User Management
Overview
DataMasque supports both local user account management and federated user account management via SAML single sign-on.
The user management console allows the DataMasque admin user to manage local user accounts and revoke and restore access for all user accounts (whether local or federated).
To access the user management console, choose the Users item from the main menu while logged in as the admin user.
The authentication method for each user account can be determined by the Type column of the user list. Local user accounts are indicated by the Local account type. Such users are authenticated by DataMasque using their username and password. Federated user accounts that authenticate with single sign-on are indicated by the SSO account type.
User Roles and Privileges
User Mgmt | Connection Mgmt | Ruleset Mgmt | Data Masking Runs | Licence Mgmt | Files Mgmt | Application Settings | |
---|---|---|---|---|---|---|---|
Admin | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Mask Builder | No | Yes | Yes | Yes | Yes | Yes | No |
Mask Runner | No | Yes | No | Yes | No | No | No |
- There is only one admin user, which is created during the DataMasque installation.
- Mask Builder and Mask Runner users can be created and edited in the 'Users' page by the admin user.
Add a New User
To add a new local DataMasque user, click the button on the Users page.
The 'New User' form allows you to configure the user details. For more information about each field, see the table below.
Once the user details have been completed, click the SAVE button to create the user.
A temporary password will be automatically generated for the new user. This password must be saved and provided to the new user to log in to their new account. The user will be prompted to set a new password on first login. Their new password must comply with the DataMasque Password Policy.
Warning: The temporary password for a new user will not be available after closing the confirmation panel. It is important to save this password elsewhere to avoid being locked out of the account.
New user account details
Username | A unique username with a maximum length of 255 characters. Must be alphanumeric, with the following symbols also allowed: @ . + - _ |
The user's email address. This must be unique among all users. | |
Role | The user's email address. This must be unique among all users. |
Note: Local user account creation may be disabled if the "Disable local logins" setting is enabled in the SAML Single Sign-On settings.
Note: For information on provisioning user accounts under single sign-on, see the user provisioning and management section of the SAML Single Sign-On user guide.
Edit User
User accounts may be updated by selecting the user in the Users list.
Using the Edit User form, it is possible to update the user's account details. Additionally, the user's access to DataMasque can be revoked by disabling the user account. The user's access can be restored at any time by re-enabling a disabled account. It is not possible to delete a user. A disabled user can no longer log into the DataMasque dashboard.
Note: Account details of single sign-on (SSO) users are not editable using the DataMasque user management console, although it is still possible to revoke access for such users using the disable/enable functionality.
Password Policy
DataMasque user passwords must conform to the following password policy:
Minimum password length is 8 characters.
Must not contain three or more sequential characters (e.g. "123").
Must not contain three or more repeated characters (e.g. "aaa").
Must not be similar to username or email or contain the words
masque
ormask
.Must not match any value in this list of 100,000 common passwords: https://www.ncsc.gov.uk/static-assets/documents/PwnedPasswordsTop100k.txt
Only admin users can change passwords.
Users will have 5 attempts at logging in, if they are unsuccessful, their account will be locked and will need to be reset by the admin.
For a guide to reset a users password please follow the Password Troubleshooting Guide.