User Management
Overview
DataMasque supports both local user account management and federated user account management via SAML single sign-on.
The user management console allows the DataMasque admin user to manage local user accounts and revoke and restore access for all user accounts (whether local or federated).
To access the user management console, choose the Users item from the main menu while logged in as the admin user.
The authentication method for each user account can be determined by the Type column of the user list. Local user accounts are indicated by the Local account type. Such users are authenticated by DataMasque using their username and password. Federated user accounts that authenticate with single sign-on are indicated by the SSO account type.
User Roles and Privileges
User Mgmt | Connection Mgmt | Ruleset Mgmt | Data Masking Runs | Licence Mgmt | Files Mgmt | Application Settings | |
---|---|---|---|---|---|---|---|
Admin | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Mask Builder | No | Yes | Yes | Yes | Yes | Yes | No |
Mask Runner | No | Yes | No | Yes | No | No | No |
- There is only one admin user, which is created during the DataMasque installation.
- Mask Builder and Mask Runner users can be created and edited in the 'Users' page by the admin user.
Add a New User
To add a new local DataMasque user, click the button on the Users page.
The 'New User' form allows you to configure the user details. For more information about each field, see the table below.
Once the user details have been completed, click the SAVE button to create the user.
A temporary password will be automatically generated for the new user. This password must be saved and provided to the new user to login to their new account. The user will be prompted to set a new password on first login. Their new password must comply with the DataMasque Password Policy.
Warning: The temporary password for a new user will not be available after closing the confirmation panel. It is important to save this password elsewhere to avoid being locked out of the account.
New user account details
Username | A unique username with a maximum length of 255 characters. Must be alphanumeric, with the following symbols also allowed: @ . + - _ |
The user's email address. This must be unique among all users. | |
Role | The user's email address. This must be unique among all users. |
Note: Local user account creation may be disabled if the "Disable local logins" setting is enabled in the SAML Single Sign-On settings.
Note: For information on provisioning user accounts under single sign-on, see the user provisioning and management section of the SAML Single Sign-On user guide.
Edit User
User accounts may be updated by selecting the user in the Users list.
Using the Edit User form, it is possible to update the user's account details. Additionally, the user's access to DataMasque can be revoked by disabling the user account. The user's access can be restored at any time by re-enabling a disabled account. It is not possible to delete a user. A disabled user can no longer log into the DataMasque dashboard.
Note: Account details of single sign-on (SSO) users are not editable using the DataMasque user management console, although it is still possible to revoke access for such users using the disable/enable functionality.
Password Policy
DataMasque user passwords must conform to the following password policy:
Minimum password length is 8 characters.
Must include at least 1 non-numeric character (can't just be a number i.e. 12345678).
Must not be similar to the username or email address.
Must not match any value in this list of 20,000 common passwords: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
Users are allowed to change their own password.