Welcome to Kofax Kapow > Management Console > Management Console Configuration and User Interface > Admin > Manage Users and Groups

Manage Users and Groups

Use this tab to manage users and groups that can be granted access to the Management Console and projects. The security model is role-based; that is after you create a user, you must add him or her to one or more groups, which are associated with specific roles in one or more projects. It is a good idea to create groups first, because a user will not be able to login, until he or she is added to a group that is granted a view role inside at least one project.

Note User and group names in Kapow must follow the Rules for Logon Names for Microsoft Windows. Such as the names must not contain the following characters:

" / \ [ ] : ; | = , + * ? < >

For details, see Creating User and Group Accounts on technet.microsoft.com.

Management Console provides some built-in roles that users can have. Roles are mapped to a user of a security group. User permissions are calculated based on the roles that are mapped to security groups the user is a member of. You can modify built-in roles or add additional roles.

The following is a list of built-in roles.

  • Administrator: A role with all privileges. Actions that can be performed on the Settings, Backup and License tabs (sub tabs of the Admin tab) are available only to users that are members of the Administrator group.
  • Project Administrator: A user with this role has all privileges except access to the Settings, Backup, and License tabs and changing cluster settings. Project Administrator is not a member of the Administrator group.
  • Developer: A user with this role can edit and delete schedules, robots, types, snippets, and resources. This user can view logs and data without modifying them.
  • Viewer: This user can only view projects and settings.
  • API: A user with this role can use the repository API to read from and write to the repository.
  • RoboServer: A restricted user that can only read from the repository. This account is used by RoboServers when accessing the RepositoryRobotLibrary. This user cannot log in interactively.
  • Kapplet Administrator: A user who can view, run, and edit Kapplets.
  • Kapplet User: A user who can view and run Kapplets.

The Users tab helps you create new users and edit, remove, and reset passwords for selected users. To manage groups, click Groups. To go back to the Users tab, click Users.


Managing groups

The Groups tab helps you create, remove, and edit groups.


Groups toolbar

The following information can help you understand some Kofax Kapow user management principles.

There are two ways to run the Management Console: embedded in a RoboServer with any license and on a standalone Tomcat server (requires enterprise license). For information about Management Console on Tomcat, see "Tomcat Management Console" in Kofax Kapow Administrator's Guide.

When the Management Console runs in embedded mode, there are two types of user management, single user or multi user. This is configured using the RoboServer Settings (RoboServerSettings.exe) application located in the /bin subfolder of the Kofax Kapow installation folder.

To enable multi user mode, do the following:

  1. Start the RoboServer Settings application either by clicking roboServer Settings on the Windows Start menu or by double-clicking RoboServerSettings.exe in the /bin subfolder of the Kofax Kapow installation folder.
  2. On the Management Console tab, select Enable User Management.

    You can also specify an administrator name and password.

  3. On the General tab, select Register to a Management Console and specify the URL, name, password and cluster name for the Management Console where you want to enable multi user mode.
  4. Restart the Management Console for the changes to take effect.

    Depending on your license and the way you run the Management Console, you can manage user access as follows:

    • Single user - only available in Embedded mode

    • Internal user management - available in both Embedded and Standalone mode

    • External user management (LDAP or CA Single Sign-On) - only available in Standalone mode with enterprise license

    Note When using internal user management, the Administrator group is not visible and contains only the administrator defined in RoboServer settings.

    When you run the Enterprise version on a Tomcat server, Management Console is always in the multi-user mode and you can choose to manage your users either in the Management Console (like in the embedded mode) or get the user credentials from your corporate LDAP server.