You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

System

The system section provides the interface to manage system level resources, such as users and roles.

Users

The users interface can be accessed by clicking on the "Users" navigation item on the left navigation drawer under the system item group.

A user is someone who can log in to the Corteza system.

Each user has Email, Full name and Nickname (handle). Additionally, each user has a username (=email) and password to enable them to log in to the system (referred as credentials).

The interface allows you to:

Managing permissions

To manage permissions related to the user resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any user

Determines if the given role is allowed to access information of any user,

Update any user

Determines if the given role is allowed to update the information of any user,

Delete any user

Determines if the given role is allowed to delete any user,

Suspend any user

Determines if the given role is allowed to suspend any user,

Unsuspend any user

Determines if the given role is allowed to unsuspend any user,

Show email details for any user

Determines if the given role is allowed to see the email corresponding to any user,

Show name details for any user

Determines if the given role is allowed to see the name corresponding to any user,

The ability to manage the visibility of emails and names was introduced with the user masking privacy feature. It allows a specific role to know about other users but they can’t necessarily know of their private information.

Adding users

To add a new user, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the user.

  • Email address,

  • full name,

  • handle (sort of like a nickname).

After saving the user, a new interface is provided where you can edit the newly created user.

The user edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.

Password

This section allows you to define a new password for the user,

Role membership

This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)"

Determines if the given role is allowed to access information of the given user,

Update "(user name)"

Determines if the given role is allowed to update the information of the given user,

Delete "(user name)"

Determines if the given role is allowed to delete the given user,

Suspend "(user name)"

Determines if the given role is allowed to suspend the given user,

Unsuspend "(user name)"

Determines if the given role is allowed to unsuspend the given user,

Show email details for "(user name)"

Determines if the given role is allowed to see the email corresponding to the given user,

Show name details for "(user name)"

Determines if the given role is allowed to see the name corresponding to the given user,

Listing users

Users can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only non-suspended users and so on. It also supports pagination and sorting.

Editing users

Users can be edited by pressing on the edit icon next to each row in the user list, that opens up a new interface.

The user edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the user, such as their email and username, It also provides the options of deleting the user or temporary suspending the user.

Password

This section allows you to define a new password for the user,

Role membership

This section allows you to manage the roles of the given user.

Every user is a member of the dynamic role "Everyone".

The user edit interface also allows you to define permissions specific to the given user. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(user name)"

Determines if the given role is allowed to access information of the given user,

Update "(user name)"

Determines if the given role is allowed to update the information of the given user,

Delete "(user name)"

Determines if the given role is allowed to delete the given user,

Suspend "(user name)"

Determines if the given role is allowed to suspend the given user,

Unsuspend "(user name)"

Determines if the given role is allowed to unsuspend the given user,

Show email details for "(user name)"

Determines if the given role is allowed to see the email corresponding to the given user,

Show name details for "(user name)"

Determines if the given role is allowed to see the name corresponding to the given user,

Roles

The roles interface can be accessed by clicking on the "Roles" navigation item on the left navigation drawer under the system item group.

A role defines a user group with a specific set of permissions on the resources. A role is a key part of Corteza Role-Based Access Control (RBAC).

Each role has a name, a system handle and a set of permissions on resources.

The interface allows you to:

Managing permissions

To manage permissions related to the role resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any role

Determines if the given role is allowed to access information of any role,

Update any role

Determines if the given role is allowed to update the information of any role,

Delete any role

Determines if the given role is allowed to delete any role,

Manage members for any role

Determines if the given role is allowed to add or remove members to any role.

Adding roles

To add a new role, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the role.

  • Name,

  • handle.

After saving the role, a new interface is provided where you can edit the newly created role.

The role edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Listing roles

Roles can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active roles and so on. It also supports pagination and sorting.

Editing roles

Roles can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The role edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Roles

The applications interface can be accessed by clicking on the "Applications" navigation item on the left navigation drawer under the system item group.

The interface allows you to:

Managing permissions

To manage permissions related to the application resource, click on the "Permissions" button on the top right corner of the page. You can define:

Read any application

Determines if the given role is allowed to access any application,

Update any application

Determines if the given role is allowed to update any application,

Delete any application

Determines if the given role is allowed to delete any application,

Adding applications

To add a new application, click on the "New" button on the top right corner of the page.

This opens a new interface where you can insert the basic information regarding the application.

  • Name,

  • if active.

After saving the application, a new interface is provided where you can edit the newly created application.

The application edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Listing applications

Applications can be viewed on the table in the middle of the interface. The system supports a powerful search engine, from partial searching, finding only active applications and so on. It also supports pagination and sorting. Out of the box, these applications are already configured:

  • Messaging,

  • Low Code,

  • CRM,

  • Jitsi Video,

  • Corteza Admin Area,

  • Google Maps.

Editing applications

Applications can be edited by pressing on the edit icon next to each row in the role list, that opens up a new interface,

The application edit interface provides the following sections:

Basic information

This section allows you to edit basic information regarding the role, such as the name and it’s handle,

Role members

This section allows you to view, add or remove the users associated with the role.

The role edit interface also allows you to define permissions specific to the given role. It can be accessed by clicking on the "Permissions" link in the top right corner. You can define:

Read "(role name)"

Determines if the given role is allowed to access information of the given role,

Update "(role name)"

Determines if the given role is allowed to update the information of the given role,

Delete "(role name)"

Determines if the given role is allowed to delete the given role,

Manage members for "(role name)"

Determines if the given role is allowed to add or remove members to the given role.

