Server-based user administration

Tosca Commander user management allows you to manage users within one Tosca repository.

With Tricentis User Administration, you can centrally manage your users across multiple repositories. This saves you time and effort as your testing efforts scale. Additionally, Tricentis User Administration has an enhanced integration with Active Directory; you can establish multiple connections to multiple domains.

If you use Tosca Server with an HTTPS binding, Tricentis User Administration is mandatory.

If you're an administrator who is in charge of setting up Tricentis User Administration and/or managing users, this topic is for you. It explains setup requirements, admin decisions, and the basic workflow.

Set up Tricentis User Administration

Tricentis User Administration is a server-based user administration service and part of the Tosca Administration Console.

To use it, you need to install Tosca Server, which automatically installs all necessary features and services with their default settings. You can modify these settings in the Tricentis Service Configuration:

If you want to invite users manually, with the email feature in Tricentis User Administration, you must configure Tricentis Mail Configuration.

Decisions after the setup

Once you have set up Tricentis User Administration, you need to make some decisions:

  • How to use Tricentis User Administration: for authentication only, or also for authorization.

  • How to create users.

  • Which rights to give them.

Use Tricentis User Administration for authentication or authorization

If you use Tosca Server with an HTTPS binding, you must use Tricentis User Administration. Whenever a Tosca user performs an action that pings Tosca Server, they need to authenticate with their Tricentis User Administration credentials. This includes "Agent users", for instance Tosca Distribution Agents.

For authentication, it's enough to have users in Tricentis User Administration. Tosca Server verifies that a user with these credentials exists and then proceeds with the user's task.

You can also use Tricentis User Administration for authorization. Authorization ensures that only users who should have access to a project, have access to this project. To authorize users, you need to create user groups out of your Tricentis User Administration users and assign them to projects.

If you use Tosca Server without HTTPS, you don't need authentication. In this case, you use Tricentis User Administration for authorization only.

Create users

Tricentis User Administration offers different ways to add and authenticate users:

  • If you have a limited number of testers, you can invite them or allow them to register themselves.

  • If you already have user groups in your own Active Directory, you can synchronize your Active Directory groups with Tricentis User Administration. Note: this integration is designed to be a quick way to add a large number of testers with little effort. Tricentis User Administration is not an Active Directory management tool. Changes that you make in Active Directory transfer to Tricentis User Administration, but not the other way around.

  • If you want to use your existing third-party provider for user authentication, enable Single Sign-On (SSO). Users can then sign in with their standard credentials.

You can also combine options. For instance, you can synchronize with Active Directory to add your regular testers. If you hire temporary help with a testing project, you don't need to add these users to your Active Directory. Instead, you can invite them manually and remove them from Tricentis User Administration once their contract ends.

Assign rights to users

If you use Tricentis User Administration for authorization, every user has to be part of a user group. If you use Active Directory, you can use the Active Directory groups you've synchronized. If you don't want this - or if you have chosen a different method to add users - you need to create user groups. Once you have your user groups, assign them to the projects they need access to.

Any user who's part of a group that you assigned to a project has full access to all objects in this project. If you want to fine-tune rights and permissions, synchronize Tricentis User Administration with Tosca Commander. Once your server user groups are in Tosca Commander, you can restrict viewing rights and write access.

Your workflow

You're an administrator, you have set up Tricentis User Administration, and you've made your decisions. Your workflow depends on what you want to do: