Security

Owned by Michael Standal
Last updated: Sept 08, 2022
2 min read

Overview

AMP is designed to work with the existing ACM security model. Users must login and authenticate through ACM. Once authenticated, AMP creates a session for the user and authorizes access to application pages. Users can be configured as administrators, which allows administrative page access during the session. The credentials used to authenticate and authorize with ACM are encrypted during session usage with ACM WCF services. ACM Users and Roles are enforced per task, such as execution of device commands or changing supported device configuration properties.

ACM Security

AMP authenticates with ACM, allowing a user session to be created. ACM security can be enabled or disabled. Each one will be covered below. See ACM Security for details.

ACM Security Disabled

When disabled, authentication is not dependent on the ACM configuration. Command execution and device property changes will not have Role configuration enforced.

The following conditions must be met to allow a session to be created with ACM security disabled:

  1. The username entered must not be in a Locked out state.

  2. The AMP licensed users number has not been exceeded.

  3. The domain/username/password is a valid network or domain account.

ACM Security Enabled

When enabled, authentication is dependent on the User Mobile Access setting in the ACM configuration. The domain/username entered on the Login page must match a User in ACM by username or by group membership. Command execution and device property changes will have Role configuration enforced.

The following conditions must be met to allow a session to be created with ACM security enabled:

  1. The username entered must not be in a Locked out state.

  2. The AMP licensed users number has not been exceeded.

  3. The domain/username/password is a valid network or domain account.

  4. The domain/username must match a User in ACM by username or by group membership.

  5. The User configuration in ACM must have Mobile Access enabled.

Sessions

Once a user is authenticated via Login and the ACM security process is completed (described above), a session is created and the user is redirected to the Dashboard. The session length is determined by the Session Length property on the Server administration page. Once a session has expired, the user is returned to the Login page. A user may perform a manual logout by clicking the Logout icon on the application toolbar. See Application Toolbar for details on its usage.