Granting First Access
In the next steps the senhasegura will send emails and SMS messages to notify users. The email and SMS sending service must already been configured as we mentioned in the premises.
If the error "you will need to set up an SMTP account on senhasegura ." occurs, refer to the Orbit Web Interface manual to set up an email sending account.
Granting Access to Third-Party Users
After making the first settings you will be able to grant access to the already registered third party user. To grant access, go to the menu Domum Remote Access ➔ Settings ➔ Third Party Users and find among the records the user to whom you want to grant access.
Click on the user registration action button and choose the Request Access option
In the general tab, describe in the field, Justification why you are requesting this access for the user.
Choose in the field, Reason, one of the previously registered motives.
On the Credentials tab, add the credentials that the user can access.
Go to the Access limitation tab and set the Access permission period:
Start: Date and time when access can now be granted
Duration: Value and time parameter (minutes, hours, days and months) that the access will remain valid.
Access permission days: Mark the days of the week that the access can be made
Access permission times: Check the periods that the access can be performed
Sessions: Check whether the sessions can be unlimited, i.e. can be done more than once, if not determine the maximum number of sessions.
To finish click on Save.
You can grant access also via the remote access screen and follow the instructions above: Domum Remote Access ➔ Remote access ➔ Third-party access. Click on the report action button, under the New option, select the Vendor and the User, and click Next.
With this simply send the email containing the Domum access URL to this user, then go to the menu: Domum Remote Access ➔ Remote Access ➔ Third-party access.
In this report find the record for the user you want to grant access to and click the action button and the Send Access URL option.
The third-party user will receive the link to access Domum in his e-mail address or SMS according to what has been configured.
Granting Access to Employee Users
With the employee, group created you can grant access to an employee by following the menu: Domum Remote Access ➔ Remote Access ➔ Employees. In this report, you can see the list of employees who have already been granted access and even those with terminated access. To grant access follow these instructions:
Click the New button
Select the Employee group, created earlier, then select the User member of this group you wish to grant access to. Remember that only users who are members of the selected group will be available for selection.
In the Justification field, describe why remote access is being granted to this employee. This justification can be viewed in the user's access details.
Then select a Reason for granting this access.
Go to the Access limitation In this tab you should indicate how long this access will be valid. In the field, Start enter the date and time that the access will start to be valid, in the field, Duration enter a value and a duration metric (minutes, hours, days or months) for the access. Remember that the duration will be calculated from the date and time entered in the Start field.
To finish click on Save.
With that done go to the Domum Remote Access ➔ Remote Access ➔ Employees menu. In this report find the record for the user you want to grant access to and click the action button and the Send Access URL option. The employee will receive the link to access Domum in his e-mail address or SMS according to what has been configured.
Receiving the Access URL
After granting access to the third party or employee user, they will receive in his/her e-mail (the e-mail address informed in the user registration form) the access link to the Domum platform.
It is important to remember that this link is for the exclusive use of the user who received it, it should not be shared with other users as this may result in a breach of confidentiality and the principle of least privilege.
A few seconds after receiving the e-mail the user will also receive the token for the first access to the platform. The token will be sent by e-mail or SMS, depends on the token parameter configured previously.
Employees will not receive the access token, their authentication will be done through their common access credentials. after successful authentication, the registration of an OTP token will be requested.
The Domum module does not support SSO authentication.
Click on the link or copy and paste it into your browser, insert the token provided. After the authentication is successfully done, the user will have to register a new Token OTP that will be required in all his accesses. If you enter the wrong token and the screen displays an error message automatically a new token will be sent to the user.
With the registration of the token complete, the user will be presented with the Domum interface which consists of a report with all the credentials he has been granted for remote sessions and password views, all according to the policy of the group this user belongs to.
For employees, after authentication, the senhasegura platform will be displayed, and the user will be able to use the modules and functionalities he already uses in the organizational environment, normally, according to his user permission and the access group he belongs to in each module.
In addition to the password view and start remote session actions, you can also check details such as days and times that access is allowed, the maximum number of sessions that can be done, as well as the list of credentials held by the user and the last accesses, performed.
When accessing Domum the third party user will see a report with a list of all the credentials, which were granted to him by the administrator.
This report will display the action buttons for viewing a credential's password or starting a remote session on a device.
Besides, a list will be available for the user to check which credentials are in his custody, and another list with the remote sessions held by him.