enterprise-demo.userify.com
Open in
urlscan Pro
5.161.186.103
Public Scan
URL:
https://enterprise-demo.userify.com/
Submission: On July 27 via automatic, source certstream-suspicious — Scanned from DE
Submission: On July 27 via automatic, source certstream-suspicious — Scanned from DE
Form analysis 19 forms found in the DOM
<form class="login_form panel" autocomplete="on">
<h2 style="margin-bottom: .5em;">
<a href="https://userify.com">Login
<img class="logo" style="float:right" src="/userify-logo_2016-darkblue-blue-no-tagline_no-cloud-curve.svg" alt="logo"></a>
<!--
<img class="logo" style="float:right" src="/userify-logo_2016-darkblue-blue-no-tagline_no-cloud-curve.svg" alt=logo></a>
-->
</h2>
<input type="text" class="precache_username_field form-control" name="username" placeholder="Username" required="true" xautofocus="">
<input type="password" class="form-control" name="password" placeholder="Password" required="true">
<label style="display: none; font-weight: normal; margin-top:.4em;"><input type="checkbox" name="rememberme" xchecked=""> Stay Logged In</label>
<button style="margin-top: 2.8rem;" class="btn btn-lg btn-success btn-block" data-ah-action="login" type="submit">Login</button>
<div style="margin: 1.0rem auto;">
<a class="link hidden_ldap" href="#" data-ah-action="display_forgot_password">Forgot Password (local)</a>
<!-- not used for LDAP/AD feature: -->
<!--
data-ah-action="data-ah-flip"
data-ah-flip="click:signup_form"
-->
<a class="link hidden_signup hidden_ldap" data-ah-action="display_signup_form" style="float:right" href="#">Sign Up (local)</a>
<p style="margin-top:1rem;">Never log in on a machine that doesn't belong to you.</p>
</div>
</form><form class="base_configuration_form">
<br>
<!--
<div class="bucket_settings_menu">
<h3 class="section-header">File System Settings</h3>
<p>Important: Ensure this directory is backed up on at least a
daily basis. </p>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th class="hidden-xs hidden-sm">DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody><tr>
<td><b>Filesystem Path</b></td>
<td class="hidden-xs hidden-sm">Where to store all Userify data files</td>
<td>
<input name="filesystem_path" class="hidden base_config_var"
placeholder="/opt/userify-server/data/"
value="/opt/userify-server/data/" >
</td>
</tr></tbody>
</table>
</div>
<br>
-->
<input name="filesystem_path" class="hidden base_config_var" placeholder="/opt/userify-server/data/" value="/opt/userify-server/data/">
<div class="server_admin_settings">
<h3 class="section-header">Server Configuration Administrator</h3>
<p> Please set the username and password for the account that will be used to manage this server. </p>
<p> This is a special systems administrator account that exists outside of Userify itself and is only used to manage this server system configuration, such as cache and email settings. </p>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th class="hidden-xs hidden-sm">DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>Username</b></td>
<td class="hidden-xs hidden-sm">This server special administrator username</td>
<td><input name="sa_username" class="base_config_var" placeholder="username" value="admin"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>Password</b></td>
<td class="hidden-xs hidden-sm">This server special administrator password (displayed)</td>
<td><input name="sa_password" class="base_config_var" placeholder="password"></td>
</tr>
</tbody>
</table>
</div>
<br>
<div class="base_config_stage2">
</div>
<br>
<div class="text-center next_button">
<button class="btn btn-success btn-block btn-lg" data-ah-action="test_settings" href="#">NEXT </button>
</div>
</form><form class="base_configuration_form">
<br>
<div class="bucket_settings_menu">
<h3 class="section-header">Bucket Settings</h3>
<p> Don't forget to create the bucket and assign IAM permissions to this user. <b><a href="/example_s3_policy/" target="NEW">Example IAM
policy</a></b>.</p>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th class="hidden-xs hidden-sm">DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>AWS Access Id </b></td>
<td class="hidden-xs hidden-sm">The AWS access key to access S3 data (in any bucket).</td>
<td><input name="access_id" class="base_config_var" placeholder="Access ID starts with AKIA...."></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>AWS Secret Key </b></td>
<td class="hidden-xs hidden-sm">The AWS secret key to access S3 data (in any bucket).</td>
<td><input name="secret_key" class="base_config_var"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>Bucket Name </b></td>
<td class="hidden-xs hidden-sm">The name of the S3 bucket where your <i>configuration</i> data will be stored. Don't forget to create it and set IAM permissions as mentioned above. This bucket name must not contain periods(.).</td>
<!--
<td><input name="bucket_name"
class="base_config_var"
placeholder="yourcompany-userify-enterprise"></td>
-->
<td><input name="bucket_name" class="base_config_var" placeholder="Bucket Name (create and grant perms above)"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>S3 Bucket Region</b></td>
<td class="hidden-xs hidden-sm">The region of the S3 bucket where your <i>configuration</i> data will be stored. Make sure this is right.</td>
<td>
<select name="s3_region" class="base_config_var">
<option selected="">US-Standard</option>
<option>US-East-1</option>
<option>US-West-1</option>
<option>US-West-2</option>
<option>EU-West-1</option>
<option>EU-Central-1</option>
<option>AP-SouthEast-1</option>
<option>AP-SouthEast-2</option>
<option>AP-NorthEast-1</option>
<option>SA-East-1</option>
</select>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div class="server_admin_settings">
<h3 class="section-header">Server Configuration Administrator</h3>
<p>This is a special systems administrator account that exists outside of Userify itself and is only used to manage this server system configuration, such as cache and email settings. </p>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th class="hidden-xs hidden-sm">DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>Username</b></td>
<td class="hidden-xs hidden-sm">This server special administrator username</td>
