Admin

Overview

The Admin menu of the user interface has sub-menus to access features like Role and Permission, Custom Scripts and MAU graph. These features will be discussed one by one in this section.

Role and Permission Management

The administrator can control user access to pages and features of Admin UI by adding or removing the permissions mapped to the user's role.

Admin UI Role

The logged-in administrator can create, edit or destroy Admin UI Roles using the Admin UI Roles Page. The Admin UI Role can be assigned to the user using the User Management feature of this GUI. After installation, the following Roles can be seen on Admin UI: api-viewer, api-editor, api-manager and api-admin. The default user of Admin UI i.e. admin is assigned with api-admin role. A user with one or more Admin UI Role(s) assigned will be able to log in to Admin UI.

Permissions (Scopes)

Admin UI uses Config API to manage and configure the Jans Auth server. Config API helps in configuring auth-server, users, fido2 and scim modules. The APIs of this rest application are protected using an authorization token containing the appropriate permissions (scopes). Admin UI has the feature to add, edit and delete the Permissions used to access the APIs (i.e. APIs used by Admin UI).

Role-Permission Mapping

The administrator can map the Admin UI Role(s) with one or more permissions using the Role-Permission Mapping page. The Role mapped with Permissions can be then assigned to the user to allow access to the corresponding pages and features of the GUI.

The below table lists the Permissions for access control of the features:

Permission	Description
https://jans.io/oauth/config/attributes.readonly	View Person attributes
https://jans.io/oauth/config/attributes.write	Add/Edit Person attributes
https://jans.io/oauth/config/attributes.delete	Delete Person attributes
https://jans.io/oauth/config/scopes.readonly	View the Scopes
https://jans.io/oauth/config/scopes.write	Add/Edit Scopes
https://jans.io/oauth/config/scopes.delete	Delete Scopes
https://jans.io/oauth/config/scripts.readonly	View the Scripts
https://jans.io/oauth/config/scripts.write	Add/Edit Scripts
https://jans.io/oauth/config/scripts.delete	Delete Scripts
https://jans.io/oauth/config/openid/clients.readonly	View the Clients
https://jans.io/oauth/config/openid/clients.write	Add/Edit Clients
https://jans.io/oauth/config/openid/clients.delete	Delete Clients
https://jans.io/oauth/config/smtp.readonly	View SMTP configuration
https://jans.io/oauth/config/smtp.write	Edit SMTP configuration
https://jans.io/oauth/config/smtp.delete	Remove SMTP configuration
https://jans.io/oauth/config/logging.readonly	View Auth server log configuration
https://jans.io/oauth/config/logging.write	Edit Auth server log configuration

Custom Scripts

Custom Scripts are used to implement custom business logic for authentication, authorization, client registration, cache refresh, scopes, token revocation etc. The Jans-Auth Server leverages Custom Scripts when implemented can facilitate complex business workflows without changing the auth server code. Admin UI provides the interface to add/edit/delete custom scripts.

Custom Scripts fields descriptions

• INUM: Unique id identifying the script.
• Name: Name of the custom script. Only letters, digits and underscores are allowed.
• Description: Description of the script.
• Select SAML ACRS: The SAML parameter Authentication Context Requests (ACRS).
• Script Type: The type of the script (e.g. PERSON_AUTHENTICATION, INTROSPECTION, APPLICATION_SESSION, CLIENT_REGISTRATION etc).
• Programming Language: Programming language of the custom script (e.g. Java and Jython).
• Location Type: The location of the script, either database or file.
• Level: The level describes how secure and reliable the script is.
• Custom properties (key/value): Custom properties that can be used in the script.
• Script: Script content.
• Enable: Field set to enable or disable the script.

MAU Graph

This is a line graph showing month-wise active users under a selected date range.