Users Window

This indicates that ALL client machines at your institution are validated using the "standard" or "database" authentication. All J1 Desktop and J1 Web users are created and managed using this window. Once users are created, they are assigned to the appropriate J1 user groups to determine their ability to access select J1 windows and functions. Information maintained on this window is saved to the Application User (APP_USER) table.

This indicates that ALL client machines at your institution are validated using "integrated" authentication. Most J1 Desktop and J1 Web users and permissions will be created and maintained using Active Directory and not this window. A SQL Server Agent job synchronizes the Application User (APP_USER) table with Active Directory. When using integrated authentication, the Active Directory User column is available allowing the administrator to associate an Active Directory user with the J1 Desktop or J1 Web user. Typically, this association will only be necessary during the initial implementation of Active Directory for J1 or if an Active Directory user account changes and requires special modification. All new users created in the Active Directory are associated by the SQL Server agent job.

This indicates that some client machines use "standard" authentication while others use "integrated" authentication. Users created and maintained in Active Directory (integrated authentication) typically do not need to be altered using this window while users not maintained in Active Directory (standard authentication) are created and maintained using this window and further associated with the appropriate user groups.

Use this feature to enable or disable a user's access to J1 Desktop and J1 Web. Disabling a user differs from deleting a user. A disabled user can be re-enabled with their original group memberships and related permissions automatically restored. A deleted user must be recreated.

Inactive J1 users

· Cannot log into J1 Desktop

· Cannot be assigned to user groups, which controls the information and features available to the user

· Are unavailable from any J1 Desktop windows (including Name Search and Name Entity) unless the In J1 Desktop windows, show Inactive Users checkbox is selected on the System Admin User Preferences window.

· Are not included in the Security Audit reports

Inactive J1 Web users

· Cannot log into J1 Web

· Cannot be assigned to J1 Web roles, which control the information and features available to the user

You can set a user up to be an:

· Active J1 Desktop user

· Active J1 Web user

· Active J1 Desktop and Active J1 Web user

Active J1 Web users do not have to be active J1 Desktop users; however, access to important J1 Desktop data and J1 Web functionalities may be limited.

If a J1 Web Advising Administrator isn???t an active J1 Desktop user, they may not be able to review crucial planning information.

If a user's active directory account (SQL J1 login) is deleted or missing a matching SQL Server login, their J1 Desktop and J1 Web logins are automatically deactivated.

· Display

· Active J1 Desktop User

· Active J1 Web User

· User ID

· Description

· ID Number

· Name

· Active Directory User

· Audit User

· Password Expiration Date*

· Notification Enabled

· SEVIS User ID

· Directory Service User Name

· Exchange Service User Name

· Last Login Time

· Added Date

· Created From

· User Groups button

*This column is only available when the Enable Password Expiration configuration is Y on the J1 Desktop Maintain Config Table window (CM module, PASSWORD function, ENABLE_PWD_EXP characteristic).

1. Access the Maintain Config Table window.

2. Look for the following configuration setting:

Module = 'TL'

Function = 'GLOBAL_VARIABLE'

Characteristic = 'EX_AUTH_MODE'

Possible values for this setting are S (Standard), I (Integrated), and M (Mixed).

Users can only be added using this window if you are utilizing standard or mixed authentication.

1. Access the Users window.

2. From the right-click or Options menu, select Add Row.

3. Users are automatically activated for J1 Desktop and J1 Web, which allows them to log into J1 Desktop and J1 Web, and to be assigned to user groups and roles that determine their permissions to features and information. To disable a user from J1 Desktop or J1 Web, deselect the Active J1 Desktop Login or Active J1 Web Login check box. Disabled J1 Desktop users cannot log into J1 Desktop and disabled J1 Web users cannot log into J1 Web.

4. In the User ID field, enter the new user's ID. This is the username the user will enter to log into J1 Desktop and/or J1 Web.

5. In the Description field, enter a brief description of the user. For example, their full name.

6. From the ID Number column, enter or search for a valid J1 Desktop user ID Number. To search, right-click and select Advanced Search. Once entered or selected, the Name column automatically displays the name of the selected ID Number.

An ID Number is required for J1 Web users.

Because users with either a negative number or ???999999999??? in the ID Number column cannot be edited or deleted from the Users window, consider giving administrative users one of these protected ID numbers.

7. If you are using active directory authentication, select the appropriate active directory user name from the Active Directory User drop-down options. These names are from the LDAP_USER_NAME table populated by a SQL Server Agent job.

8. If your school is using SQL Server authentication and configured to enable password expiration (J1 Desktop Maintain Config Table window, CM module, PASSWORD function, ENABLE_PWD_EXP characteristic), the Password Expiration Date field is shown. Enter the date and time when a user's password will expire using standard military time. For example, June 30th, 2017 at 5 PM is entered as 06/30/2017 17:00.