<td><input name="sa_username" class="base_config_var" placeholder="username"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>Password</b></td>
<td class="hidden-xs hidden-sm">This server special administrator password (displayed)</td>
<td><input name="sa_password" class="base_config_var" placeholder="password"></td>
</tr>
</tbody>
</table>
</div>
<br>
<div class="base_config_stage2">
</div>
<br>
<div class="text-center next_button">
<button class="btn btn-success btn-block btn-lg" data-ah-action="test_settings" href="#">NEXT </button>
</div>
</form><form>
<div class="col-md-12">
<div class="container-fluid">
<div class="row panel headerbar">
<div class="col-xs-12 col-lg-8">
<h1>
<span class="company_name" data-update="name"></span> Settings
</h1>
</div>
<div class="col-xs-12 col-lg-4 align-right">
<button data-ah-action="add_project" class="add_project btn-sm btn btn-default">New Project</button>
</div>
</div>
</div>
<div class="panel">
<h4>Upgrade</h4>
</div>
</div>
</form>#
<form action="#">
<div class="col-md-12">
<div class="container-fluid">
<h1 class="hidden" style="float: left; padding: .75rem 1rem 0 0">
</h1>
<!-- COMPANY TABS -->
<ul class="nav nav-pills nav-justified">
<li class="active " role="presentation">
<a href="#company-home" aria-controls="#company-home" role="tab" data-toggle="tab">
Company
</a>
</li>
<li class="" role="presentation">
<a href="#company-projects" aria-controls="#company-projects" role="tab" data-toggle="tab">
Projects
</a>
</li>
<li class="" role="presentation">
<a href="#company-users" aria-controls="#company-users" role="tab" data-toggle="tab">
Users
</a>
</li>
<li class="company_admin_only" role="presentation">
<a href="#company-settings" aria-controls="#company-settings" class="company_admin_only" role="tab" data-toggle="tab">
Settings
</a>
</li>
</ul>
<!--
<div class=hidden style="float: left;">
<h1>
<i data-ah-action="delete_company"
class="company_admin_only fa fa-times-circle delete_company pull-right no-underline text-danger pointer"></i>
</h1>
</div>
-->
<div class="tab-content">
<!-- COMPANY HOME -->
<div role="tabpanel" class="active tab-pane" id="company-home">
<br>
<h1><span class="company_name" data-update="name"></span></h1>
<br>
<p><span class="company_notes" data-update="notes"></span></p>
</div>
<!-- PROJECTS -->
<div role="tabpanel" class="tab-pane" id="company-projects">
<h1>Projects <i data-ah-action="add_project" class="fa fa-plus-circle company_admin_only add_project pull-right text-success pointer"></i>
</h1>
<div class="company_module">
<div class="company-projects"> No visible projects yet. Click <a href="#" class="company_admin_only add_project company_admin_only add_project text-success pointer" data-ah-action="add_project">
New Project
<i data-ah-action="add_project" class="fa fa-plus-circle" data-hasqtip="2" aria-describedby="qtip-2"></i>
</a> to create one. </div>
</div>
</div>
<!-- USERS -->
<div role="tabpanel" class="tab-pane" id="company-users">
<!-- class="invite_company_user pull-right btn-sm btn btn-success">
<i class="fa fa-plus-circle"></i></button>
-->
<h1>Users <!--
<i data-ah-action="invite_company_user"
-->
<i data-ah-action="invite_single_company_user" class="
xhide_on_enterprise
fa fa-plus-circle invite_company_user
company_admin_only pull-right text-success pointer">
</i>
</h1>
<div class="user_module">
<div class="company-users"> No users yet; click <button href="#" class="company_admin_only" data-ah-action="invite_company_user">Invite User</button> to invite someone. </div>
</div>
</div>
<!-- SETTINGS -->
<div role="tabpanel" class="company_admin_only tab-pane" id="company-settings">
<!-- class="invite_company_user pull-right btn-sm btn btn-success">
<i class="fa fa-plus-circle"></i></button>
-->
<div class="company-settings">
<br>
<table class="table table-striped table-responsive" data-fillup-filter="show:edition=all, hide:edition=cloud">
<tbody>
<tr>
<td valign="top">Name</td>
<td valign="top">
<span class="company_name" style="text-decoration: underline;" data-update="name"></span>
</td>
</tr>
<tr>
<td valign="top">Notes</td>
<td valign="top">
<span data-type="textarea" style="text-decoration: underline;" class="company_notes" data-update="notes"><span style="color: #aaa;">Notes</span> </span>
</td>
</tr>
</tbody>
</table>
<div class="billing_menu toggle_pane" data-fillup-filter="hide:edition=all, show:edition=cloud">
<span class="active" data-ah-action="toggle_pane" data-toggle-followup="" data-toggle-source="billing-usage" data-toggle-pane="billing-pane"> Utilization </span>
<span data-ah-action="toggle_pane" data-toggle-followup="" data-toggle-source="billing-update-card" data-toggle-pane="billing-pane"> Update Card </span>
</div>
<div class="billing-wrapper panel panel-default" data-fillup-filter="hide:edition=all, show:edition=cloud" data-setup-fn="setup_billing_settings">
<div class="billing-usage billing-pane">
<div class="panel-heading">
<h3 class="panel-title"> Utilization <span class="report-for-month-year"></span>
</h3>
</div>
<div class="panel-body">
<div class="report_totals"></div>
<div class="usage_display"></div>
<div class="date-selector">
<select name="month-select" class="form-control month-select" style="display:inline-block; width: auto;">
<option value="1">January</option>
<option value="2">February</option>
<option value="3">March</option>
<option value="4">April</option>
<option value="5">May</option>
<option value="6">June</option>
<option value="7">July</option>
<option value="8">August</option>
<option value="9">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="year-select" class="form-control year-select" style="display:inline-block; width: auto;">
<option value="2022" selected="">2022</option>
<option value="2021">2021</option>
</select> <button data-ah-action="display_company_usage" class="btn btn-large btn-success">Load</button>
</div>
</div>
</div>
<div class="billing-update-card billing-pane hidden">
</div>
</div>
<p>
<a data-ah-action="delete_company" style="cursor:pointer" class="delete_company company_admin_only">Delete Company
<i class="hidden company_admin_only fa fa-times-circle
delete_company pull-right no-underline text-danger pointer"></i>
</a>
</p>
</div>
</div>
</div>
<div class="hidden row headerbar">
<div class="col-xs-12">
<div style="float: left;">
<h1>
<span class="company_name" data-update="name"></span>
</h1>
