User Management (UM) provides a central login mechanism that serves as an entry point to all CARESTREAM PACS applications and tools. It also provides centralized management of the system users and groups.
The UM functions either with the Central Configuration for the CARESTREAM PACS system as the users/groups repository or with the Lightweight Directory Access Protocol (LDAP) as the repository.
LDAP (Lightweight Directory Access Protocol) is an open standard protocol used to access directory servers.
Some sites use a centralized directory service to administer user accounts, groups, and devices. At such sites, the CARESTREAM PACS System can be configured to rely on the directory service for user identification and authorization. Although this prevents duplication of effort, the directory service must be highly available; otherwise, users might not be able to log in.
When a site uses LDAP, the user information stored within LDAP cannot be viewed using the User Management Admin Tool. In this configuration, the UM controls only parts of the group and system settings.
Allowed applications are also determined only at the group level. In this case, the User Management Admin Tool functions and the graphical user interface (GUI) appear differently than in systems that are not using LDAP.
For example, in the main User Management Admin window, only groups can be viewed; therefore, only the Groups tab is displayed.
In systems using LDAP, when adding and editing groups and system settings, the displayed windows are also condensed versions of the standard windows. The windows are condensed because the user information is defined at the site within the directory server and only have read access to their information, and can perform any administrative functions on it. The site controls all the users, and you control only the groups that you define.
NOTE: Contact Customer Service for more information about setting up this optional feature.
When a user logs in to any CARESTREAM PACS product, the login mechanism uses a central user database to perform authentication of the user.
This authentication is performed using the login name and password assigned to each user by the system administrator. Users can use this assigned information to log in, change their password, or log in without a password by answering a question correctly if the password was forgotten. The question and its correct answer must be set up in advance by an administrator. The user cannot change the question or answer.
The system automatically informs users when their password has expired and prompts them to change it. The length of time that each password is valid can be configured by the administrator. In addition, the allowed system operations for each user depend on the configured access rights.
See Access Control Management Tool for more information.
See these topics:
Logging in to the CARESTREAM PACS Admin Home Page
Performing Group Management Configuration
Opening the User Management Admin Tool
Viewing/Editing System Settings