License Management

QTS Dashboard Identity Providers

What is an Identity Provider/User Directory?

This is a system entity that creates, maintains, and manages identity information for users while providing authentication services to relying applications.  So in a simple sense, QTS uses Identity providers for two purposes.

  1. To know a user of the system in order to association roles and license pools to support product functionality/access.

  2. To authenticate users and verify they are valid within the system to access functionality.

The origin of the user is only important in fulfilling these purposes. Beyond that, it treats users in the system equally.

Currently, there are two types of  Identity Providers supported

  1. Internal QTS User Directory: This is installed by default

  2. Active Directory

Adding an Active Directory Identity Provider

Start by Clicking on the “Add Identity Provider” Button

There is a simple 4 step wizard implemented to help guide the user in adding an Active Directory. By completing the 4 steps a QTS Admin will have configured a connection to a particular AD and saved a valid configuration in the QTS system.

 Steps to Setting up Active Directory :

Username

The distinguished name of the user that the application will use when connecting to the directory server.

Examples:
  • cn=administrator,cn=users,dc=ad,dc=example,dc=com

  • cn=user,dc=domain,dc=name

  • user@domain.name

The specific privileges required by the user to connect to LDAP are ‘Bind’ and ‘Read’ (user info, group info, group membership, update sequence number, deleted objects), which the user can obtain by being a member of the Active Directory’s built-in administrators group.

Password

The password of the user-specified above.

Note: Connecting to an LDAP server requires that this application log in to the server with the username and password configured here. As a result, this password cannot be one-way hashed – it must be recoverable in the context of this application. The password is currently stored in the database with obfuscation. To further guarantee its security, you need to ensure that other processes do not have OS-level read permissions for this application’s database or configuration files.

Host:port

The host name of your directory server and the port on which your directory server is listening.

Examples:

BaseDN

The root distinguished name (DN) to use when running queries against the directory server.

Examples:

  • o=example,c=com

  • cn=users,dc=ad,dc=example,dc=com

For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure.

SSL

Check this if the connection to the directory server is an SSL (Secure Sockets Layer) connection. Note that you will need to configure an SSL certificate in order to use this setting

Editing an Active Directory Identity Provider

For Active Directory Identity Providers you will see a gear icon on the bottom right of their card.  Click on that and edit the details via the wizard dialog provided.

Removing an Active Directory Identity Provider
Click on the Garbage can of the provider card you wish to remove. After being prompted to confirm this the provider and all associated groups and users will be removed from the system.

Internal QTS User Directory Setup

Since the QTS User Directory is baked into the product there is no configuration required prior to adding users.

Using QTS Identity Providers with the Client

Users can obtain a Licence from QTS when they are given the appropriate privileges, for Users that are using an Active Directory or the Internal QTS Directory they connect to the server in the same location.  From a QVscribe client standpoint, the main difference in experience between these two types of users is that for internal QTS Users they will be prompted with a dialog to enter their credentials.  Active Directory Users will have their credentials automatically determined.   In both cases, the license request will be tied to the particular system by a unique system identifier.

QVscribe Floating Licenses

The number of seats available to a team is decided when QVscribe is purchased, this number can be added to anytime during the term if needed. In QTS, this total number can be divided among one or more Licence Pools. In order for a user to be eligible for a license, they need to be assigned to at least one pool.  In order for a user to obtain a license to access QVScribe, there must be an available license among the pools they are associated with.  Pools allow the admin to reserve a segment of the licenses for a particular individual or group of individuals. 

  • A Licence Pool with no licenses will never give users a license.

  • A Licence Pool with no users but license assignments will prevent them from being assigned.

  • A Licence Pool with one license will give it out in first come first serve fashion.

  • A Licence Pool with one member and a license assigned will ensure that users can always get a license.

A combination of pools and assignments can be set up as the QTS Admin desires to allow for flexibility in how different users obtain a license.

When is a Licence used?

One instance of the available license(license session) is used when a user requests access to QVscribe.  This means all users, regardless of role or origin can use a QVScribe product as long as they are eligible and able to obtain a license session.  Each user can also have parallel Licence sessions (use more than one at a time) if they request access from more than one machine at a time. As long as the user keeps that machine’s session going they will be taking one of the licenses available.

