User authentication and permission management (UAP) module
The
procedures described below outline the management of the additional user
authentication and permission management (UAP) module, including:
- General introduction.
- User authentication and management.
- General introduction.
- User authentication and management.
- User role and permission management.
1. General introduction
The main function of the User Authentication and Permissions (UAP) module is to authenticate users and define the actions they can perform in the software. This additional module enables controlled access to laboratory data, systems, and resources to ensure compliance with GLP regulations.
2. User authentication
When connecting to the software, the User Authentication and Permissions (UAP) module verifies the user's identity by checking their credentials, such as login name and password. The UAP module allows user management , either locally in the system (LAN1 connection, direct to PC) or centrally via an LDAP directory service ( = Lightweight Directory Access Protocol, LAN2 connection, recommended configuration in a GLP context).
Possible system configuration
After entering the system URL or IP address, you should be redirected to the system login page where you will need to enter your login details to access the system. For hardware installation, please refer to the article corresponding to your system here.
A- Local Authentication - LAN 1 connection:
For a local account, the email address and password will be specific to that system. Ensure you select local from the list of authentication servers.
The login will be based on the system type and name (available on the label on the system) followed by ‘.admin@etisense.com’.
For example: acq-srv-000XX.admin@etisense.com for a START2, acq-nano-000XX.admin@etisense.com or adv-srv-000XX.admin@etisense.com for an Advanced 4 system. The password will be provided to you upon receipt or training on the system.
User authentication page
Once you have entered your login details, the CONNECT button will become available. This will allow you to access the system and the software's home page.
Please note that when you first connect, your browser may display an alert because it does not recognise the system as a ‘reassuring website’ for questions relating to the navigator's certificate. Simply click on ‘advanced settings’ and ‘continue to the site’ in order to access the authentication page.
B- LDAP authentication - Network, LAN 2 connection:
For LDAP accounts, your credentials will be those stored and managed centrally in the internal LDAP directory. Ensure you select LDAP from the list of authentication servers.
For the first connection, even if the system is networked, use the previous LOCAL mode authentication to access the system. Then, for LDAP account configuration, contact your internal IT department. Refer to the user manual in the following section:
Administrator: Creating and Managing Centralised Users using an LDAP Directory.
Administrator: Creating and Managing Centralised Users using an LDAP Directory.
"Administrator: Creating and Managing Centralised Users using an LDAP Directory."
Configuring LDAP Directory
To use LDAP credentials, the system must be connected to the LDAP directory. Follow these steps:
- Click the gear icon in the top right corner [1].
- Select
MANAGE LDAP CONFIG[2] to access the menu shown below [3]:
Enter the following parameters to bind the system with the LDAP server:
LDAP server URL:
ldap://\<hostname_or_ip\>for secure modeldaps://\<hostname_or_ip\>,Base DN: the level from which the LDAP module will start searching (usually
DC=company,DC=com),Username Attribute: the LDAP attribute where user login is stored (usually
uid)Start TLS:
yesorno(usually:no)Expiration time: set the LDAP expiration time parameter
Inactivity time: set the LDAP inactivity time
Users filter: used to find a user in LDAP.
Example:
(&({username_attribute}={input})(objectClass=person))Groups filter: used to find a group in LDAP
(&(member={dn})(objectClass=groupOfUsers)).This parameter might be used to automatically provision which group from the LDAP is allowed to connect to the system.
User: User account for performing searches (must be a consumer account without special rights except reading rights),
Password: password of the user allowed to connect to the LDAP directory
Important: For security reasons and privacy enforcement, it is recommended to use the secured ldaps protocol for communication with the server.
Important: All users must have an email associated with their account in the LDAP server.
Once you have entered your local admin ID or your LDAP credentials, the CONNECT button will become available. This will allow you to access the system and the software's home page.
Software Home page
C- User visibility and logout
When you no longer need to use the system, you can log out for security reasons. To do so: Click on the profile button in the top left corner of the home page, then click on the LOGOUT button.
Logout procedure
Note that this icon and pop-up also allow you to:
- Change your password with CHANGE PASSWORD when using a LOCAL account (with LDAP authentication, the password will automatically adjust with changes to the internal directory)
- View and interact with other people connected to the system: If several people are connected, the icon 
will change colour to notify you of the presence of an additional user. You can then communicate with each other as needed.
An automatic logout time is built into the system to log out a user automatically after a period of inactivity. This time can be changed as needed.
3. User management
A- Creation and modification
SYSTEM ADMINISTRATOR accounts have the privilege of creating user profiles and/or modifying the role and permissions associated with a user.
