Unified Login with KaseyaOne

To enable login with KaseyaOne (Unified Login v2) for VSA 10, complete the following steps:

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   
   

3. Click the Enable Log In with KaseyaOne button.

   

4. The KaseyaOne login page opens prompting you to log in. Enter your KaseyaOne credentials and then the verification code.

   NOTE   If you are already logged in to KaseyaOne, then you will not be prompted to log in again and your account association will be completed automatically. Wait for the serial redirects to process the load and you will be redirected back to VSA 10.

5. After you have successfully logged into KaseyaOne, you will be redirected back to the VSA X portal. Click on the application banner and you will no longer see the Enable Unified Login option, you will see the Disable Unified Login option instead.

To disable the ability of users in your organization to log in to VSA 10 using IT Complete (KaseyaOne), follow these steps:

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   
   

3. Click Disable Log In with KaseyaOne. The connection to KaseyaOne will be broken automatically.
   
   

NOTE  When disabling Unified Login, The settings of the Require Log In With KaseyaOne, Automatic User Provisioning, Automatic User Deprovisioning, and Access Groups sections will be retained, but will remain inactive until unified login and those configurations are re-enabled.

The Require Log In with KaseyaOne feature forces users to log in with their KaseyaOne credentials to access VSA 10. When the feature is enabled by an organization, users can no longer log in to VSA 10 with their local VSA 10 credentials.

Enabling the Require Log In with KaseyaOne feature allows users to authenticate with their KaseyaOne modules using just one set of credentials.

Prerequisites

• You must be an administrator for both VSA 10 and KaseyaOne.
• You must have the same email address for VSA 10 and KaseyaOne accounts.
• Unified Login with KaseyaOne must be enabled for the account.

All VSA 10 users in the Administrators team will be able to log in locally and do not require manual exception even if Require Log In with KaseyaOne is enabled.

Steps

BEFORE YOU BEGIN  Before this feature can be enabled, the Enable Log In with KaseyaOne setting must be activated. (In this case, the page will display the option to Disable Log In with KaseyaOne.) Refer to Enabling unified login with KaseyaOne.

IMPORTANT  Once this option is enabled, any users who do not have a KaseyaOne account will no longer be able to log in to VSA 10 through local login unless you add them to the exceptions list, or they are VSA10 Administrators. Refer to Exempting users from being required to log in with KaseyaOne.

To enable the Require Log in with KaseyaOne feature, complete the following steps:

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   

3. In the Require Log In with KaseyaOne section, turn on the Require Log In with KaseyaOne toggle.

   

4. In the User Exceptions, Teams Exceptions, and Domain Email Group fields, specify the users, teams, and email groups that will be exempt from this condition — that is, they will be able to log in using either Log In with KaseyaOne or their local credentials. For instructions, refer to Exempting users from being required to log in with KaseyaOne.
5. In the lower-right corner of the page, click Save.

IMPORTANT  Enforcing KaseyaOne login disables VSA 10 password reset. On the My Settings page, the Change password tab is disabled, and a message indicates that KaseyaOne login is enforced. Refer to My Settings. This does not apply to users included in the exceptions list.

Login scenarios

The following describes user login scenarios possible when Require Log In with KaseyaOne is enabled:

• When a user attempts to log in to VSA 10 with their VSA 10 credentials and, the user is redirected to the KaseyaOne login page.

NOTE  This does not apply to users included in the exceptions list. Refer to Exempting users from being required to log in with KaseyaOne.

• When a user is included in the exceptions list, the user can log in to VSA 10 using their local VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).

The following describes a user login scenario possible when Require Log In with KaseyaOne is disabled:

• The user can log in to VSA 10 using their local VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).

Once the Require Log In with KaseyaOne feature is enabled, you will be able to add any existing users, teams, or users with email addresses part of certain email domains to the exceptions list. Refer to Disabling local login and enforcing KaseyaOne authentication. Any users, teams, or email domains part of the exceptions can continue to log in using local VSA 10 credentials.

