STC | iQ 1.17.5.1 User Guide

Add/Update SSO Users

State users must add and update single sign-on (SSO) users through the SSO-enabled IWeb application using the steps listed below. The method listed below is the only one that allows SSO users to access these applications. Of note, Keycloak is the application STC uses to enable SSO functionality within the IWeb and iQ applications.

Prerequisite

Be sure the SSO-enabled IWeb application is installed and running.

Add a New User

1. Open the SSO-enabled IWeb application in a browser tab or window.
2. Click Main > Login from the menu along the left side. The SSO login page opens.
3. Enter an administrator-level username and password, then click Log In. The Select Organization (IRMS) page opens in IWeb.
4. Click the Administration menu link. The Administration Main Menu page opens.
5. On the Administration Main Menu page, scroll down to the User Management section and click Search / Add User. The Web User Search page opens.
6. Enter the username for the new user you wish to add in the User Name field and click Search. This is to make sure the username does not already exist in the system.
7. If the username appears in the Search Results list, choose a new username and repeat step 6 above. Otherwise, if the username does not appear in the Search Results (and the message continues to display Showing 0 to 0 of 0 entries), click the Add button to add the new username. The Web User Maintenance [Add] page opens with the new username pre-populated in the User Name field.
8. Enter information into at least the following fields:
   • Enter a new password twice and select Expire Now to force the user to change their password when they first log in
   • Enter the user's First Name
   • Enter the user's Last Name
   • Enter the user's Access Level (example: Registry Client)
   • Depending on the Access Level selected, select the Organization (IRMS) from the drop-down list. This is optional for some access levels and required for others.
   • Depending on the Access Level selected, select the Facility from the drop-down list. This is optional for some access levels and required for others, but the Organization must be selected first, in order to populate the Facility drop-down list.
   • Enter the user's email address. This allows the user to use the reset password feature on the login page (if enabled); otherwise, the user must contact an administrator or support staff to do so.
     

     NOTE: If the email address entered is already associated with another user, or if no email address is entered, a non-operative email address (for example, new_user@null.stchome.com) is automatically generated and stored in Keycloak because Keycloak prohibits duplicate or empty email addresses. If this happens, the user is not able to use the reset password feature on the login page (if enabled).

   • Select the appropriate permissions for the new user.
   • Enter the Keycloak role(s). Note that in addition to the iQ Keycloak roles, it is recommended that users additionally be given the Access IWeb role to allow the user the ability to change their password, if necessary. The following are the available iQ-related Keycloak roles:
     • Access iQ - Can be given to iQ State users, Organization users, and/or Facility users
     • State Level Permissions - Should only be given to iQ State users
     • Organization Provider Content (data) Security - Should only be given to iQ Organization users
     • Provider Level Permissions - Should only be given to iQ Facility users
     • Provider Interface Profile Form - Should only be given to iQ Organization or Facility users who just need access to the interface form as part of onboarding. (See Organization/Facility User Workflow)
     • For an Organization user to have access to just the interface form, they must be given all three of these permissions: Access iQ, Organization Provider Content (data) Security, and Provider Interface Profile Form
     • For a Facility user to have access to just the interface form, they must be given all three of these permissions: Access iQ, Provider Level Permissions, and Provider Interface Profile Form
9. Click Save. If the new user was correctly entered, the message Web user record added successfully displays at the top of the page and the new user's account details display on the page.
10. From the left navigation menu, click Main > Logout to log out of IWeb.

Update a User

To update a user's information - perhaps to reset their password, correct their name, access level or email address, or to modify their permissions or Keycloak role(s) - follow the steps below.

1. Open the SSO-enabled IWeb application in a browser tab or window.
2. Click Main > Login from the menu along the left side. The SSO login page opens.
3. Enter an administrator-level username and password, then click Log In. The Select Organization (IRMS) page opens in IWeb.
4. Click the Administration menu link. The Administration Main Menu page opens.
5. On the Administration Main Menu page, scroll down to the User Management section and click Search / Add User. The Web User Search page opens.
6. Enter the username for the user you wish to update in the User Name field and click Search. Users that match the search criteria appear in the Search Results list below the search parameters section on the page.
7. Locate the user in the Search Results list and click it (anywhere on the row). The Web User Maintenance [Detail] page opens.
8. Click the Update button. The Web User Maintenance [Update] page opens with the user's details pre-populated.
9. Update the information as needed and click Update. The message IWeb user record updated successfully displays at the top of the page.
10. To log out of IWeb, click Main > Logout on the left navigation menu.

Related topics:

• Administration
• SSO & User Type Roles
• User Login & Application Access
• STC Application Interoperability