To do this, click on the cog icon in the top right-hand corner of the home page.
Then select the MANAGE USERS button [2], which will take you to the user management page.
This page allows a user with the SYSTEM ADMINISTRATOR role to:
o Create new local users [3];
- Click on the + button in the bottom right corner to add a new local user [3]. Enter their details: Display name, Email (Login) and Password. You can also assign them a role (with more or less restrictive permissions depending on the role).
o Modify user information [4];
o Change user passwords [4];
o Define user roles to assign permissions (see section 8.2 in the ‘Roles’ column).
Please note that for LDAP configuration, users must log in to the system at least once to be provisioned. During the first authentications, they will not be automatically assigned a role and will not have any permissions to interact with the software. It is up to the SYSTEM ADMINISTRATOR to modify the user's role after their first authentication.
The buttons will appear as follows when a user is authenticated for the first time in LDAP:
B- User Deactivation
It is not possible to delete a user from the system for traceability reasons (configuration linked to the AUDIT TRAIL add-on module). However, when a user no longer needs access to the system, the administrator can deactivate them -> A deactivated user is no longer authorised to log in to the system.
To deactivate a user:
• Click on the ‘three dots button’ and select EDIT [4].
• Uncheck the box in the ACTIVE column for the corresponding user.
4. User role and permission.
A- User role management
Authorisation management in the LASA software is based on the roles assigned to each user within the system. A role consists of a specific set of authorisations that the administrator can grant or deny to a user to perform specific actions in the software.
The software is preconfigured with four distinct user roles, each with its own set of permissions. Permissions can be customised as needed to align with internal standard operating procedures.
User Roles - Default Permission Details:
Role Name | Default Permissions |
None | When a user is created, this default role grants no permissions except for logging into the system. |
User | Users with this role have read-only access to studies. They are unable to create, save records, perform analysis, or export reports. |
Technician | Technicians can access open studies, create and save records, perform analysis, and export reports. However, they are restricted from creating, renaming, modifying, deleting, or archiving studies. |
Study Director | Study Directors have administrative privileges on studies, allowing them to create, save, approve, and reopen records. They can also create, rename, modify, delete, or archive their own studies or those assigned to them. |
System Administrator | This role has full access to all features, including managing users and studies, creating, modifying, deleting, and archiving records, system configuration, updates, and complete access to all data/studies. |
To edit a
user ROLE, Click the “3 dots” icon in the “Actions” column of the user’s row
that needs to be characterized, then choose `Edit` [3].The user to be edited
will move to the top of the list; choose the desired user role from the
drop-down list in the “Groups” column [4]. Confirm the modification [5].
B- Permissions management
The administrator can easily configure permissions for specific user roles: A dedicated page is available in the software, providing access to a permissions matrix organised by major software action categories. This allows you to grant or deny all listed actions for the four defined roles.
To access the permission matrix, click on the gear button in the upper right corner [1], then on the MANAGE PERMISSIONS button [2].
The actions are grouped into ‘broad categories’: Default System Configuration, System, Study, Sessions, Data Management, Analyse, Acquisition, Users, etc. Simply tick one or more actions to assign them to a user role and allow that role to execute them [4].
Conversely, to remove permissions, simply uncheck one or more actions to remove them from a user role.
As a reminder, when a permission is not assigned to a user, it will appear as follows in the software:
Related Articles
Data transfer feature management
The following article describes how to manage data transfer between an acquisition system and an analysis server (Local or CLOUD). Introduction and prerequisites about the feature Introduction and system configuration details: The data transfer ...ECG delineation analyzer - additional module
This article details how to use the solution software module to perform the ECG delineation. 1. What is the ECG delineation module? The system provides 3 biosignals: the initial cardiac parameters provided in the software by the ECG analyzer module ...Study backup and restoration
In this article, you'll find out how to create, back-up and delete your study data. A) Study and session backup 1- Study export The lasa software implement mecanisms to export the complete and compressed database of a study. Raw data files and their ...Data analysis with LASA software (Last edition, Software version 2.16 and higher)
This article provides the key steps for data analysis with Lasa software and data export to Excel. The Excel file containing the physiological variables calculated for several animals studied can be used to draw initial conclusions or to prepare the ...Study design
This video explains how to design an experimental protocol in the solution software. KEY STEP IN STUDY DESIGN Groups and subjects creation A study consists of four parts: GROUPS, PHASES, ACQUISITION, and SESSIONS. It is mandatory in the software to ...