User Authentication Defaults

User information is stored as plain text with passwords stored in a one-way encrypted form using BCrypt 2A, strength 10.

The default installation includes the following pre-configured administration account:

Username: admin

Password: admin123

This account is pre-configured with access to all features of the Xpress Insight system, including the administration page. The password (admin123) should be changed immediately after the application is deployed.

Once a user is authenticated, the authorization system returns a set of authorities for the logged-in user. Certain authorities are required to invoke actions by the Xpress Insight Server. For more, see Reviewing Pre-configured System Authorities for a full list of pre-configured system authorities and the actions they authorize.

User accounts are associated with one or more authority groups. See Using the Predefined Authority Groups and Users for further information about predefined authority groups.

Note There must be at least one active user with the SYS_USER authority within the application at any one time. If an action is performed that results in there being no active SYS_USER, an error is displayed indicating that the requested action cannot be performed. Examples of this type of action include removing SYS_USER from an authority group or removing an authority group assigned to a user. A user administrator cannot remove their own SYS_USER authority.