<p><span data-type="textarea" class="company_notes hidden-xs hidden-sm" data-update="notes"><span style="color: #ddd;">Notes</span> </span>
</p>
</div>
<div style="float: right;">
<button data-ah-action="enterprise_user_manager" class="hidden btn-sm btn btn-default visible-enterprise">Enterprise User Manager</button>
<button data-ah-action="delete_company" class="hidden delete_company btn-sm btn btn-danger">Delete</button>
<h1>
<i data-ah-action="delete_company" class="company_admin_only fa fa-times-circle delete_company pull-right no-underline text-danger pointer"></i>
<i data-ah-action="company_settings_menu" class="hidden fa fa-cog company_admin_only pull-right no-underline pointer text-info"></i>
</h1>
<button data-ah-action="company_settings" data-permission-required="manage_company" class="hidden btn-sm btn btn-default">Settings</button>
<button data-ah-action="company" class="hidden btn-sm btn btn-default"> Projects</button>
<button data-ah-flip="click:company_user_list,company_module" data-ah-action="manage_users" class="hidden manage_users btn-sm btn btn-default"> Users</button>
</div>
</div>
</div>
<!-- end row headerbar -->
</div>
</div>
</form><form>
<div class="container-fluid" style="padding: 1rem 0 .5rem;">
<div class="row">
<div class="col-lg-3"></div>
<div class="col-xs-12 col-lg-6">
<button class="btn btn-success btn-block btn-lg" data-ah-action="update_main_config">Save Configuration and Restart Server <i class="fa fa-check"></i>
</button>
<br>
<div class="error_msg"></div>
</div>
</div>
</div>
<div class="configuration-tab-panes tab-content">
<div class="tab-pane fade in" id="welcome-configuration">
<!-- INTRODUCTION TAB -->
<h5> Welcome to Userify! </h5>
<p class="whatyouneedtoknow"> What's next: configure your server and click save. This will restart your server with the new configuration. </p>
<p>
<b>PLEASE NOTE:</b> The user account you just logged in with is for this server configuration dashboard <i>only</i>. Company administrators do not have the ability to do server administration.
</p>
<p> Because of this, you will be prompted to create your first <i>company</i> administrator <b>after</b> configuration, and then that administrator will create companies and invite users (and possibly appoint additional administrators). </p>
<p>
<b>IMPORTANT:</b> Back up your entire /opt/userify-server directory, including the <tt>base_config</tt> file, at least daily. Don't forget about this. Even if you backup the data files, they are encrypted with strong crypto and are useless
without the key stored in the <tt>base_config</tt> file.
</p>
<p class="hidden">Lost your encryption key? Don't worry - you can still recover it by logging in with SSH and accessing the /opt/userify-server/base_config.cfg file, which is a plain-text JSON file on your server. Data is very strongly
encrypted, so if you lose this encryption key, you also permanently lose access to your data in S3 or the network filesystem. We recommend that you back up your base_config.cfg file and your S3 bucket (or network filesystem) for best results.
Tip: you can move over to a completely new Userify server just by copying over that base_config and granting it access to the same S3 bucket or network filesystem that it was original created with, or just by providing the same encryption
key. </p>
</div>
<div class="tab-pane fade in" id="registration-configuration">
<a role="button" data-toggle="collapse" href="#registration-configuration-collapse" aria-expanded="false" aria-controls="registration-configuration-collapse">
<h5>
Registration
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="registration-configuration-collapse">
<p class="whatyouneedtoknow"> Register below for free priority support and security alerts. </p>
</div>
<div class="config-form-fields">
<div class="config-form-intro">
<h6>Company Name</h6> Your company's name
</div>
<div class="config-form-field">
<input class="form-control" name="contact_company" placeholder="Your Company Name">
</div>
<div class="config-form-intro">
<h6>Contact Name</h6> Your name
</div>
<div class="config-form-field">
<input class="form-control" name="contact_name" placeholder="Your Name">
</div>
<div class="config-form-intro">
<h6>Contact Email</h6> Your email
</div>
<div class="config-form-field">
<input class="form-control" name="contact_email" placeholder="Your Email">
</div>
<div class="config-form-intro">
<b>Comment</b><br>Do you have a question, comment, or feature request?<br>
<textarea row="10" style="width:100%; height: 5em;" name="contact_comments" placeholder="Comment (optional)"></textarea>
</div>
</div>
</div>
<!-- Redis configuration form -->
<div class="tab-pane fade in" id="redis-configuration">
<a role="button" data-toggle="collapse" href="#redis-configuration-collapse" aria-expanded="false" aria-controls="redis-configuration-collapse">
<h5>
High Scalability and HA Settings
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="redis-configuration-collapse">
<p style="whatyouneedtoknow"><b>What you need to know about scalability:</b><br> Userify uses Redis for cache, shared state, and to synchronize across multiple nodes. Userify can handle hundreds of thousands of nodes with a suitable
architecture. Although Redis is required for normal operation, the data in Redis can be lost or destroyed and Userify will recover critical data and configuration Just In Time from S3/disk. Architectural support is available from
<a href="https://userify.com">userify.com</a> or <a href="mailto:support@userify.com">support@userify.com</a>. </p>
</div>
<div class="config-form-fields">
<div class="config-form-intro">
<h6>Redis Host</h6> The hostname for your Redis cache server.
</div>
<div class="config-form-field">
<input class="form-control" name="redis_host" value="localhost">
</div>
<div class="config-form-intro">
<h6>Redis Port</h6> The default is 6379.
</div>
<div class="config-form-field">
<input class="form-control" name="redis_port" value="6379">
</div>
<div class="config-form-intro">
<h6>Redis Passwd</h6> Redis password (required by some services)
</div>
<div class="config-form-field">
<input class="form-control" type="password" name="redis_passwd" placeholder="default">
</div>
<div class="config-form-intro">
<h6>Redis Db</h6> The number of the Redis database to use (usually 0).
