Initializing help system before first use

Managing Users

Xpress Insight implements a user authentication and authorization security system. Users and programs must successfully log in to the Xpress Insight server with an authenticated set of user credentials before using the system or making requests to the server.

User Authentication Defaults

The default configuration authenticates against user credentials stored within the Xpress Insight database. User information is stored as plain text with passwords persisted in a one-way encrypted form using SHA-256 hashing (1024 iterations and a random 8-byte random salt value).

The default installation includes the following pre-configured administration account:
  • Username: admin
  • Password: admin123

This account is pre-configured with access to all features of the Xpress Insight system, including the administration interface. The password (admin123) should be changed immediately after the application is deployed.

Once a user is authenticated, the authorization system returns a set of authorities for the logged-in user. Certain authorities are required to invoke actions by the Xpress Insight server—see Reviewing Preconfigured System Authorities for a full list of pre-configured system authorities and the actions they authorize.

User accounts are associated with one or more authority groups, and user actions are restricted in scope to apps of which the user is a member. See Using the Predefined Authority Groups and Users for further information about predefined authority groups.

Note There must be at least one active user with the SYS_USER authority within the application at any one time. Actions that attempt to remove the last active SYS_USER, such as removing SYS_USER from an authority group or removing an authority group assigned to a user, cannot be performed. SYS_USER grants access to the user management functionality (including authority management) of the Xpress Insight Admin interface.
Note Idle connections will be logged out after 30 minutes—a warning message will be displayed five minutes before the user is automatically logged out.

Covered Topics
  • Listing and Adding Users
    The user list enables an administrator to assign access to features and apps.
  • Updating Users From LDAP
    When Partial LDAP is enabled, the UPDATE FROM LDAP button is enabled on the List users page.
  • Generating a User Report
    The following describes the tasks associated with generating a user report. Note that user report information is updated on a real-time basis.
  • Listing, Editing, or Adding Authorities
    Authorities define the capabilities that can be assigned to a user. Managing authorities is an important task for user administration.
  • Managing Authority Groups
    Managing your user authority groups is an important part of the Xpress Insight user authentication and authorization security system.
  • Reviewing the Pre-Configured System Authorities
    Review the Xpress Insight pre-configured system authorities which are part of its authorization system.
  • Tableau Configuration
    The TABLEAU tab is used to view and maintain the integration with Tableau. It also provides the facility to check on the integration with Tableau and to check and synchronize the user accounts in the two applications.
  • Configuring LDAP
    The LDAP tab is used to view and maintain the integration with LDAP for user authentication and to retrieve basic user information (first name, last name, and email address). Only users with SYS_SERVER authority can access this tab.
Parent Topic Insight 4 Administrator Guide

© 2001-2020 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.