Users

Administrators

Administrators can configure, monitor and manage the Axon.ivy Engine. At least one administrator must be configured in ivy.yaml.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Engine Administrators
# [engineDir]/configuration/ivy.yaml
Administrators:
  devop:
    Password: "${hash:admin}"
    Email: devop@localhost.com
  admin:
    Password: "${hash:mySecret}"
    Email: info@localhost.com
    FullName: "James David"

It is highly recommended to hash passwords of administrators by enclosing the password in cleartext with "${hash: and }" like "${hash:1234}" for password 1234. Hashed passwords can not be decrypted anymore. The Axon.ivy Engine will automatically hash and replace the password in file, when the configuration will be loaded

Workflow Users

Workflow Users are kept in a so-called security system which can be defined in ivy.yaml. Each application defines in app.yaml which security system is used. There are two types of security systems:

  • Internal Security System: Used to manage the users directly on the Axon.ivy Engine. There is only one Internal Security System, which is called Ivy Security System. No further settings are available for this Security System. This is also the default Security System for application which has no security system defined.

  • External Security System: Used to synchronize users from a name and directory service such as Active Directory. In addition to the users in the External Security System, new users can also be manually added and managed as with an Ivy Security System. The example below shows a simple connection to an Active Directory. Have a look at the ivy.securitysystem.yaml for all supported name and directory services and further settings.

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
    # sample ivy.yaml that define an Active Directory as security system
SecuritySystems:
  # Custom definied name of your security system
  ActiveDirectoryOfMyCompany:
    Provider: "Microsoft Active Directory"
    Connection:
      Url: "ldap://activedirectory.axonivy.com:389"
      UserName: "activedirectory_user@axonivy.com"
      Password: "${encrypt:1234}"
    Binding:
      DefaultContext: "DC=axonivy,DC=com"
      ImportUsersOfGroup: "CN=AXON Ivy IT,DC=axonivy,DC=com"

    1
2
    # app.yaml located in e.g. <configuration>/app-myApp.yaml
SecuritySystem: ActiveDirectoryOfMyCompany