All VSA 10 users in the Administrators team will be able to log in locally and do not require manual exception even if Require Log In with KaseyaOne is enabled.

To exempt users from being required to log in with KaseyaOne, do the following: 

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   

3. In the Require Log In with KaseyaOne section, add exemptions to the User Exceptions, Teams Exceptions, and Domain Email Group fields, specifying the users, teams, and email groups that you want to be exempt from the KaseyOne login requirement.

   

4. In the lower-right corner of the page, click Save.

This option is useful if you have users that need to log in to VSA 10 for remote access or reporting, such as customer IT staff, but do not require KaseyaOne accounts.

Once you have enabled KaseyaOne Unified Login for your organization, you can automatically create VSA 10 user accounts for users without one, known as Just-In-Time (JIT) provisioning.

The objective of the Automatic User Provisioning feature is to create new user accounts for those who need to navigate seamlessly from KaseyaOne to VSA 10.

For existing users in VSA 10 who log in from KaseyaOne, only the first name and last name are to be updated based on the user information drawn from KaseyaOne. In this case, KaseyaOne is considered the source of truth. Existing users' security roles will remain as they were previously defined in VSA 10.

Prerequisites

• A KaseyaOne account.
• Administrator access to VSA 10.
• KaseyaOne Integration enabled in VSA 10.

Steps

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   

3. Under Automatic User Provisioning, turn on the Enable Automatic User Provisioning toggle. A set of options within the Default User Team field will appear. The selected team will be the team assigned to automatically provisioned users.
   
4. Click Save.

NOTE  After saving, if you turn off the Automatic User Creation toggle, the form will remain visible but the fields will not be configurable.

Where Automatic User Provisioning automates onboarding of new users by adding new users to VSA 10 when they are created in KaseyaOne, Automatic User Deprovisioning automates user offboarding.

Once enabled, deactivating and deleting users from KaseyaOne will automatically deactivate or delete their VSA 10 user respectively. If a KaseyaOne user loses access to VSA 10, their VSA 10 user account will be deactivated.

To enable Automatic User Deprovisioning, do the following: 

1. Log in to VSA 10 in the usual way.
2. Navigate to Administration > Configuration > Settings on the left navigation menu and select KaseyaOne Log In Settings.

   

3. Under Automatic User Deprovisioning, turn on the Enable Automatic User Deprovisioning toggle.

   

4. Click Save.

Role-based access control (RBAC) is the process of assigning permissions to users based on their role within an organization. Rather than assigning permissions to users individually, you assign permissions to a group (and then assign users to the group).

Instructions follow on how to configure RBAC by defining mapping rules to control user access for VSA 10. The purpose of defining mapping rules is to mimic or maintain the same levels of user access between KaseayOne and VSA 10.

The selected Access Groups setting will result in one of the following scenarios:

• If you enable access groups, RBAC from KaseyaOne will be allowed for VSA 10, and you will be able to map KaseyaOne groups to (the same or similar) module roles.
• If you disable access groups, RBAC from KaseyaOne will not be allowed for VSA 10.

To enable access groups for VSA 10, do the following:

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
2. In the Access Groups section, turn on the Enable Access Group toggle.
   
3. In Team Mappings, click Edit Access Groups

   

4. In the Edit Access Groups window, map each existing KaseyaOne access group to the same or a similar VSA 10 team in the Default VSA X Team field.

   

   • You can assign additional teams to the KaseyaOne access group in the Other VSA X Teams field.

     

   NOTE  By default, the All Module Access KaseyaOne access group is selected for configuration. To configure additional KaseyaOne access group mappings, click + Add Access Group and choose which group you want to configure mapping rules for.
   
   

5. Click Apply and review the mappings.
6. Click Save.

NOTE  You can click Sync at any time to initiate an instantaneous syncing of the mapped access groups in KaseyaOne and VSA 10.