User groups

<< Click to Display Table of Contents >>

Navigation:  Options >

User groups

The user group page can be reached from the Options menu by administrators. On the user groups page, all user groups are listed. Administrators can manage this list. To create a new user group, click the Add button. In the next page, you can enter the details of the new user group. In the same way, an existing user group can be edited.

 

To delete a normal group, select the group, and press the Delete button. The users in the group will not be deleted.

 

To remove a Tenant from the system, select the group that represents the Tenant, and then press the "Delete tenant data" button. This will delete all associated recordings, user accounts, and sub-groups. This action cannot be reversed.

 

For each user group, the following properties are stored:

 

Name: This name of the group

Higher level group: User groups are organized in a hierarchical tree. When selecting a higher level group, the current group will become a subgroup of that group. If this option is disabled afterwards, the group will no longer be a tenant, and its recordings will be unassigned from it.

 

Tenant: When enabled, different settings can be applied to users and recordings that belong to this group, for multi-tenancy. This setting is available only if Multi-Tenancy is enabled in the System settings.

 

Options

Minimal recording duration: Recorded calls that are shorter than the specified duration, will be discarded. This setting takes precedence over the global setting in the Recording settings.

Disk Usage Alarm: When disk usage by the tenant exceeds the specified number of MB, this will trigger a system alarm, notifying the system administrator. This threshold does not cause deletion of data.

Maximum Disk Usage: When disk usage of the tenant reaches the maximum, old recordings of the tenant will be deleted automatically. Whether the listing in the database is also removed depends on the System setting "Remove auto-deleted recordings from the call listing".

Delete calls older than ...: Calls that belong to this tenant and that are older than the specified number of days are deleted permanently from the hard disk. The global auto-delete setting (System settings) is applied in addition to this setting.

Delete calls older than ... from backup: Calls belong to this tenant and that are older than the specified number of days are deleted permanently from the backup. The global auto-delete setting for the backup is applied in addition to this setting. This option is only available if the system option "Retain information about calls in the backup" has been enabled and used to keep information about the calls in the backup.

Delete screen recordings older than ...: Screen recordings that are older than the specified number of days are deleted permanently from the hard disk (not from the backup). The global auto-delete setting (System settings) is applied in addition to this setting.

Delete transcriptions older than ...: Transcriptions that are older than the specified number of days are deleted permanently from the hard disk (not from the backup). The global auto-delete setting (System settings) is applied in addition to this setting.

Note: The Tenant auto-delete actions are applied in addition to the system-wide auto-delete actions, which means that only more can be deleted, not less.

Do not delete if not exported: If enabled, then recordings that are not yet exported using the tenant export recordings feature, will be excluded from the tenant auto-delete. The global auto-delete function will be performed regardless of export status.

Check recording inactivity: You have the following options:

-        Off. There is no check for recording inactivity for this tenant.

-        Default. Recording inactivity is checked with the parameters from the Options > System settings > Alarm page.

-        Configure. Recording inactivity is checked with the parameters you  can specify here for this particular tenant.

Maximum number of channels (VoIP): This defines the maximum number of VoIP calls of this tenant that are recorded simultaneously. This can be used to prevent one tenant from using all the available VoIP channel licenses.

Stored on demand - Default: Use this option to select the value for Store on demand for new user accounts that are created during LDAP import. It is an initial value that can be changed manually afterwards by editing the user account.

Assignment value: Used with an alternative method to assign tenants to a call during recording. In the System settings, the recorder can be configured to look for the value of a specified SIP header or SIPREC Broadworks or Oracle extension data. If the value configured here matches with the found value, the recording will be assigned to this tenant.

The following features can be enabled/disabled:

- Recording on demand

- Silence on demand

When disabled, this means it cannot be enabled for a user that belongs to this tenant. This is only relevant if in the Recording settings, the particular setting is set to "Defined at user level".

 

Schedule

The recording schedule of the tenant can be defined here. See also the global recording schedule in the System settings, Schedule tab.

 

Statistics

Recordings: The number of recordings that belong to this tenant, that are stored in the main storage.

Disk Usage: The combined file size of these recordings.

Backup Recordings: The number of recordings that belong to this tenant, that were stored on backup.

Backup Disk Usage: The combined file size of these recordings.

 

Telephone number filter

When a recording has been assigned to a tenant, it is possible to apply an additional telephone number filter, and this filter can be different for each tenant. The filter can only be used to restrict recording, either with a positive or negative filter, in addition to the global telephone number filters. This filter is applied only to VoIP calls. For SIP, the SIP name and SIP id are checked.

 

Data

In the three custom data fields, arbitrary additional data can be stored, related to the tenant.

 

Members: The users that are member of this group. Press Add or Delete to add or delete group members. Users that are member of the group automatically have all the permissions that are assigned to the group.

 

LDAP group: For importing users of a group from Active Directory. This setting is only visible if an AD server is configured in the System settings (Network tab). When automatic synchronization is on, changes that are made in Active Directory will be applied automatically to the user group in Apresa. The username is used as identification. The name, email address, and telephone number are imported and updated from AD. The password is not imported, but checked during log-on. When a group is linked to Active Directory, it is not possible to manually add or remove users to or from that group. For the import from AD to work, the following options need to be set in the system settings, Network tab: AD server address, LDAP Domain, LDAP User, LDAP Password, and LDAP Synchronisation Interval.

 

Azure AD user group: For importing users of a group in Azure AD. This setting is only available if one or more Azure apps are configured in Apresa in the System settings (Network tab). The group is synchronized at once, and then synchronized with the same frequency as configure for LDAP (LDAP Synchronisation interval). When a group is linked to Azure AD, it is not possible to manually add or remove users to or from that group. The password is not imported. To allow login, also select the corresponding External logon service below.

 

External logon service: Select the external logon service for use by users in this group. In addition, this has the effect of setting this as the logon method for users that are created during LDAP import.

SCIM: Once enabled, users and groups can be provisioned to this group through the SCIM protocol as an alternative to Azure AD. The SCIM provider can then be configured to use [apresaurl]/scim/[group-name] as the SCIM endpoint. To get an authorization token for the SCIM provider to use, click the generate and copy the generate token to the SCIM provider. Do note that once the group settings are saved, the token cannot be retrieved anymore and a new token must then be generated and configured in the SCIM provider. Passwords are not imported through SCIM. To allow login, an external logon service can be used.

 

Samwin User group: For importing users of a group from Samwin. This setting is only visible if the Samwin User group option is enabled in the System settings (Network tab). Changes in Samwin are applied automatically to Apresa during the next synchronization.

 

Require multiple users to login: Users in this group will only get access to Apresa after two (or the specified number) of them logon. It works as follows. After the first user logs on, Apresa will present again the logon page for logging in as the second user. Only after the required number of users have logged in, access to the Apresa web interface is granted. Both usernames will be shown in the top bar where normally the single username is shown, and mentioned in the audit trail. The permissions of the first user that has logged on will be applied during the session.

 

Permissions: Permissions of a group apply to all members of the group. Optionally they can also be applied to members of subgroups (recursively).

 

The user and group list can be export to or imported from a CSV file.