Table of Contents
- Organization of users and rights
- Setting up user templates
- Set up users
- Authentication with the xentral OTP Stick (optionally available)
- Workflow: create user + address and assign rights
- Rights history
The fine-grained rights system of xentral makes it possible to restrict access to data for each employee according to their tasks in the company. This makes xentral suitable for use by all hierarchical levels and departments, without allowing sensitive information to be viewed by unauthorized persons.
This module is relevant for everyone.
Organization of users and rights
The assignment of rights is done via user templates (corresponding user groups) and users. A separate user (account) should be created for each employee who uses xentral.
Depending on the organizational structure, it may make sense to assign rights not directly to users, but via user templates. For example, a user template with correspondingly set rights could be created for each department. The users (accounts) of the department members can then be assigned to this user template. This saves the tedious and error-prone setting or changing of rights for each individual user.
When assigning user templates, it should be noted that additional rights can still be assigned individually for the user - rights that the user receives through the user template cannot, however, be withdrawn individually! The assignment of a user template is described below in the section 'Setting up users'.
Setting up user templates
User templates can be set up under Administration → Settings → System → User Template.
Before the rights of the user template can be set under the 'Rights' tab, the newly created template must be saved. The rights assigned here will be inherited by the respective user when the user template is assigned.
Note: Rights highlighted in gray are not granted, rights highlighted in blue are granted.
Templates can be duplicated under the 'Copy templates' tab. This function reduces the effort if a template is to be created that is very similar to an existing one in terms of rights. If changes are subsequently made to a user template, click on the 'Match rights' tab in the template list after saving to apply the change to those users who are linked to a user template.
Set up users
You can create users under Administration → System → Users. Note that the employee for whom a new user (account) is to be created must be created under Master data → Addresses.
A new user can be created using the "+NEW" button. You will first land in the Users tab.
User is active → Selection that the user is actively used.
User name → Unique user name, e.g. employee's last name + first two letters of first name
Password/password wdh. → Password for login in xentral
Address from master data → reference to corresponding record in 'Master data → Addresses'
Account type → User ('Administrator' only for system administrator)
Selection → selection of login method
HW Key → is required when logging in via USB stick or hardware
HW Counter → required when logging in via USB stick or hardware
HW Datablock → is needed when logging in by USB stick or by hardware
Copy rights from user
Copy rights from user → If the new user to be created is to have the same rights as another user created previously, this can be selected here. The user that is created will then have exactly the same rights as the other user.
Upload rights file
Select file → Upload a file that contains the rights of the user.
Identifier → Entry of the identifier from the RFID mobile device so that it can be identified via RFID chip when logging in.
Internal description → Description of the user
Custom calendar color → Select the color with which the user's appointments should be displayed in the calendar
Allow remote access → Only if required (e.g. for field staff) or if xentral has been installed on an external server
Start page → Selection of the start page for the user
Failed logins → Number of failed logins that lead to the user being locked out
User template → Optional: user template to be used, the user inherits all rights of the template
Only after you have saved the new user, the Rights tab will appear. In the Rights tab you can configure the rights for the new user.
After successful setup of the user, he can log in to xentral. Menu items and functions for which he has no rights are not visible to him in the user interface.
The assigned right always refers to the entirety of the module used. For example, if a user has the edit right in the Address rights block, he can make changes in any area of the address. It is not possible to block individual fields for certain users, e.g. to protect only the Distribution field.
Authentication with the xentral OTP Stick (optionally available)
The xentral OTP stick serves as additional security when logging in to xentral. An OTP stick can only be used by one user, and generates a unique key sequence each time it is used. Therefore, the login is only successful if each of the following requirements is met:
- Username and password are valid
- The user has the correct xentral OTP stick
To configure this kind of login for a user, the following settings have to be made in the section "EXTERNAL LOGIN" (see also screenshot):
- HW Token: Setting the "xentral LoginKey + Username + Password" on
- HW Key: Enter here the hardware key that was assigned by xentral when you purchased the OTP stick
- HW Counter: The counter has to be set to 0
- HW Datablock: Here you have to enter the datablock which was assigned by xentral when you bought the OTP stick
Prefer project → Specify a project to be used preferentially for this user. When creating documents, the project field is pre-filled with this project. This makes sense, for example, if the employee works as a packer in the logistics process, who should only work on a special project
Language → Select the language
Prefer own e-mail → Specify that the own e-mail is always preferred over the company address
Default printer → Selection of the default printer
Default label printer → Selection of the default label printer
Printer level (shipping) → If the employee has his own printer for the packing table in the logistics process, for example
Printer level (parcel stamp) → If the employee has his own printer for the parcel stamps, for example
Standard fax → Selection of the standard fax machine
GPS time clock → Selection that a GPS time clock should be used for this user
Hide in calendar/chat → Selection that the user should be hidden in the calendar or chat
ICS Calendar → Select that the calendar is in ICS format
ICS calendar password → Specify the password for the ICS calendar
Docscan/WebDAV upload → The user can be unlocked for the Docscan app by checking this box and entering the password from Docscan
Docscan/WebDAV password → Enter the password for the Docscan app
Role → Select the role of the user e.g. sales, accounting, etc.
Login with the xentral OTP Stick
When logging into xentral with the OTP stick, proceed as follows:
- Enter user name
- Enter password
- Place cursor in the text field "optional OTP" (mark in screenshot)
- Insert the Xentral OTP stick into a USB port on the computer
- Wait until the OTP stick has issued its key sequence completely, it is not necessary to confirm with ENTER
- Remove the OTP stick from the computer
It should be noted that in case of a failed login, due to the use of the wrong OTP stick, the standard error message "Username or password incorrect." is displayed.
Authentication with mOTP (iOS/Android)
Note: Since there were more and more problems with mOTP, xentral decided to switch to TOTP.
Below is still the old entry for MOTP:
To use mOTP as 2-factor authentication, different apps are required depending on the mobile device (iOS/Android). iOS: Use the mOTP - mobile OneTimePasswords app.
Generate mOTP Secret - Open the app and generate a mOTP Secret.
The generated secret is now to be deposited with the respective user (you can also have the secret sent to you by e-mail).
The self-selected pin is to be entered and a one-time password is to be generated.
The user data and the generated password can now be used to log in securely.
Android: Using the DroidOTP app
Create profile in the app
Select as OTP type : 4-digit PIN
Generate mOTP Secret, there are 3 different options available here.
Secret and store the desired PIN in the user.
Enter 4-digit pin and store the generated password in the login screen at xentral.
Workflow: Create user + address and assign rights
The entire workflow for a user (create address+create and link user) is located here
The History tab provides an overview of the rights given to and taken from users. Log entries are made both when rights are distributed directly and when a template file is used or rights are copied.