How to manage user sessions in the dashboard?

License Management

When a User receives a license you can see the basic details in the ribbon of the client. 

On Chrome Extension :

On QVscribe Dashboard,  you can see this active session on the Active License Session Tab.

On the Licence Pools tab, you can see the basic information about the pool and related active sessions.

When you click on the rows in the tables you are able to view or edit details around the particular Licence area.

Click on the Licence Pool row:

Clicking the Active Session row:

 

How to edit session duration?

On Active License Sessions Tab, the QVscribe admin has an option to edit the length license session duration as shown below :

Click it, edit and save to define session length after which unless user has an interaction on QVscribe Office or Chrome Extension :

QVscribe Office: If any QVscribe add-on has already obtained a valid license session, the license is automatically renewed unless the user explicitly sign-outs or closes all the office applications with QVscribe installed or goes offline for at least the length of session duration.

Then Signout.

QVscribe Chrome: If the QVscribe extension has already obtained a valid license session, the license is automatically renewed on the navigation of UI elements, during the time between expiry and navigation, another user has an opportunity to take away the license. The user also can explicitly sign out to pass the license back to the QTS pool.

Explicit signout from chrome extension on user setting tab : 

Then Signout :

QTS Dashboard License Pools

The QVscribe Teams Servers provides the ability to create license pools for managing your licenses.  This can be helpful for one of the following scenarios:

  1. To split licenses into groups for different departments or teams.  This means that different groups can purchase their own seats without having to set up a new QVscribe server.

  2. To ensure a seat is always available. You can create pools to help manage the usage of seats. If one or two individuals need a license at all times, you can create a license pool just for those specific users.

  3. To increase the chance that a certain set of users has access to a seat, you can add certain users to multiple pools.

Alternatively, you can create 1 license pool to hold all your seats. You have the ability to change this if or when necessary.

The QVscribe License Pools section can be found on the QTS dashboard, under License Management.

Managing License Pools

Select ADD LICENSE POOL to create your license pool or pools

To make changes to your license pool seats number, you can select the blue icon beside Active Licenses, and directly make the changes on the dashboard. Once completed, select the blue icon to accept your changes.

Adding Users to a License Pool (non-AD)

To a user to a license pool, select ADD USER under the User Management.

Step 4 of adding a user will ask for the license pool details.

You can also make changes to an existing user, by selecting the user directly in the User Management section. You can then select EDIT at the bottom right corner to make changes to the user, including changing their license pool.

Adding AD groups to a License Pool

Under User Management, select Identity Providers and then select See Users & Groups under your AD directory.

This will bring you to another screen, where you can add a new user group or edit an existing group.

To add a group, please select ADD USER GROUP on the right.

Step 3 will ask for a License Pool.

You can also make changes to an existing group, by selecting the group directly in the Groups section. You can then select EDIT at the bottom right corner to make changes to the user, including changing the license pool.

QVscribe Teams Server Groups

There are three types of user groups:

  1. Configuration Authors

  2. Authors

  3. QVscribe Admin

—–

Configuration Authors would have access to made changes to the QVscribe Configuration window. This gives the user access to add, edit and remove trigger words, and units.

The user would also have the ability to save and delete configurations (that all users – authors and configuration authors) will have access to use.

Authors would only have the ability to select a configuration to use.  They cannot edit, delete, or add any changes to the configuration.

QVscribe Admins will have access to the QVscribe for Teams dashboard, where they can edit license management, license pools, and sessions. We suggest having at least 2 individuals designated with this access. These users can also be authors or configurations authors, they do not need to be solely Tenant Admin

These users will be created directly on the QVscribe for Teams dashboard.

Adding Users 

In order to add users to the system, there are two current paths a QVscribe Admin can take

  1. Add to the Internal QTS User Directory

  2. Add from a configured Active Directory

Of the two options, the first is the quickest for getting the system up and running. Adding users from Active Directory takes more upfront configuration/knowledge to get a working round trip environment.