This section explains how to set up and configure securiCAD Enterprise
There are two kinds of licenses. System wide licenses and organization specific licenses.
- System wide license
Sets the maximum possible value for that whole system.
- Organization license
Can have its own limitations, but cannot be more permissive than the system license. If no organization license is applied, it will use the system wide license.
When securiCAD Enterprise is accessed for the first time, you will be asked to apply a system license. This will set the license for the whole system and all organizations if a specific organization license is not set. Select Upload license and upload the license file you received from foreseeti.
Organizations will inherit the system license if no other license is selected for the organization. There are two ways to set an organization license:
- As the system admin, go to Admin > Organizations and click on the license of the organization you want to change. Then select Replace license and upload the new organization license.
- As an admin of an organization, go to Admin > License and select Replace license to upload a new organization license.
securiCAD Enterprise is a multi-tenant system and Organizations can be used to separate users and data into groups. Each organization will have their own URL to access the securiCAD Enterprise instance, but the system can still be managed centrally.
To create new organization, login as the system admin and go to Admin > Organizations. Select New organization and select a name for the Organization.
Note: the name you choose will be a part of the URL for the organization and used when organization members login.
Members of an organization have to login via a custom URL automatically generated based on the organization name. For example, for a member of the “test” organization in securiCAD Enterprise on IP 10.0.0.1, the URL to login would be: https://10.0.0.1/login/test
Administration of users and system permissions is done under Admin > Users in the sidebar. Managing user accounts and the system roles is only available to the system admin.
On the Users page, select Add user to create a new user.
The Username is the name the user will use to login to the system. There are four different system roles for a new user (the system roles do not specify which projects a given user has access to or what type of privileges the user has in these projects):
1. A User can only interact with existing projects the user has been added to in the Organization.
2. A Project creator have all the rights of a User and can also create and delete projects.
3. An Admin have all the rights of a Project creator and can also add and delete other Users and Project creators in its Organization.
4. System admins can manage, create and delete all other users and organizations as well as see all data in all Organizations and Projects.
The user’s Organization will determine what set of Projects the user can have access to. Project access is governed by separate, specific project roles managed inside the project. Refer to the Projects section for a description on how to manage project access.
Set a temporary Password so that the user can login the first time and update the password.
A Project is an administrative entity that allows you to manage user access to Scenarios, Models and Simulation results. Users in an Organization can be added to a Project with various level of access and permissions.
Open an existing project or create a new one. Go to Project overview > Users do manage access to the project. Select Add user to select users from the organization to grant access to. There are three different projects roles:
- A Guest can only view the project and cannot delete or alter any information. This includes starting scenarios and simulations.
- A User has the rights to alter project information and to start simulations but is not permitted to delete a project or to manage project user permissions.
- A project Owner has full project administration rights, including deleting the projects and user permission management.
Webhooks allows you to subscribe to simulation results in a project, and the Webhook menu allows you to manage webhook endpoints on a per-project basis. Read more about it here.
The integrity of a self-hosted securiCAD Enterprise installation depends on the security of the hosting machine and the dedicated user account on which the solution is running. All sensitive data is stored in a database and is only accessible to the dedicated account.
All web traffic is authenticated and encrypted as well as the traffic to and from the message broker. The authentication and encryption depend on self-signed certificates delivered with the deployment. The certificates can be replaced with third-party certificates, cloud certificate managers or certificates issued by the organization.
All relevant user, project and simulation data is stored in a dedicated database. securiCAD Enterprise can be deployed with any PostgreSQL-compatible database with encryption, replication and redundancy. Data can also be stored in a SQLite database locally on the machine.
Users of securiCAD Enterprise are authenticated through SSO or with a username and password. User accounts can be managed by the organization in a role-based access control system. Certificates can be used to restrict access to the securiCAD Enterprise instance further.
When a user is successfully authenticated, a JSON Web Token (JWT) is issued and stored in the browser session storage which grants the user access to the data and roles assigned to the user.
Authentication and authorization to RabbitMQ is done by an auto-generated account.
The files necessary for backup are all held in the
/home/es directory. This includes both the securiCAD Enterprise user information, the models, simulation results and the configuration. The files to backup for a full restore or re-installation of a system are:
If you are unsure where the database is located, check the configuration parameter described here: https://docs.foreseeti.com/docs/backend-configuration#sqlalchemy
Colors, logo, brand name etc. can be set in a securiCAD Enterprise installation by providing a branding package during the installation.
Up to five brand colors are used to set colors on header, sidebar, buttons, links and background. Colors used in visualizations etc. can also be set in the branding package.
A brand logo is used in the topbar and on the login screen. Brand name is displayed on login screen and optionally on the topbar.
If you are interested in branding a securicad installation, please contact us.
Updated 2 months ago