A user is an individual Informatica Intelligent Cloud Services account that allows secure access to an organization. A user can perform tasks and access assets based on the roles that are assigned to the user. You can assign roles directly to the user or to a group that the user is a member of.
Administrators can create and configure user accounts for the organization.
The Users page lists the users in your organization. To access the Users page, in Administrator, select Users.
The following image shows the Users page:
The Users page displays user statistics for the organization and lists each user. If you use Application Integration, the page also lists the Application Integration anonymous user and its status. To view detailed information about a user, click the user name.
You can perform the following tasks for a user:
•View and edit user details.
•Create a user.
•Assign and unassign services.
•Disable a user.
•Reset a user.
•Reassign a user's scheduled jobs to a different user.
•Delete a user.
User authentication
Informatica Intelligent Cloud Services uses different types of user authentication. Native users are authenticated through Informatica Intelligent Cloud Services. Salesforce, Microsoft Azure, and SAML users are authenticated through their identity providers.
Informatica Intelligent Cloud Services can use the following types of user authentication:
Native
Native users log in to Informatica Intelligent Cloud Services through the Informatica Intelligent Cloud Services login page using their user names and passwords. They are authenticated through Informatica Intelligent Cloud Services.
Salesforce
Salesforce users sign in to Informatica Intelligent Cloud Services through Salesforce or a Salesforce app. They are authenticated through Salesforce.
For more information about Salesforce authentication, see the help for the Salesforce connector in the Data Integration help.
Microsoft Azure
Microsoft Azure users sign in to Informatica Intelligent Cloud Services through Microsoft Azure. They are authenticated through Microsoft Azure.
SAML users sign in to Informatica Intelligent Cloud Services through their identity provider. They are authenticated through their identity provider.
For more information about configuring SAML single sign-on, see SAML single sign-on.
Application Integration anonymous user
If you have licensed Application Integration, Informatica Intelligent Cloud Services creates a system user called CAI_Anonymous_<Organization_ID>. Application Integration needs this user when you invoke an anonymous process that calls a Data Integration task.
Important: Do not edit or delete the Application Integration anonymous user if you need to invoke an anonymous process that calls a Data Integration task.
If you assign custom permissions to a Data Integration task and invoke the Data Integration task through an Application Integration process or a guide, you must complete either of the following tasks:
•Give the Application Integration anonymous user permission to run the associated Data Integration asset.
•Add the Application Integration anonymous user to a user group that has permission to run the associated Data Integration asset.
User statistics
If you have the Admin role or the Read User and Audit Log - View privileges, you can view user statistics for your organization.
The statistics area on the Users page displays statistics such as the number of users in the organization, the number of users with each status, and the number of users that logged in during a certain time period.
The following image shows the statistics area:
You can use the statistics area to filter the users on the Users page. For example, to display only users with the status Pending Activation, click Users Pending Activation. To list all users, click Total Users.
If you have the Admin role or the Create User and Audit Log - View privileges, you can view a graph of the numbers of users that logged in per day during the last 7, 30, or 90 days. To view the graph, click Chart View and select the appropriate time period. You can also download a report that lists the login date and time for each user during the time period.
To return to the list view of the Users page, click List View.
User details
You can configure user details such as user name, email, login settings, and assigned user groups and roles on the user details page. To display the user details page, in Administrator, select Users, and then click the user name.
The following image shows the user details page:
You can configure the following details for a user:
User information
The following table describes the user information:
Property
Description
First name
First or given name of the user.
Last name
Last or family name of the user.
Job title
User job title.
Phone number
Telephone number for the user.
Email
Email address of the user.
Must be a valid email address in the format: <local_part>@<domain>. For example, jsmith@mycompany.com.
Description
Optional user description.
Login settings
The following table describes the login settings:
Property
Description
Authentication
Authentication method. Can be one of the following values:
- Native. The user is authenticated through Informatica Intelligent Cloud Services. The user logs in through the Informatica Intelligent Cloud Services URL.
- Salesforce. The user is authenticated through Salesforce and signs in through Salesforce or a Salesforce app.
- Azure SSO. The user is authenticated and signs in through Microsoft Azure.
- IDP with SAML. The user is authenticated and signs in through a SAML identity provider.
Activate using verification code /
Activate using Salesforce OAuth
Account activation method for Salesforce users. Select one of the following options:
- Activate using verification code. Select this option when the user signs in to Informatica Intelligent Cloud Services through a Salesforce app.
When you select this option, the user receives an email with a verification code. The user account is activated when the user logs in to Salesforce, opens the Salesforce app, and enters the verification code.
- Activate using Salesforce OAuth. Select this option to activate the user account using Salesforce OAuth.