</div>
<div class="config-form-field">
<input class="form-control" name="redis_db" value="0">
</div>
</div>
</div>
<div class="tab-pane fade in" id="ldap-configuration">
<a role="button" data-toggle="collapse" href="#ldap-configuration-collapse" aria-expanded="false" aria-controls="ldap-configuration-collapse">
<h5>
LDAP/Active Directory
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="ldap-configuration-collapse">
<p style="whatyouneedtoknow"><b>What you need to know about how Userify handles AD/LDAP:</b><br> Optionally, provide details of your Active Directory/LDAP server(s), or, to stop using AD/LDAP, blank the fields. Synchronization requires a
non-administrative AD/LDAP user account. Click for <a target="_blank" href="https://userify.com/docs/enterprise/active-directory-and-ldap-configuration/">Additional Documentation</a>
</p>
<p> DN's are generally case insensitive, but USERNAME (if you choose to use it) is case sensitive and will be replaced by the user's provided username upon use. </p>
<p>Active Directory configuration is OPTIONAL. You can use Userify without ever deploying AD/LDAP and users will be created locally. <!--
Additionally, you can turn off AD/LDAP
logins and synchronization at any time and all user accounts will continue to
function normally.
--> Also, Userify can still be used even if the AD/LDAP server temporarily goes offline. </p>
<!--
<p>
Security Notes:<br>
Userify is arguably far more secure and more modern in design than any
AD/LDAP server and is designed to be used on the public internet:
all passwords are strongly hashed with an
computationally intensive password hashing function (bcrypt), all user data
is encrypted with X25519 via NaCl even before cache,
no LDAP or SQL injection layer exists, MFA is available for server logins,
no secret data such as private keys is generated or stored (except for
user passwords themselves), privilege isolation is practiced
between API endpoints, and the server itself is hardened against common
types of attacks. Because the AD/LDAP server is the weakest link in
the chain, Userify is most secure when used without AD/LDAP.
</p>
-->
<p>Authentication and search filters can be difficult to create. PLEASE contact support@userify.com if you run into configuration difficulties.</p>
<p>NOTE: The search filter is used to search for other users, such as when you are inviting a user or the Status Check user is checking the status (such as disabled or locked out) of a user to synchronize AD to Userify. The Login template is
used exclusively to login (and is used also by the status check user to initially log in to the AD server.)</p>
<p>Useful fields for Active Directory filters to key on are sAMAccountName, which is usually the normal username for that user (joe_smith), or the userPrincipalName (aka UPN): joe_smith@corp.example.com.</p>
<p>ALL LOGINS must have email (generally 'mail') attributes enabled in order to send invitations.</p>
</div>
<div class="config-form-fields">
<div class="config-form-explanation">
<h6>AD/LDAP Host (required if using AD/LDAP)</h6> The hostname for your directory server(s).<br> This should be a full resolvable hostname, IP address, or ldap[s]://hostname[:port] (not a WINS or NetBIOS name). SSL (ldaps) recommended.
</div>
<div class="config-form-field">
<input class="form-control" name="ldap_host" value="" placeholder="ldaps://10.11.12.13">
</div>
<div class="config-form-explanation">
<h6>AD/LDAP Status Check Username (required if using AD/LDAP)</h6> A non-administrative username with read-only privileges. This must be an actual username and password on the AD/LDAP server. It is used to check other user accounts for
deleted/disabled/locked out status. (Disabled/locked out flags only have a pre-defined meaning for AD.)
</div>
<div class="config-form-field">
<input class="form-control" name="ldap_email" value="" placeholder="username">
</div>
<div class="config-form-explanation">
<h6>AD/LDAP Status Check Password (required if using AD/LDAP)</h6> Password for the non-admin user.
</div>
<div class="config-form-field">
<input class="form-control" type="password" name="ldap_password" value="" placeholder="password">
</div>
<div class="config-form-explanation">
<h6>AD/LDAP Base DN (required if using AD/LDAP)</h6>
<b>Active Directory</b>: use the AD Realm such as <i>DC=corp,DC=example,DC=com</i>. <br>
<b>LDAP</b>: use a full DN such as: <i>ou=users,dc=example,dc=com</i>
</div>
<div class="config-form-field">
<input class="form-control" name="ldap_realm" value="" placeholder="DC=corp,DC=example,DC=com or ou=people,dc=example,dc=com">
</div>
<div class="config-form-explanation">
<h6>AD/LDAP Username Login Template (required only if using LDAP)</h6>
<b>Active Directory</b>: leave this blank. Windows notes: see help above. <br>
<b>LDAP</b>: If using a field other than 'cn' for username, provide a full DN for processing logins such as:<br>
<i>uid=USERNAME,ou=users,dc=example,dc=com</i> or a Windows-style UPN such as USERNAME@corp.example.com.
</div>
<div class="config-form-field">
<input class="form-control" name="ldap_username_template" value="" placeholder="USERNAME@corp.example.com">
</div>
<div class="config-form-explanation">
<h6>LDAP Search Filter (required only if using LDAP)</h6>
<b>Active Directory:</b> leave unchanged. (defaults to <i>
(&(objectClass=user)(sAMAccountName=USERNAME))
</i>). <br>
<b>LDAP Examples:</b>
<br>
<i>
(&(objectClass=inetOrgPerson)(cn=USERNAME))
</i>
<br>
<i>
(&(CN=USERNAME)(!(objectClass=contact)))
</i>
</div>
<div class="config-form-field">
<input class="form-control" name="ldap_search_filter" value="(&(objectClass=user)(sAMAccountName=USERNAME))" placeholder="(&(objectClass=user)(sAMAccountName=USERNAME))">
</div>
<div class="config-form-explanation">
<h6>LDAP Mail Attribute Name (optional)</h6> The name of the attribute containing the user's email address<br> Both Active Directory and LDAP (inetOrgPerson) call this 'mail', while some Active Directory schemas prefer userPrincipalName
instead. <input class="form-control" name="ldap_attr_mail" value="mail" placeholder="mail">
</div>
<!--
<div class="config-form-explanation">
<h6>LDAP Full Name Attribute Name</h6>
<h6>Optional.</h6>
The name of the attribute containing the user's full or last name.<br>
Active Directory: name. inetOrgPerson: givenName.
<input class="form-control" name=ldap_attr_name value="name"
placeholder="name">
</div>
<div class="config-form-explanation">
<h6>LDAP TLS Require Certification</h6>
Whether to require signed certificates when connecting
to the LDAP or Active Directory.
