here, when the Admin1 removes access to a feature for the user, the user (here Member1) should have the access only to the modified set of features in that Cloud.

  4. Click INVITE. An invitation will be sent to the user. After the user accepts the invitation, the user is added to the users list.

Delete User from Account

Only users with the Admin role in the account can access the Users tab.

  1. Go to Quantum Fabric and click SettingsUsers > Manage Users. The existing users are listed on the Manage Users page.
  2. Select the check box for each user.
  3. Click the DELETE button. The Delete User(s) dialog appears for your confirmation.

    NOTE: Click the More Options button next to the user and select Delete.

  4. Click DELETE.

Export Users of Account to Excel File

You can export the existing users of the account data to an Excel (.xls) file. The excel format contains users with record-level data in a tabular form such as the User Name, User Email, Account Role, Reports Access, and Last Logged ON.

  1. Go to Quantum Fabric, click SettingsUsers > Manage Users. The existing users are listed on the Manage Users page.
  2. To export all the existing users, click EXPORT.

    NOTE: To export one or more users, select the required check boxes and then click EXPORT.

Managing Cloud Access of Existing Users

You can modify the existing cloud access permissions of a user, if required.

  1. Go to Quantum Fabric, click SettingsUsers > Manage Users. The existing users are listed on the Manage Users page.
  2. Click the More Options button next to the user. The options available are as follows:
  3. Select Manage Cloud Access. The Manage Cloud Access dialog box appears and displays the available clouds for that user.

    Managing Cloud Access of Existing User

  4. Under the Feature Level Access column, select the feature permissions of the Clouds.
  5. Under the FEATURE LEVEL ACCESS permissions column, click the required tab and select the features, for example, No Access, Full Access, and Custom Access.

    NOTE: For more information on the environment permissions, refer to Feature Level Access Permissions - Fabric Cloud.

  6. Click SAVE to save the changes.

Default Services & Apps Permissions

As an Admin/Owner, you can configure the default access control for the new apps and services. So, when a new user is invited to an account or automatically added to an account using the master account setting, these default access control settings are applied to users. Refer to Default Services & Apps Permissions.

Accounts

The Accounts tab in the Settings menu helps you view the details of the account such as account name, location, company information, phone number, address and so on. It also allows you to configure external-user authentication and multi-factor authentication for the account.

Profile

Only users with the Owner role in the account can modify the account profile details.

All other users in the account can view account profile details in read-only mode.

External User Authentication

Only users with the Owner role in the account can access the External User Authentication tab. You can enable the external authentication with users to access the Quantum Fabric console. OAuth compatible identity services are supported for external authentication.

To enable the external user authentication, follow these steps:

  1. Create an OAuth based identity service in Quantum Fabric.
  2. As an owner, go to Quantum Fabric > Settings.
  3. In the Accounts tab, click the External User Authentication.

  4. Click ENABLE EXTERNAL USER AUTHENTICATION.
  5. In the Select Provider list, select an existing identity service that you have created and configure it.

    NOTE: OAuth compatible identity services will be displayed in the Select Provider list of the external authentication page.

  6. Configure custom login URL, if required.

  7. Select the Create User on First Login check box if you want the users to be created on the fly upon the first login.

  8. Name: Enter the text for the login button for the external identity provider. The name is displayed on the external login section.
    By default the default text and the selected provider from the list is displayed here. For example, default text is <Launch Login> <selected provider name>. Refer to the Figure 2.
  9. Description: Enter the description for the external identity provider. The description is displayed on external login section. This is a mandatory field. Refer to the Figure 2.
    [Figure 2- External Login Page]
  10. Click SAVE. Your external user authentication is configured.
    You can configure more than one external user authentications in your account, refer to the following section.

Multiple External User Authentications (Logging into Fabric Console on Cloud with multiple user authentication login options)

From V9 Service Pack 2, this feature supports for configuring more than one external identity providers for Cloud Login in addition to the existing Temenos Account Login details in the same Count account.
Use Case. Logging into Fabric Console Cloud with multiple user authentication login options. In this case, apart from Fabric Cloud users you want to provide login access to two more different users set to the same Fabric Cloud account, for example, ContractEmployees (users with Gmail account) and the EnterpriseEmployees (user emails configured with Okta). You have configured Google and Okta identity services for External User Authentication in the same account. Here, the Enterprise Login URL for these three users sets should be unique.

The sample screen shows multiple external user authentications configured in a Fabric account.