When you select this option, the user receives an email with a Confirm Account link. The user account is activated when the user clicks the Confirm Account link and enters the Salesforce user name and password.
These options are displayed when the authentication method is Salesforce.
Environment
Salesforce organization environment, either production or sandbox.
This option displayed when the user activation method is Salesforce OAuth.
User name
Informatica Intelligent Cloud Services user name. Must be unique within the Informatica Intelligent Cloud Services organization. You cannot change the name after you save the user.
This property is displayed when the authentication method is Native.
Salesforce user name
Salesforce user name. Must be unique within the Informatica Intelligent Cloud Services organization. You cannot change the name after you save the user.
For Salesforce users, the Informatica Intelligent Cloud Services user name is the same as the Salesforce user name unless that name is already used in the Informatica Intelligent Cloud Services organization. If the name is already used, then Informatica Intelligent Cloud Services appends the string ".Salesforce," ".Salesforce1," ".Salesforce2," etc. to the end of the Salesforce user name to form a unique Informatica Intelligent Cloud Services user name.
This property is displayed when the authentication method is Salesforce.
Azure user name
Microsoft Azure user name. Must be unique within the Informatica Intelligent Cloud Services organization. You cannot change the name after you save the user.
For Microsoft Azure users, the Informatica Intelligent Cloud Services user name is the same as the Azure user name unless that name is already used in the Informatica Intelligent Cloud Services organization. If the name is already used, then Informatica Intelligent Cloud Services appends the string ".Azure," ".Azure1," ".Azure2," etc. to the end of the Azure user name to form a unique Informatica Intelligent Cloud Services user name.
This property is displayed when the authentication method is Azure SSO.
SAML user name
SAML user name. Must be unique within the Informatica Intelligent Cloud Services organization. You cannot change the name after you save the user.
For SAML users, the Informatica Intelligent Cloud Services user name is the same as the SAML name identifier unless that name is already used in the Informatica Intelligent Cloud Services organization. If the name is already used, then Informatica Intelligent Cloud Services appends the string ".SAML," ".SAML1," ".SAML2," etc. to the end of the SAML name identifier to form a unique Informatica Intelligent Cloud Services user name.
This property is displayed when the authentication method is IDP with SAML.
Max login attempts
Maximum number of login attempts that the user can make before the user is locked out. Select a number or "No Limit."
If locked out, the user can click the Forgot your password link on the Login page, or the organization administrator can reset the user on the Users page.
This property is displayed when the authentication method is Native.
Account status
Account status. Can be one of the following statuses:
- Pending Activation. The user account has been created or reset, but the user has not yet activated the account.
- Enabled. The user account has been created and validated, and the user can log in to Informatica Intelligent Cloud Services.
- Locked. Applies to native user accounts. The account is locked because the user has exceeded the maximum number of login attempts. To unlock the user, the user can click the Forgot your password link on the Login page, or you can reset the user on the Users page.
- Disabled. The user account has been disabled by an administrator. The user cannot log in to Informatica Intelligent Cloud Services.
Initial application
This field is reserved for future use.
Force password reset on next login
Forces the user to reset the password the next time the user tries to log in.
This property is displayed when the authentication method is Native.
Assigned user groups and roles
You must assign at least one user group or role to each user. To assign or remove a user group or role, enable or disable the group or role, and then click Save.
When you assign a group to a user, all roles that are associated with the group become enabled. You cannot remove these roles individually. To remove the roles, you must remove the group.
Creating a user
Create a user on the Users page. When you create a user, the user status is set to Pending Activation or to Enabled based on the authentication method.
1In Administrator, select Users.
2Click Add User.
3Enter the user information.
4Enter the login settings:
aSelect the authentication method.
bFor Salesforce users, specify whether to activate the user account using a verification code or Salesforce OAuth.
cEnter the Informatica Intelligent Cloud Services user name or the user name in the third-party identity provider's system.
For native users, enter the Informatica Intelligent Cloud Services user name. For Salesforce, Microsoft Azure, or SAML users, enter the user name in the third-party identity provider's system.
The user name must be unique within the Informatica Intelligent Cloud Services organization. You cannot change the user name after you create a user.
dFor native users, select the maximum number of login attempts.
5In the Assigned User Groups and Roles section, select the user groups and roles that you want to assign to the user.
You can assign system-defined and custom roles to a user. If you assign a group, the user inherits all roles that are associated with the group.
6Click Save.
After you create a user, the user status is set as follows based on the authentication method:
•Native users are set to Pending Activation. The user receives an email to confirm the account. When the user clicks the Confirm Account link in the email, the user is prompted to set up a password and security question. When the user does this, the status changes to Enabled, and the user can log in to Informatica Intelligent Cloud Services.