<input style="font-size: 1.5rem;"
type=checkbox name=ldap_opt_x_tls_require_cert checked>
</div>
<div class="config-form-explanation">
<h6>LDAP TLS</h6>
<input style="font-size: 1.5rem;"
type=checkbox name=ldap_opt_x_tls_never checked>
</div>
-->
</div>
</div>
<div class="tab-pane fade in" id="mail-configuration">
<a role="button" data-toggle="collapse" href="#mail-configuration-collapse" aria-expanded="false" aria-controls="mail-configuration-collapse">
<h5>
Mail Settings
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
<h6>Required</h6>
<p>
<b>SMTP (mail sending) must be configured for Userify to work properly.</b>
AWS and other cloud providers restrict or throttle outbound SMTP
on port 25, so appending :587 to the SMTP server name
is frequently required.
</p>
</a>
<p><a role="button" data-toggle="collapse" href="#mail-configuration-collapse" aria-expanded="false" aria-controls="mail-configuration-collapse">
The mail server name shown is correct for Gmail/Google Apps.
</a><a style="color: orange" target="_blank" href="https://userify.com/docs/configuring-userify-for-amazon-ses/">Click here for step-by-step directions to set up Userify with Amazon SES.</a>
</p>
<div class="collapse highlight section-info" id="mail-configuration-collapse">
<p style="whatyouneedtoknow"><b>What you need to know about how Userify sends email:</b><br> Userify uses standard SMTP to send email to invite users and notify them of changes to their account. TLS is <b>required.</b> Port 587 is recommended
as many providers, including Amazon, throttle or block outgoing port 25. </p>
</div>
<div class="config-form-fields">
<div class="config-form-intro">
<h6>SMTP server</h6>
</div>
<div class="config-form-field">
<input class="form-control" placeholder="smtp-relay.gmail.com:587" name="mail_server">
</div>
<div class="config-form-field">
<h6>Disable TLS </h6>
<p> Disables TLS connections to the mail server. (warning: <b>insecure</b>) <input class="pull-right" type="checkbox" name="mail_ssl_disabled" style="width:2.5rem !important;">
</p>
</div>
<div class="config-form-intro">
<h6>SMTP username</h6>
</div>
<div class="config-form-field">
<input class="form-control" placeholder="username to send email as" name="mail_username">
</div>
<div class="config-form-intro">
<h6>SMTP password</h6>
</div>
<div class="config-form-field">
<input class="form-control" type="password" placeholder="password" name="mail_password">
</div>
<div class="config-form-intro">
<h6>SMTP From email address</h6>
</div>
<div class="config-form-field">
<input class="form-control" placeholder="FROM email address (example: userify@yourcompany.com)" name="mail_from_addr">
</div>
<div class="config-form-intro">
<h6>Subject Key Word</h6> Useful for mail filters, almost every notification email begins with this word in square brackets. [Userify]
</div>
<div class="config-form-field">
<input class="form-control" placeholder="Userify" value="Userify" name="mail_notification_subject_word">
</div>
</div>
</div>
<div class="active tab-pane fade in" id="hostname-configuration">
<h5> Hostname</h5>
<div class="config-form-fields">
<p> Please configure the hostname that you would like to use with this Userify server. </p>
<div class="config-form-field">
<input class="form-control" name="web_server_url" old-name="hostname" placeholder="userify.yourcompany.com">
</div>
</div>
</div>
<div class="tab-pane fade in" id="newtls-configuration">
<h5>TLS Certificate Configuration</h5>
<div class="config-form-fields">
<div class="section-info" style="border:none;background-color:rgba(0,0,0,.02)">
<div class="config-form-field">
<label>
<input type="radio" class="" name="tls_option" value="lets-encrypt"> Use Let's Encrypt </label>
</div>
<p> Most secure: use <a target="_blank" href="https://letsencrypt.org/">Let's Encrypt</a> to receive a free TLS (formerly SSL) certificate for the hostname of your choice. By choosing this, you certify that you agree to <a href="https://letsencrypt.org/repository/" target="_blank">
Let's Encrypt's terms of service</a>. Please ensure before proceeding that: </p>
<li> A DNS "A" record exists (such as userify.yourcompany.com) that is pointing at this server's IP. </li>
<li> This server's IP is externally accessible on ports 80 and 443. <label> Email for Let's Encrypt to let you know about certificate renewals/issues:<br>
<input class="form-control" name="tls_email" placeholder="email@example.com">
</label>
</li>
</div>
<div class="section-info" style="border:none;background-color:rgba(0,0,0,.02)">
<div class="config-form-field">
<label>
<input type="radio" class="" name="tls_option" value="custom"> Custom SSL/TLS Configuration </label>
</div>
<textarea class="form-control tls_key" rows="1" name="tls_key" placeholder="# click to expand
-----BEGIN PRIVATE KEY-----
Paste the TLS private key here
-----END PRIVATE KEY-----
"></textarea>
<textarea class="form-control" rows="20" name="tls_crt" placeholder="
-----BEGIN CERTIFICATE-----
Paste all of certificates, including the issued certificate and the CA
chained certificates with a blank line between each.
Usually, you'll have more than one.
-----END CERTIFICATE-----"></textarea>
</div>
<div class="hidden section-info" style="border:none;background-color:rgba(0,0,0,.02)">
<div class="config-form-field">
<label class="">
<input type="radio" class="" name="tls_option" value="self-signed"> Self-Signed </label>
</div>
<p>Cannot be used to deploy servers. </p>
</div>
</div>
</div>
<div class="tab-pane fade in" id="urls-configuration">
<a role="button" data-toggle="collapse" href="#urls-configuration-collapse" aria-expanded="false" aria-controls="urls-configuration-collapse">
<h5>
URLs and Server Settings
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="urls-configuration-collapse">
<p style="whatyouneedtoknow"><b>What you need to know about how server settings:</b><br> Be sure to adjust the URL (and your DNS services) to point at the hostname that matches the name in the URL below. Otherwise, these settings are probably
correct at their guessed defaults.</p>
<p>In most cases, the hostname should stay as the external IP address or Elastic IP address, but if you are deploying this server inside a VPC, you may wish to use the internal IP address of the server for the shim installation server and the
shim configuration server. </p>
</div>
<div class="config-form-fields">
<div class="config-form-intro">
<h6>Web Server Url</h6>
<b>The full URL</b> to this server. This is pre-pended to password reset and invitation codes in emails, as well prepended to the shim installation path.
