Overview

Initial Setup

When the Sentry Admin console is launched for the first time after installation, the user is prompted to register a Super Admin account. This account will be used to administer the Organizations and their entities within Sentry.

The Super Admin account is also used to create Organizations and invite Org Admins to administer them.

  1. Navigate to http://<domain>:<port>/sentryadmin Superadmin_Register
  2. Fill in the details and click Register to create the account and login. Superadmin_Register
  3. Login with the registration details used above to enter the Administration console.
  4. On successful login, the user is landed on the Organizations management page. Organization Management

Setup

Click on the user name at the top right corner of the page and select Preferences

Change Password screen will be displayed

Enter New password and Confirm password and save, will be saved successfully and login screen will be displayed

1. Admin Functions

In the left navigation panel, ADMIN FUNCTIONS menu and under it two sub menus will be displayed.

1.1 Manage Firms

Click on Manage Firms menu item and to navigate to "Manage Firms" page as shown below.

1.1.1 Add New Firm

Click ** ** Add Icon and enter the required information in the form. Click save to add the new firm.

New Firm Fields Description
Name (Required) Enter firm name

1.1.2 Edit Firm

Click Edit icon and make the required changes on the Edit Firm screen.

Click on save to update the changes.

1.1.3 Delete Firm

Click delete icon to delete a Firm. Click OK button on confirmation pop up window.

1.2 Settings

1.2.1 Configuring Firm Settings

Settings submenu under ADMIN FUNCTIONS provides interface to:

  • Set sentry gateway URL
  • Option to save audit log to either database or to a file
  • Option to select external or internal secure key for encryption of tokens

Firm Setting Fields Description
Sentry Gateway URL Enter sentry gateway URL (localhost:8080/sentrygw)
Auditlog location and Auditlog Path
(Required)
Sentry admin provides two options:
File: choose this option to save audit log data to a file. If file is selected then provide appropriate file path.
DB : choose this option to save audit log data to a database
Gateway secure key
(Secure key path and Select symmetric key)
Sentry admin provides two options:
Internal : temporary key will be auto generated on starting gateway server and will be displayed on the server console
External: need to input the key path and select the key file from the list.
Enter key path and select key file from the list
Set Environment variable "INTERNAL_TOKEN_SIGNING_KEY" and key file path needs to be added.
Provide the same key file in environment variable as set in external key
(for symmetric key generation refer section 9 GENERATION OF KEYS, subsection 9.1 SYMMETRIC KEY)

1.3 Firm Selection

In the left navigation panel, firm selection list will be displayed.

Firms created under Manage Firms will be displayed in the list.

2. Firm Administration

In the left navigation panel, FIRM ADMINISTARTION menu tree with the following sub menus will be displayed:

2.1 Manage Users

Click Manage Users menu item, navigates to 'Manage Users' page as shown below.

2.1.1 Add New User

Click ** ** Add Icon and enter the information in the form. Click save to add the new user.

New User Fields Description
Role (Required) Sentry admin provides three pre-defined options:
SENTRY_ROLE_SUPER_ADMIN: choose this option to create superadmin
SENTRY_ROLE_FIRM_ADMIN: choose this option to create firm admin
SENTRY_ROLE_USER: choose this option to create user
Username (Required) User/Email-id through which user can login to sentry/client application
Password (Required) Default password for login to sentry/client application
First Name (Required) A descriptive first name for the user, which appears on top right of the page
Last Name (Required) A descriptive last name for the user
Telephone (Required) Contact number of the respective user

2.1.2 Edit User

Click Edit icon and make the required changes on the edit user screen.

Click on save button to update the changes.

2.1.3 Revoke Access

Click revoke access icon confirmation dialog will be displayed.

Click OK button to confirm the revoked access.

2.1.4 Delete User

Click delete icon to delete a user. Click OK button on confirmation pop up window.

2.1.5 User Status

Click on active ( ) icon, which activates the user to access application.

Click on de-active ( ) icon which prompt the confirmation dialog.

Click OK button to de-activate the user.

2.1.6 Download User Template

Click on download button to download user.csv template

2.1.7 Upload User File

Click on upload button to upload .csv file.

On successful file upload, confirmation dialog will be displayed.

Click Close button to close the dialog.

2.2 Manage Roles

Click Manage Roles menu item, which navigates to manage roles page as shown below.

Default Roles Description
Sentry_Role_Super_Admin Super Admin role allows user to access all the menus:
1. Admin Functions
2. Firm Administration
3. Client Administration
Sentry_Role_Firm_Admin Firm Admin role allows user to access to below listed menus:
1. Firm Administration
2. Client Administration
Sentry_Role_User User role is allowed to access only client application and is not authorized to access Sentry Admin

2.2.1 Add New Role

Click Add Icon and enter the information in the form. Click save to add the new role.

