Configuring a Flex Station With Default User

You can configure an identified Flex station so that its user interface is displayed and active, allowing some limited interactions with the system, even when no operator is logged on. To do this, you must create a default user account having limited access rights, that will be automatically logged at startup, or whenever the operator logs off.

NOTE: Automatic logon of a default user requires an identified client. It will not work on an anonymous Flex client.

 

Prerequisites

Automatic logon risk mitigation

Access without user authentication is a serious source of risks that you must be aware of and mitigate. We recommend applying the following measures:

- Limit data that is getting exposed from the management station to non-confidential data.

- Restrict automatic logon functionality to stations located in Highly Protected Zones only.

- It is recommended to use "Secured" option under Communication Security Expander.

Configure a Security Group for the Flex Default User

The FlexDefaultUser account must have carefully restricted access rights, appropriate to a kiosk-type station. For this you must configure an appropriate security group.
Note that you cannot use any of the predefined security groups (such as DefaultUsers or FallbackPolicy) for this purpose.

  1. Create a dedicated scope (see Configuring a Scope Definition) which includes only those objects that you want the Flex Client to display after operator log-off.
  1. In System Browser, select Project > System Settings > Security.
  1. In the Security tab, click New .
  1. In the New Group dialog box:
  • For the Group type option select User.
  • Provide a descriptive group name, for example, FlexDefaultGroup.
  • Click OK.
  1. In System Brower, expand the Scopes folder and drag the dedicated scope into the Scope Rights expander.
  1. In the Event Rights expander deselect any event categories that you do not want to display when no operator is logged on.
  1. In the Application Rights expander, select only those functions that you want to allow without a logged-on operator (for example, Show Graphics).
  1. In the toolbar, click Save .

Configure the Flex Default User Account

The Flex default user account is the one that will be automatically logged on startup, and whenever the operator logs off.

  1. In System Browser, select Project > System Settings > Users.
  1. In the Users tab, click New .
  1. In the New User dialog box:
  • From the User type drop-down list select Software account.
  • Enter a descriptive User name, for example, FlexDefaultUser.
  • Click OK.
  1. In the User Configuration expander, select Used for default logon.
  1. You can also set the Language and Flex client profile to use when the Flex default user is logged on. However if a client profile was set for the identified Flex station, it will override that set for the user.
  1. Now from the Configured Groups expander, drag the previously created FlexDefaultGroup into the Role / Group membership list.
  1. In the toolbar, click Save .

Assign the FlexDefaultUser Account to the Identified Flex Client

  1. In System Browser, select Project > Management System > Clients > [identified Flex client].
  1. Select the System Management tab.
  1. From the Account to use after logoff drop-down list, select the FlexDefaultUser software account configured above.
  1. Click Save .
  • FlexDefaultUser is set as the account to use after logoff for the selected identified Flex station.

Start Identified Flex Client with Default User

Now the next time you launch the identified Flex client, it will start up with the default user automatically logged in.

  1. On the identified station, start the Flex client desktop app or the browser app.
  1. If a certificates dialog box appears, select the host certificate for the identified station.
    NOTE: In the browser, you will always see the certificates dialog box.
    In the desktop app, you can select the certificate and set Remember selection to avoid having to select the certificate each time.
  • The Flex Client application starts with the Flex default user automatically logged in.
  1. From here:
  • An operator can log in by selecting the account initial in the top right and then selecting Log in.
  • Whenever the operator logs out, the default user is automatically logged in again.
  • If the desktop app is shut down, or the browser tab closed, on next access the Flex Client starts up with the default user again.
  • Auto-logoff after a period of operator inactivity does not occur when the Flex Client application is running under the default user account.

Set the FlexDefaultUser Account Preferences

While the default user account is logged on, you can set the preferences—for example, the user interface layout—that should be applied in logged-off mode.

  1. Start Flex Client.
  • The default user account is automatically logged on.
  1. Set the preferences for the default user account.
  • In the Flex Client online help, search for Managing User Settings and Preferences.