</div>
<div class="config-form-field">
<input class="form-control" name="old-web_server_url" placeholder="https://dashboard.userify.com/">
</div>
<div class="config-form-intro">
<h6>Shim Installer Server</h6> The <b>hostname (IP or name)</b> of the API server that the shim <b>installer.sh</b> calls back to. This should almost always be the same as this server name or IP address.
</div>
<div class="config-form-field">
<input class="form-control" placeholder="shim_api_server" name="shim_installer_server">
</div>
<div class="config-form-intro">
<h6>Shim Configuration Server</h6> The <b>hostname (IP or name)</b> of the shim server that the shim calls into. This should almost always be the same as the shim_installer_server setting.
</div>
<div class="config-form-field">
<input class="form-control" placeholder="shim_shim_server" name="shim_configuration_server">
</div>
<!-- coming soon
-->
<!--
<div class="config-form-intro">
<h6>Shim Delay</h6>
How many seconds should each server wait before polling again?
This will increase load on the Userify server, but will ensure faster changes.
No more than sixty seconds is recommended.
</div>
<div class="config-form-field">
<input class="form-control" value=5 name="shim_delay">
</div>
<div class="config-form-intro">
<h6>Loghost</h6>
Userify can send all syslog updates to a loghost server (IP or hostname)
in standard RFC 3164 format. It's ok to leave this blank.
</div>
<div class="config-form-field">
<input class="form-control" placeholder="loghost" name="loghost">
</div>
-->
</div>
</div>
<div class="tab-pane fade in" id="certificates-configuration">
<a role="button" data-toggle="collapse" href="#certificates-configuration-collapse" aria-expanded="false" aria-controls="certificates-configuration-collapse">
<h5>
Server Certificates
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<p>Configure your TLS certificates here (optional) if you'd like the server to start on port 443. (Otherwise, the server will start on port 8120 and can be proxied with NGINX or another TLS/SSL server such as caddy2.) </p>
<div class="collapse highlight section-info" id="certificates-configuration-collapse">
<p style="whatyouneedtoknow"><b>What you need to know about how server certificates:</b><br> Userify uses TLS certificates to encrypt the connection between you and the server, and between client nodes and Userify. Although you can use
self-signed certificates, it's much more secure to install a proper CA-signed certificates and will prevent MITM attacks between your server nodes and the Userify server.</p>
<p> Installing certificates below <b>will automatically trigger
all newly configured client nodes to start checking certificates.</b> Important to understand: if you ever want to revert back to self-signed, you will have to change the configuration file on all client nodes back to self-signed in order to
make them stop checking certificates, so keep this certificate current. </p>
<p> If this server is unable to start with your pasted key and certificate, the self-signed certificate will be used instead until you can correct the problem. It is very important that your hostname on the Server Settings tab match the
hostname that is set in the certificate, or you'll get a mismatch error and shim clients will not be able to connect. (This is especially true for the shim_configuration_server and shim_installer_server setting.) Any previously configured
shims may require hostname adjustments if they are configured to use a different name. </p>
<p> For the certificate chain, paste the certificate chain that you received from your Certificate Authority with your certificate last. Place at least one blank line between certificates. Certificates (provided by your CA) begin with
-----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----, and the secret key (from the server that originally generated the CSR) similarly begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----. </p>
<p><b>Don't have separate certificates but have a combined .pem file?</b><br> Paste the entire PEM file into either of the fields below and leave the other blank.</p>
<p>
<b>You should have only one secret key and multiple certificates. Separate them by blank lines.
Optionally include # comments on their own lines. These fields are
optional and the server will used self-signed certificates if you
leave them blank.
</b>
</p>
<p> Questions? Contact support@userify.com with your account ID. </p>
</div>
<div class="form-group">
<div class="config-form-field">
<p>
<input class="form-control" type="checkbox" name="disable_certificate_verification" style="width:2.5rem !important; float:right; margin-left: 1rem;"> Checking this box will cause your server deployment recipes to not verify your server
certificates. <b>Warning: this is insecure.</b>
</p>
</div>
<p>You can paste an SSL/TLS secret key and certificate below so that you can securely access your server; for example, https://userify.example.com. You should do this <i>before</i> deploying servers, so that they are pointing at the correct,
secured hostname. It's recommended that you do not paste a key if accessing this configuration dashboard via an insecure (http instead of http) connection. You can instead update the base_config.yaml file directly. </p>
<hr>
<label>SSL/TLS Secret Key</label>
<!-- changed names to not interfere with the Userify 4 textarea vars -->
<textarea class="form-control tls_key" rows="1" name="x--tls_key" placeholder="-----BEGIN PRIVATE KEY-----
Did you purchase a signed key for this server or have a wildcart cert?
Paste the TLS private key here, or leave blank to use self-signed.
-----END PRIVATE KEY-----
"></textarea>
<label>TLS Certificates.</label>
<textarea class="form-control" rows="20" name="x--tls_crt" placeholder="-----BEGIN CERTIFICATE-----
Paste all of your certificates (the ones
that the Certificate Authority provided to you)
here, or leave blank to continue using self-signed.
Leave blank lines between each certificate.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Usually, you'll have more than one.