2.2.2 Edit Role

Click Edit icon and make the necessary changes on the Manage Roles screen.

Click Save to update the changes

2.2.3 Delete Role

Click delete icon to delete a Role. Click OK button on confirmation pop up window.

2.3 Manage Scopeset

Click Manage Scopeset menu item, which navigates to 'Manage Scopeset' page as shown below.

2.3.1 Add New Scope

Click Add Icon and enter the information in the form. Click save to add the new scope.

2.3.2 Edit Scope

Click Edit icon and make the necessary changes on the Manage Scopeset screen.

Click Save to update the changes.

2.3.3 Delete Scope

Click delete icon to delete a Scope. Click OK button on confirmation pop up window.

2.4 Scope Fields

Click Scope Fields menu item, which navigates to scope field's page as shown below.

2.4.1 Add New Field

Click ** ** Add icon and enter the information in the form. Click save to add the new field.

2.4.2 Edit Field

Click Edit icon and make the necessary changes on the Scope Fields screen.

Click Save to update the changes.

2.4.3 Delete Field

Click delete icon to delete a Field. Click OK button on confirmation pop up window.

3. Client Administration

In the left navigation panel, CLIENT ADMINISTRATION menu and four submenus and client drop down will be displayed.

3.1 Manage Clients

Click on Manage Clients menu item, which navigates to 'Manage Clients' page as shown below.

3.1.1 Add New Client

Click ** ** Add icon ** ** and enter the information in the form. Click save to add the new Client

The Add Client application interface provides control over the usage and behavior of the applications requesting access to protected resources through the Sentry Gateway

Add Client -> General Tab

General Tab Fields Description
Name (Required) A descriptive name for the client
Description A description of what the client application does.
This description appears when the user is prompted for authorization
URL Client application URL, where application is hosted
Icon URL Enter the ICON URL for particular client
Redirect URL (Required) URL to redirect to the client application

Add Client -> Security Tab

Security Tab Fields Description
Access Token Expire Time (Required) Access token expire time will be configured according to the client application,
which can be in seconds, minutes, hours, days, weeks, months, years.
Refresh Token Expire Time (Required) Expiry time should be greater than the access_token,
which can be in seconds, minutes, hours, days, weeks, months, years.
Get the new access token by exchanging the refresh token.
Auth Code Expire Time (Required) Expiry time should be lesser than the access_token,
which can be in seconds, minutes, hours, days, weeks, months, years.
Exchanging the authorization code will get the access token (in minutes is recommended).

Add Client -> Custom Tab

Custom Tab Fields Description
Grant page Grant page will be prompted after successful authentication of user.
Sentry admin provides three options: default, custom or none.
Default: Choose this option to prompt user with default grant page provided by Sentry.
Custom: Choose this option to have a custom page. Select the appropriate custom file paths for this option.
None: Choose this option to ignore the grant option and bypass grant page and user consent.
Login Page Choose the Login page options: default or custom.
Default: Choose this option to prompt user with default login page provided by the Sentry.
Custom: Choose this option to have custom page. Select the appropriate custom file paths for this option
Forgot Password page Choose forgot password page: default or custom.
Default: Choose this option to prompt user with default forgot password page provided by the Sentry.
Custom: Choose this option to have a custom page. Select the appropriate custom file paths for this option
Reset Password Page Choose reset password page: default or custom.
Default: Choose this option to prompt user with default reset password page provided by the Sentry.
Custom: Choose this option to have custom page. Select the appropriate custom file paths for this option.
Error Page Choose error page: default or custom.
Default: Choose this option to prompt user with default error page provided by the Sentry.
Custom: Choose this option to have a custom page. Select the appropriate custom file paths for this option
Auditlog location Choose this option to store log

Edit Client -> Security Tab

After saving client successfully, Sentry admin will generate client_id and client_secret which is used for the authorization flows.

Security Tab Fields Description
Client Id Client Id will be used to authorize the client registered with the Sentry
Client Secret This is used to get the access_token along with auth_code and client_Id

3.1.2 Edit Client

Click Edit icon and make the necessary changes on the Manage Clients screen.

Click Save to update the changes.

Edit Client -> Keys Tab

After adding a client, in the client edit mode, Key tab will be displayed to enable secure openID token. In secure key two options are available to set the key, DB and External

Secure Key -> DB option

Keys Tab Fields Description
Token Security Choose this option to secure OenID tokens
Secure Key Sentry generates RSA public and private keys.
Public key will be stored in the database,
Private key will be downloaded.
RSA private key can be downloaded only once
Generate Secure Key Enter the file name and click on generate button to generate RSA key
Finger print will be displayed under keys table and will be saved to the database
Private key will be downloaded to the system
Activate Select radio button in the key table under Activate and click on Save

Secure Key -> External option

Keys Tab Fields Description
Token Security Choose this option to secure tokens
Secure Key Select External option
Input the secure key path, select the RSA public key from the list and click on save
(for RSA key generation refer section 9 GENERATION OF KEYS, subsection 9.2 RSA KEYS)

3.1.3 Delete Client

Click delete icon to delete a Client. Click OK button on confirmation pop up window.

