Content Comparison

Table of Contents

The Security → Security Groups page can be reached by clicking the menu item.

Table of Contents

Info

title	User Account Control

Active Directory Authentication types

Flowster Studio uses two values for the authentication type in the Active Directory entries: Secure and Secure Socket Layer.

The Secure one: requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.

The Secure Socket Layer one: Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.

Active Directory supports both Kerberos and NTLM. Windows will first try Kerberos and if all the requirements are not met, it will fallback to NTLM.

Keberos is the default authentication method for AD but it can fallback to NTLM in some cases, but that is handled by Windows itself. Kerberos is used every time a login to an AD is made.

As an example, accessing file share by name like \server1\share would invoke Kerberos and should succeed given proper permision. But accessing same file share using IP address would invoke Kerberos first and fail (as there is no SPN for IP Address) and then fail over to NTLM.

Here are some links for a better understanding of how the two protocols are working:

https://msdn.microsoft.com/en-us/library/bb742516.aspx

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

...

During installation, a super admin user must be entered in order to successfully install the application on a computer. The Super Admin set during installation, can be a custom user (custom users are database users thus no authentication provider is required) or selected from an Active Directory OU, is the only one that can access Flowster Studio components at login. He will be the only one that can define other Active Directory, Google, Azure or Local/Custom users/groups as super admins, administrators or users, by adding them into specific security groups types.

NOTE: A custom user is a database user that does not require any authentication provider defined

The predefined SuperAdmins group cannot be deleted from Administrator. Also, if there is only 1 user in the SuperAdmins group, it will not be deleted (there should be at least 1 user in this type of group).

...

All users from this group type can access all Flowster Studio components without the need of creating a Permission Role (e.g. case for administrators groups). Only users from the SuperAdmins group will have visibility and control over this group in the Security Groups page.

The Update cache for users button can be used when the data (ex. users) update from database was not automatically done.

Load only custom users: if this option is checked, the user can see only the custom users spread through all security groups.

Export Custom Users:

click on Export Custom Users
the custom users will be exported in a csv file

Import Custom Users:

...

Note: Passwords can be filled in the csv file and imported with the user's data. Dates can be modified, but the format must be kept dd/mm/yyyy.

Other Security Groups

Administrator gives users the possibility to create unlimited number of security groups and subgroups, as well as adding Active Directory, Google, Azure or Local users or groups into manually created groups.

...

click on the security group/subgroup
go to Execution Groups tab in the Selected Admin Group Info panel and check the desired Execution Group

Other options