Settings

The settings interface can be accessed by clicking on the "Settings" navigation item on the left navigation drawer under the system item group.

The interface allows you to configure some system related options. It defines:

Authentication

This section allows you to customize authentication related settings such configuring email, requiring email confirmation or disabling internal authentication all together,

Email

This section allows you to customize the email template that will be used when sending emails from the internal system (password reset, registration confirmation, …​),

External authentication

This section allows you to configure external authentication providers, such as Google and Facebook. See Configuring external providers for configuration details.

The ability to disable internal login can be useful when wanting to force the users to either use external authentication providers or using a different system for their authentication.

Configuring external providers

Google

To enable Google authentication you need to create a client ID:

  1. Go to Google Sign-in Guide and click on "Configure a project" button

  2. Select and existing project or create a new one

  3. Set a product name (i.e. Corteza)

  4. On "Configure your OAuth client" screen select "Web browser" and paste the URL where your Corteza system is running (inlcuding https://)

  5. Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit

Facebook

To enable Facebook authentication you need to create Facebook app to receive Client key and Secret:

  1. Go to Facebook for developers website, click on "Add a new app" and choose a name of the app (i.e. Corteza) or select and existing app

  2. In the list of available products search for "Facebook Login" and click on "Set Up" button

  3. Select "Web" platform and paste the URL where your Corteza system is running

  4. Go to "Settings" and then "Basic" in the left sidebar

  5. Copy and paste "App ID" to "Client key" inside Corteza Admin panel

  6. Copy and paste "App Secret" to "Secret" inside Corteza Admin panel and hit Submit

Github

To enable Github authentication you need to register Github application to get unique Client ID and Client Secret:

  1. Go to this link and create a new OAuth application

  2. Copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

LinkedIn

To enable LinkedIn authentication you need crete a LinkedIn application:

  1. Go to this form, fill out the form and click on "Create app"

  2. Go to Auth section and copy and paste both Client ID and Client Secret fields to Corteza Admin panel and hit submit.

Permissions

The permissions interface can be accessed by clicking on the "Permissions" navigation item on the left navigation drawer under the system item group.

The interface allows you to define permissions for core system resources, such as accessing the the administration panel, creating users and so on.

To define fine grained access control for specific resources, such as modules and pages, see …​

The interface is devised to the following sections:

System service

The section allows you to control overall access and usage of admin panel (see System service permissions),

Organisations

The section allows you to control organization related access (see Organizations),

Applications

The section allows you to control application related access (see Applications),

Users

The section allows you to control user related access (see Users),

Roles

The section allows you to control role related access (see Roles).

System service permissions

Allow access to administration

Determines if the role is allowed to access the administration panel (the web application being defined here),

Grant permission on system service

Determines if the role is allowed to grant permissions on system service,

Access all settings

Determines if the role is allowed to access any setting defined under the system,

Manage all settings

Determines if the role is allowed to manage and edit any setting defined under the system,

Create new organization

Determines if the role is allowed to create a new organization,

Create new role

Determines if the role is allowed to create a new role,

Create new user

Determines if the role is allowed to create a new user,

Create new application

Determines if the role is allowed to create a new application,

Allow reminder assignment

Determines if the role is allowed to assign reminders to other users.

When denying access to system settings, this also prevents their usage from inside automation scripts or any other operation that might read these settings.

Organizations

Access to all organizations

Determines if the role is allowed to access any organization.

Applications

Access any application

Determines if the role is allowed to access any application,

Update any application

Determines if the role is allowed to update any application,

Delete any application

Determines if the role is allowed to delete any application.

Users

Read any user

Determines if the role is allowed to access any user,

Update any user

Determines if the role is allowed to update any user,

Delete any user

Determines if the role is allowed to delete any user,

Suspend any user

Determines if the role is allowed to suspend any user,

Unsuspend any user

Determines if the role is allowed to unsuspend any user,

Show email details

Determines if the role is allowed to see the email address of any user,

Show name details

Determines if the role is allowed to see the name of any user.

The ability to show/hide email address/name can be useful when defining a community instance and we wish to keep some privacy.

Roles

Read any role

Determines if the role is allowed to see any role,

Update any role

Determines if the role is allowed to update any role,

Delete any role

Determines if the role is allowed to delete any role,

Manage members for any role

Determines if the role is allowed to add/remove members from any role.

Automation

The automation interface can be accessed by clicking on the "Automation" navigation item on the left navigation drawer under the system item group.

The interface provides an overview of registered extensions and their automation scripts defined for a system resource. The list provides the automation scripts name and a user-friendly label.

Use this interface to validate, that the extension was correctly registered.

Action Log

The action log interface can be accessed by clicking on the "Action log" navigation item on the left navigation drawer under the system item group.

The interface provides an insight into the actions registered by a system, such as accessing users, fetching records, creating modules and much more.

The action log comes in handy when debugging the system as it provides a rich insight into the system without the need of low-level system understanding.

The interface allows you to:

Listing actions

Registered actions are displayed in a table in the middle of the interface. The table provides a brief overview of the action:

  • The timestamp of when the action was registered,

  • the user that caused the action to be registered,

  • what part of the exposed system caused the action to be registered (eg. api/rest),

  • what resource was involved when registering the action,

  • what action was being performed,

  • some additional description to help understand the action,

  • the status of the action:

    • info: an informative log that something happened successfully,

    • warning: a warning that something did not go as expected but was not fatal, such as an invalid login attempt,

    • error: there was an error either in the internal system or in one of the extensions.

Inspecting actions

To inspect an action, click on the action (table row). This expands the row and provides more insight into the action.