9. To track the user's login and function activity via the User Activity Reports window, select the Audit User check box.

10. To allow the user to receive application alert notifications in J1 Desktop, select the Notification Enabled check box.

11. From the SEVIS User ID drop-down options, select the Primary Designated School Official (PDSO) who is authorized to approve data contained in the SEVIS tables.

12. If your school is using single sign-on capabilities between J1 Web and other systems, enter the user's Directory Service User Name in this field. If your school has enabled Microsoft Outlook syncing in J1 Web, you must enter your users' User Principal Name (UPN) to ???link??? your J1 Web users to their Outlook calendar. Generally the UPN is in this format: username@domain.

13. Click Save.

1. Access the Users window.

2. Locate the user to be activated.

To quickly find a user, use the Display drop-down options to sort users or use the first row to enter specific information such as the user's name or ID.

3. Select the Active J1 Desktop User check box, if applicable. The user will be able to log into J1 Desktop and can be assigned to J1 Desktop user groups to determine their access to J1 Desktop information and features.

4. Select the Active J1 Web User check box, if applicable. The user will be able to log into J1 Web and can be assigned to J1 Web user roles to determine their access to J1 Web information and features.

5. Click Save.

Users with either a negative number or ???999999999??? in the ID Number column cannot be deactivated.

1. Access the Users window.

2. Locate the user to be deactivated.

To quickly find a user, use the Display drop-down options to sort users or use the first row to enter specific information such as the user's name or ID.

3. Deselect the Active J1 Desktop User check box, if applicable. The user will not be able to log into J1 Desktop and cannot be assigned to J1 Desktop user groups.

4. Deselect the Active J1 Web User check box, if applicable. The user will not be able to log into J1 Web and cannot be assigned to J1 Web user roles.

5. Click Save.

1. Access the Users window.

2. Locate the user whose information you wish to update.

To quickly find a user, use the Display drop-down options to sort users or use the first row to enter specific information such as the user's name or ID.

3. To update the user's login capabilities, select or deselect the Active J1 Desktop Login and/or Active J1 Web Login check boxes as needed.

4. If needed, update the user ID by typing in the User ID column.

If you edit the User ID, you must also rename this user's server Login and Database User accounts in Microsoft SQL Server Management Studio. The User ID column must match the name entered for the Login in Microsoft SQL Server Management Studio to allow the user to log into J1 Desktop and J1 Web.

5. If needed, update the description by typing in the Description column, for example, to update their name.

6. To assign or change an ID number, from the ID Number column, enter or search for a valid J1 Desktop user ID Number. To search, right-click and select Advanced Search. Once entered or selected, the Name column automatically displays the name of the selected ID Number.

An ID Number is required for J1 Web users.

Because users with either a negative number or ???999999999??? in the ID Number column cannot be edited or deleted from the Users window, consider giving administrative users one of these protected ID numbers.

7. If you are using active directory authentication and need to update the active directory user name, select the appropriate user name from the Active Directory User drop-down options. These names are from the LDAP_USER_NAME table populated by a SQL Server Agent job.

9. To track the user's login and function activity via the User Activity Reports window, select the Audit User check box. To stop tracking the user's activity, deselect the check box.

10. To change whether the user receives application alert notifications in J1 Desktop, select or deselect the Notification Enabled check box as needed.

11. If needed, from the SEVIS User ID drop-down options, select the Primary Designated School Official (PDSO) who is authorized to approve data contained in the SEVIS tables.

12. I

13. Click Save.

Users can only be deleted using this window if you are utilizing standard or mixed authentication.

Users with either a negative number or ???999999999??? in the ID Number column cannot be deleted.

1. Access the Users window.

2. Select the user to be deleted.

3. Right-click and select Delete Row. A delete confirmation window appears.

4. Click Yes. The user is permanently deleted from all dependent tables. The deletion of dependent rows is executed by the EX_DELETE_APP_USER stored procedure.

To expand this processing, customize the CUST_DELETE_APP_USER stored procedure, which executes at the end of the EX_DELETE_APP_USER stored procedure.

1. Access the Users window.

2. Click on the row of the user whose group membership you wish to update.

3. Click the User Groups button. The Groups for User: window appears with that user's information displayed.

4. Locate the application group to which you want to give the user access and select the checkbox in the Member column.

5. Click OK.

1. Access the Users window.

2. Click on the row of the user whose group membership you wish to update.

3. Click the User Groups button. The Groups for User: window appears with that user's information displayed.

4. Locate the application group from which you want to remove the user's access and deselect the checkbox in the Member column.

5. Click OK.

Users Window

Standard Authentication Mode

Integrated Authentication Mode

Mixed Authentication Mode

Activating and Inactivating Users

Columns

How Do I...

To Learn More...