•Salesforce users are set to Pending Activation.
If you activate the user using a verification code, the user receives an email with a verification code. The user account is activated when the user logs in to Salesforce, opens the Salesforce app, and enters the verification code.
If you activate the user using Salesforce OAuth, the user receives an email with a Confirm Account link. The user account is activated when the user clicks the Confirm Account link and enters the Salesforce user name and password.
•Microsoft Azure and SAML users are set to Enabled. The user can sign in through the user's identity provider.
Assigning and unassigning services
When you create a user, the user can access services based on the organization's licenses and the user's role. You can restrict the user's access to these services.
To allow or prevent a user from accessing certain services, you assign or unassign the services to the user. Assign and unassign services to a user on the Users page.
When you assign a service to a user, the service is visible on the My Services page. The user can access and use the service as long as the user's role allows this.
When you unassign a service, the user cannot see the service on the My Services page. The user cannot access or use the service regardless of the user's role.
For example, you want to allow an application developer with the Service Consumer role to use API Portal but not Data Integration or Application Integration. Assign the API Portal service to the user and unassign the Data Integration and Application Integration services. When you do this, the application developer can no longer see the Data Integration and Application Integration services on the My Services page. The application developer cannot use these services even though the Service Consumer role has privileges related to them.
1In Administrator, select Users.
2In the row that contains the user, click Actions and select Assign Services.
3In the Assign Services dialog box, select the services that you want to assign to the user and deselect the services that you want to unassign.
4Click Save.
Disabling a user
Disable a user on the Users page. When you disable a user, the user can no longer log in to Informatica Intelligent Cloud Services.
Before you disable a user, verify that the user did not schedule any tasks or taskflows. If you disable a user who has scheduled tasks or taskflows, the scheduled jobs fail.
When you disable a user, the user remains in the organization and in the Informatica Intelligent Cloud Services repository. You can view the user details, but you cannot edit them. Assets that the user created or updated also remain in the organization. On the Explore page, the Created by and Updated by columns indicate that the user is disabled.
1In Administrator, select Users.
2In the row that contains the user whom you want to disable, click Actions and select Disable.
Resetting a user
Reset a user on the Users page. You can reset a user whose account is disabled or locked. When you reset a user, the user status is set to Pending Activation or to Enabled based on the authentication method.
1In Administrator, select Users.
2In the row that contains the user, click Actions and select Reset.
After you reset a user, the user status is reset differently based on the authentication method:
•Native users are set to Pending Activation. The user receives an email to confirm the account. When the user clicks the Confirm Account link in the email, the user is prompted to reset the password and security question. The user can then log in to Informatica Intelligent Cloud Services.
•Salesforce users are set to Pending Activation.
If you activated the user using a verification code, the user receives an email with a verification code. The user account is activated when the user logs in to Salesforce, opens the Salesforce app, and enters the verification code.
If you activated the user using Salesforce OAuth, the user receives an email with a Confirm Account link. The user account is activated when the user clicks the Confirm Account link and enters the Salesforce user name and password.
•Microsoft Azure and SAML users are set to Enabled. The user can sign in through the user's identity provider.
Reassigning a user's scheduled jobs
Reassign a user's scheduled jobs on the Users page. You might want to reassign scheduled jobs when a user that has scheduled tasks or taskflows leaves the organization. You must reassign the user's scheduled jobs before you can delete the user.
The owner of a scheduled job is the last person that saves the scheduled task or taskflow. For example, in your organization, user Arun creates a schedule, user Beth creates a mapping task and assigns the schedule to the task, and then user Chandra updates and saves the task. Chandra becomes the owner of the scheduled job. If Chandra leaves the organization, you must reassign her scheduled jobs to another user before you can delete her user account.
1In Administrator, select Users.
2In the row that contains the user, click Actions and select Reassign Scheduled Jobs.
3Select a user to whom to reassign the scheduled jobs.
The user you select must be an enabled user.
4Click Reassign.
Deleting a user
Delete a user on the Users page. When you delete a user, the user is removed from the organization and from the Informatica Intelligent Cloud Services repository.
Before you can delete a user, you must reassign the user's scheduled jobs to a different user.
Note: You cannot reset a deleted user. If you think you might need to reactivate the user account, disable the user instead of deleting the user.
1In Administrator, select Users.
2In the row that contains the user whom you want to delete, click Actions and select Delete.
3If the user is the owner of any scheduled tasks or taskflows, Administrator prompts you to reassign the jobs to a different user. Select the user to whom you want to reassign the jobs and click Reassign and Delete.
If the user did not own scheduled tasks or taskflows, Administrator deletes the user. If the user was the owner of any scheduled tasks or taskflows, Administrator reassigns the jobs and then deletes the user.