3.1.4 Regenerate Client Id

Click regenerate icon for client Id under security tab, confirmation dialog will be displayed.

Click on OK button to regenerate client Id.

3.1.5 Regenerate Client Secret

Click regenerate icon for client secret under security tab, confirmation dialog will be displayed.

Click on OK button to regenerate client secret.

Client Selection

In the left navigation panel, below Manage clients, client selection list will be displayed.

Clients created under Manage clients will be displayed in this list

3.2 Manage Properties

Click on Manage Properties menu item, which navigates to manage properties page as shown below.

3.2.1 Add New Property

Click Add icon and enter the information in the form. Click Save to add the new property.

3.2.2 Edit Property

Click Edit icon and make the necessary changes on the Manage Properties screen.

Click Save button to update the changes.

3.2.3 Delete Property

Click delete icon to delete a Property. Click OK button on confirmation pop up window.

3.3 Assign Users

Click on Assign Users menu item, which navigates to Assign Users page as shown below.

3.3.1 Assign User

Click Assign user icon to assign the user for a particular client. This will be displayed on a pop up window.

Click on OK button to assign the user.

3.3.2 Assign Property

Click Assign property icon which will prompt client property. Properties created under Manage Properties will be listed. Select the properties to be assigned to the user and click on Save Changes button.

3.3.3 Unassign User

Click on Unassign user icon to unassign the user.

Confirmation dialog to unassign the user for a particular client will be displayed.

Click on OK button to unassign user.

3.3.4 Revoke Access

Click on Revoke access icon to revoke user access.

Confirmation dialog to revoke the access of a user for a particular client.

Click on OK button to revoke the access.

3.4 Assign Fields And Scopesets

Click on Assign Fields and Scopesets menu item, which navigates to 'Assign Fields and Scopesets' page.

Scopesets created under Manage Scopeset and Fields created under Scope Fields under Firm Administration will be listed as drop down list.

Select the Scopesets and Fields and click on SAVE button to assign the Scopesets and fields to a client.

4. Admin API Access

Feature to control access to admin API. Super admin can enable/disable API access at client level in sentry admin.

Enabling API access will allow third party applications to access admin API calls using client credentials. The following operations can be performed: - Client CRUD operations - User CRUD operations - Invite user

Disabling API access, will deny all requests to the API from third party applications.

5. Search Functionality

Admin can search the entity by using a key name.

Following are few of the menus with search feature:

Manage Firm

Manage User

Manage Client

Assign User

Note: Autocomplete feature displays the matching entity

6. Preferences

Click on username ( SUPER ) at the top right corner of the page and select Preferences.

6.1 Change Password

Click on Preferences, Change Password page will be displayed.

To change password fill in the fields New Password and Confirm Password and click save button. After successfully changing password user will be redirected to the login screen.

6.2 Logout

To log out of sentry admin application click on Logout located under user name drop down list at top right corner of the page. Once user has successfully logged out the application, user will be redirected to the login page.

7. Sentry Admin Audit Log

Feature to capture all the events in sentry admin application and API calls.

Audit log options Description
DB choose this option to save audit log data to a database
File Choose this option to save audit log data to a file.
If file is selected, an appropriate Audit log Path is required.

Set environment variable "DEFAULT_AUDIT_LOG_PATH" and file path of the audit log,
incase audit log path is not entered under gateway settings, application will consider
the path set in environment variables.

The following events will not be captured in the audit log:

  • Superadmin login and logout events
  • Any events in Manage Roles functionality

8. Email Template Externalization

Set the folder path which contains the email templates in the environment variable 'EMAIL_TEMPLATE_DIRECTORY'.

The template can be customized according to the requirement.

Note: All sample email templates are available under release repository folder of Sentry.

9. Generation Of Keys

Tool is provided with the package to generate Symmetric and RSA keys.



Revision History** **

Date Author Changes Version
18 July 2016 Johnson Initial Draft 1.0
22 Aug 2016 Johnson Initial Draft 1.0.3
21 Oct 2016 Johnson 1.0.8
20 Jan 2017 Johnson Sections added
  4 Admin API Access
  5 Search functionality
  7 Sentry Admin Audit Log
  8 Email Template Externalization
  9 Generation of Keys

Sub Sections updated
  5.2 Configuring Firm Settings
  7.1.2 Edit Client
1.0.9