EXTERNAL LOGIN URL column displays the unique login URL for all users configured in the same account
NAME column displays the specified label that is displayed on the Login button for external auth login page.
DESCRIPTION column displays the specified description that is displayed on the external auth login page.
CONFIGURE NEW button is active to configure multiple external user authentications.


So, when an user from any of these groups try to access Fabric Clod using this Enterprise Login URL, the Login page displays all these configured external identity providers list with the message: This <> account has been configured to required user authentication via an external identity provider. The user needs to click one of the Login buttons to login to Fabric Console account. For Enterprise Login users to log in with Temenos email account, users must click Temenos Account Login link. The following sample screen shows details the Login page with multiple external user authentications configured in the Fabric account.

 

External User Authentication with Azure-SAML

Security Assertion Markup Language (SAML) is an XML-based markup language. It is used for authentication and authorization between identity providers and service providers. Microsoft Azure provides a single sign-on SAML protocol, which can be used to create an external Identity provider for Quantum Fabric.

NOTE:
External authentication with Azure-SAML is only supported for Quantum Fabric on the AWS (default) cloud. It is not supported for on-premises or container installations.

Prerequisites

A Fabric app that contains an Identity service with the required Azure-SAML configuration. For more information about creating the service, refer to SAML Identity Service.

IMPORTANT:
  • Mapping the Email and Profile URL fields to the back-end provider is mandatory for external authentication.
  • The Fabric app must be published to the cloud for which external authentication is required.
    For more information, refer to Publishing a Fabric app.

Using Azure-SAML for external authentication

After you create and publish an app with the Azure-SAML configuration, follow these steps to set up external authentication:

  1. Sign in to the Quantum Fabric Console.
  2. From the left pane, navigate to Settings.
  3. On the Accounts tab, click External User Authentication.
  4. Click CONFIGURE NEW.
  5. From the Identity Providers list, select the Identity service that you created.
  6. Select the Create User on the First Login check box if you want users to be created on the fly on their first login.
  7. Type a Name and Description for the provider based on your requirement.
  8. Click SAVE.

Users that are registered to the back-end provider can then sign into Quantum Fabric by using their Azure-SAML credentials.

Limitations

  • From the V8 SP3 release, Fabric uses the provider's name for identification instead of the GUID. Therefore, to import an app from earlier versions, you must perform additional steps before publishing the app. For more information, refer to Importing a legacy app.
  • An app on the Azure cloud can be linked to only one Identity provider on Fabric. Therefore, an Azure app cannot be used with multiple Fabric clouds.
    To link the back-end provider to a different cloud, you can create a new Azure app with the same metadata.
  • For a proper back-end log out, Fabric supports only one external authentication provider.

Multi-factor authentication

Only users with the Owner role in the account can access this tab. For more information on multi-factor authentication, refer to How to Enable Multi-Factor Authentication.

Audit Logs - Cloud

The Audit Logs tab in the Settings menu helps you to capture all the user activities performed in a Quantum Fabric Account. These activities are displayed as Audit Logs. Only users having an owner/admin role in the account can access the Audit Logs tab.

To view the user activities of an account in the Audit Logs page, follow these steps.

  1. In the Quantum Fabric Console, navigate to Settings > Audit Logs. The Audit Logs page displays the existing logs by default.

    These logs are displayed based on the object categories such as apps, services, and users. The logs are displayed with the following details:

    • OBJECT NAME: Displays the name of the object, such as: app name, service, and email ID of the user.
    • OBJECT TYPE: Displays the type of the object, such as: Apps, Services, and Users.
    • ACTION: Displays the CRUD operations performed for the object type, such as: created, deleted, modified, published, and unpublished.
    • MODIFIED BY: Displays the email ID of the user that performed the action.
    • MODIFIED ON: Displays the time-stamp of when the action was performed.

    NOTE: By default, the logs are displayed for the last week.

To apply filters and view specific user activities of an account, follow these steps.

  1. In the Quantum Fabric Console, navigate to Settings > Audit Logs. The Audit Logs page displays the existing logs by default.

  2. You can apply the following filters for the Audit Logs:

    • Object Type: From the drop-down list, select the options for which you want to view the audit logs.

    • Action: From the drop-down list, select the options for which you want to view the audit logs.

    • Object Name: Enter the name of the object, such as the app name, service name or the email ID of the user.
    • Modified By: Enter the email ID of the user that performed the actions.
    • Modified On: From the drop-down list, select the date range for which you want to view the activities.

  3. Click Apply to display the logs based on the filters.

To download the audit logs, click the Download log button and select the required option, such as PDF and Excel.