-----END CERTIFICATE-----
"></textarea>
</div>
</div>
<div class="tab-pane fade in" id="license-configuration">
<a role="button" data-toggle="collapse" href="#license-configuration-collapse" aria-expanded="false" aria-controls="license-configuration-collapse">
<h5>
Userify License Key
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="license-configuration-collapse">
<p class="whatyouneedtoknow"> If your License expires or is blank, you'll be placed on a limited free license. Questions? Contact support@userify.com. </p>
</div>
<div class="form-group">
<label>License Key</label>
<p>Please provide this license key to <a href="mailto:support@userify.com?subject=Userify License Key">Userify Support</a> and your license will be automatically provisioned.</p>
<input class="form-control" name="license_key" placeholder="License Key">
</div>
<!--
<div class="form-group">
<label>License Code</label>
<textarea class="hidden form-control" rows=20 name=license_code placeholder="License Code"></textarea>
</div>
-->
</div>
<div class="tab-pane fade in" id="sa_password-configuration">
<a role="button" data-toggle="collapse" href="#sa_password-configuration-collapse" aria-expanded="false" aria-controls="sa_password-configuration-collapse">
<h5>
Reset Server Admin Password
<i class="fa fa-info-circle text-info fa-pull-right"></i>
</h5>
</a>
<div class="collapse highlight section-info" id="sa_password-configuration-collapse">
<p class="whatyouneedtoknow"> Leave this blank to keep your current password. Password will not be displayed. It can also be reset by pasting a new unhashed password into the sa_password field in /opt/userify-server/base_config.cfg on the
server. </p>
</div>
<div class="form-group">
<label>New Server Admin Password</label>
<input class="form-control" type="password" name="sa_password" placeholder="New Password">
</div>
</div>
</div>
</form><form class="server_logo">
<div class="file_upload panel">
<div class="container-fluid">
<div class="row">
<div class="col-sm-12">
<label> Update Server Logo. <span class="small"><i> Recommended: 180x50 PNG</i></span>
<!--span class=uploaded_photo></span-->
</label>
</div>
</div>
<div class="row">
<div class="col-xs-9">
<input type="file" name="upload" class="avatar_upload form-control">
<br clear="both">
</div>
<div class="col-xs-1">
<button data-ah-action="form_server_logo_upload" class="tiny btn btn-success start_upload">Upload</button>
<br clear="both">
</div>
</div>
<br clear="both">
</div>
</div>
</form><form>
<div class="form-group" style="text-align:center">
<!-- FIXME TODO -->
<input class="form-control" name="sa_username" placeholder="Username">
<br>
<input class="form-control" type="password" name="sa_password" placeholder="Password">
<br>
<button class="btn btn-success btn-block" type="submit" data-ah-action="main_config_login">Login</button>
</div>
</form><form>
<div class="eum_wrapper">
<h1>Enterprise User Manager</h1>
<h2 data-update="name"></h2>
<div class="project_info">
<h3 data-update="name"></h3>
</div>
<ul class="nav nav-tabs">
<li class="active"><a class="btn btn-success" href="#tab1" data-toggle="tab">Usergroups</a></li>
<li><a class="btn btn-success" href="#tab2" data-toggle="tab">Roles</a></li>
<li><a class="btn btn-success" href="#tab3" data-toggle="tab">Grants</a></li>
</ul>
<div class="tab-content"><!-- Tab-Content -->
<!-- USER GROUPS -->
<div class="active tab-pane" id="tab1">
<div class="select_wrapper">
<span class="select-label"> User Group </span>
<select data-select-company-fn="list_company_usergroups" data-option-company-fn="list_users_in_a_company_usergroup" data-select-project-fn="list_project_usergroups" data-option-project-fn="list_users_in_a_project_usergroup"
data-option-company-activate-fn="add_user_id_to_company_usergroup" data-option-company-deactivate-fn="remove_user_id_from_company_usergroup" data-option-project-activate-fn="add_user_id_to_project_usergroup"
data-option-project-deactivate-fn="remove_user_id_from_project_usergroup" data-ah-action="eum_menu" class="form-control">
</select>
<button class="btn btn-default btn-small"> New.. </button>
<br>
</div>
<p>User groups generally have plural names.</p>
<span class="menu-label">Users</span>
<div class="itemlist">Please select a user group above to add or remove users.</div>
</div>
<!-- ROLES -->
<div class="tab-pane" id="tab2">
<div class="select_wrapper">
<span class="select-label"> Role </span>
<select data-select-company-fn="list_company_roles" data-option-company-fn="list_permissions_in_a_company_role" data-select-project-fn="list_project_roles" data-option-project-fn="list_permissions_in_a_project_role"
data-ah-action="eum_menu" class="form-control">
</select>
<button class="btn btn-default btn-small"> New.. </button>
<br>
</div>
<p>Note: built-in roles cannot be edited. Roles generally have singular names.</p>
<span class="menu-label">Permissions</span>
<div class="itemlist">Please select a role above to adjust its permissions.</div>
</div>
<!-- GRANTS -->
<div class="tab-pane" id="tab3">
<div class="select_wrapper">
<span class="select-label"> Role </span>
<select data-select-company-fn="list_company_roles" data-option-company-fn="list_usergroups_in_a_company_role" data-select-project-fn="list_project_roles" data-option-project-fn="list_usergroups_in_a_project_role" data-ah-action="eum_menu"
class="form-control">
</select>
<button class="btn btn-default btn-small"> New.. </button>
<br>
</div>
<p>Grants link a role to one or more usergroups.</p>
<span class="menu-label">User Groups</span>
<div class="itemlist">Please select a role above to adjust its usergroups.</div>
</div>
<!-- End Tab-Content -->
</div>
</div>
</form><form class="login_form" autocomplete="on" style="width: 400px; top: 0; padding: 2rem; background: rgba(0,0,0,.8); box-shadow: 1px 1px 3px;">
<input type="text" class="precache_username_field form-control" name="username" placeholder="Username" required="true" xautofocus="">
<br>
<input type="password" class="form-control" name="password" placeholder="Password" required="true">
<button style="margin-top: 2.8rem;" class="btn btn-lg btn-success btn-block" data-ah-action="login" type="submit">Login</button>
<div style="margin: 1.0rem auto;">
<!-- not used for LDAP/AD feature: -->
<a class="link hidden_ldap" href="#" data-ah-action="display_forgot_password">Forgot Password (local)</a>
<a class="link hidden_signup hidden_ldap" data-ah-action="data-ah-flip" data-ah-flip="click:signup" style="float:right" href="#">Sign Up (local)</a>
<p style="margin-top:1rem;">Never log in on a machine that doesn't belong to you.</p>
</div>
</form><form class="login_form panel" autocomplete="on">
<h2 style="margin-bottom: .5em;">
<a href="https://userify.com">Login
<img class="logo" style="float:right" src="/userify-logo_2016-darkblue-blue-no-tagline_no-cloud-curve.svg" alt="logo"></a>
<!--
<img class="logo" style="float:right" src="/userify-logo_2016-darkblue-blue-no-tagline_no-cloud-curve.svg" alt=logo></a>
-->
</h2>
<input type="text" class="precache_username_field form-control" name="username" placeholder="Username" required="true" xautofocus="">
<input type="password" class="form-control" name="password" placeholder="Password" required="true">
<label style="display: none; font-weight: normal; margin-top:.4em;"><input type="checkbox" name="rememberme" xchecked=""> Stay Logged In</label>
<button style="margin-top: 2.8rem;" class="btn btn-lg btn-success btn-block" data-ah-action="login" type="submit">Login</button>
<div style="margin: 1.0rem auto;">
<a class="link hidden_ldap" href="#" data-ah-action="display_forgot_password">Forgot Password (local)</a>
<!-- not used for LDAP/AD feature: -->
<!--
data-ah-action="data-ah-flip"
data-ah-flip="click:signup_form"
-->
<a class="link hidden_signup hidden_ldap" data-ah-action="display_signup_form" style="float:right" href="#">Sign Up (local)</a>
<p style="margin-top:1rem;">Never log in on a machine that doesn't belong to you.</p>
</div>
</form><form>
<div class="modal_panel logofied">
<div class="error_msg"></div>
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<h1 class="section-header">BASE CONFIGURATION</h1>
<br>
<div class="navbar">
<div class="navbar-inner">
<div class="container">
<ul class="nav nav-tabs">
<li><a class="active" href="#tab1" data-toggle="tab">Introduction</a></li>
<li><a href="#tab2" data-toggle="tab">Crypto Keys</a></li>
<li><a href="#tab4" data-toggle="tab">First User Account</a></li>
<li><a href="#tab5" data-toggle="tab">Configuration</a></li>
<li><a href="#tab3" data-toggle="tab">AWS Configuration</a></li>
</ul>
</div>
</div>
</div>
<div class="tab-content">
<div class="active tab-pane" id="tab1">
<p> Welcome to Userify! </p>
<p> To prevent compromise of data stored in an S3 bucket, Userify encrypts all data except for usernames before storing to S3. The key used for this encryption <a target="NEW" href="https://en.wikipedia.org/wiki/Salsa20#ChaCha20_adoption">
(Salsa 20, a replacement for RC4)</a> is automatically generated but <b>must be backed up.</b>
</p>
<p>
<mark>WARNING!</mark><b>
<i>
Your encryption key
is irrecoverable,
rendering all Userify data lost.
</i></b>
</p>
<p> Back up /opt/userify-server after this server initialization is complete. </p>
</div>
<div class="tab-pane" id="tab2">
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th>DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>Secret Key </b></td>
<td>Automatically generated secret key.</td>
<td><input name="crypto_key" disabled="" class="base_config_var" value="008ad9a"></td>
</tr>
</tbody>
</table>
</div>
<div class="active tab-pane" id="tab3">
<p> Using the crypto key on the prior page, Leave blank to not store encrypted configuration in S3. <button data-ah-action="upload_new_s3_configuration" class="pull-right btn btn-success btn-lg">Finish
<i class="fa fa-check"></i></button><br><br>
</p>
</div>
<div class="tab-pane" id="tab4">
<p>Create a user account for the first user. This user will have Manage Server permissions. Please ensure this account has a valid email for notifications and resets. </p>
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>NAME</th>
<th>DESCRIPTION</th>
<th>VALUE</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>Email</b></td>
<td>Your Email address. (Not currently editable after install.)</td>
<td><input class="base_config_var" name="email" placeholder="your@email.com"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>Your (Linux) Username</b></td>
<td>This can be the same as email if desired (if your Linux supports this). (Not currently editable after install.)</td>
<td><input class="base_config_var" name="username" placeholder="username"></td>
</tr>
</tbody>
<tbody>
<tr>
<td><b>Password</b></td>
<td>This is the password you will use to log into the web console.</td>
<td><input class="base_config_var" name="password" type="password"></td>
</tr>
</tbody>
</table>
</div>
<div class="tab-pane" id="tab5">
<div class="row">
<div class="col-md-12">
<div>
<p>Please note: In Userify AWS, <b>you are responsible</b> for backing up your own disk configuration. Please back up the entire <code>/opt/userify-server/</code> directory.</p>
<p><mark>DO NOT CLICK FINISH</mark> until you have the previous configuration pages correct, and any necessary S3 buckets created and permissions assigned.</p>
<!--button class="btn btn-default btn-lg pull-right"
data-ah-action="create_new_s3_configuration">
Continue to Main Configuration
</button> -->
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="pull-right">
<button type="button" class="btn-outline btn btn-default btn-sm" data-ah-action="display_login_form">Skip to Login <span aria-hidden="true" class="fa fa-check"></span>
</button> <button type="button" class="btn-outline btn btn-default btn-sm" data-ah-action="data-ah-flip" data-ah-flip="click:base_configuration_enterprise"> Main Menu <span aria-hidden="true"
class="fa fa-check"></span>
</button>
</div>
</div>
</div>
</div>
</div>
</form><form class="profile" role="form">
<div class="container-fluid">
<div class="row">
<!--div class="col-lg-3 col-md-4 hidden-xs hidden-sm">
<br>
<div class='myavatar right'></div>
</div-->
<div class="col-lg-12">
<h1>Profile <!--span style="float:right;" data-ah-action="logout" type="submit" class="display-xs display-sm hidden-md hidden-lg btn-small btn btn-danger"><i class="fa fa-log-out"></i></span-->
</h1>
<!--p>Upload your photo at <a target=blank href="https://gravatar.com/">Gravatar</a>.-->
<div class="form-group">
<label>Name</label>
<input type="text" class="form-control" name="name" placeholder="Name">
</div>
<div class="form-group hidden_ldap">
<label>Email</label>
<input type="text" class="email form-control" name="email" xdisabled="">
</div>
<div class="form-group hidden_ldap">
<label>Linux Username</label>
<!-- password must be changed if username is changed, since it's salted with the username! -->
<input type="text" class="form-control" name="username">
</div>
<!--
<div class="form-group">
<label>Theme</label>
<select class="form-control" name="userify_theme">
<option>Default</option>
<option>Night</option>
<option>Day</option>
</select>
</div>
-->
<div class="form-group">
<label>Preferred Shell</label>
<div class="fancy-form fancy-form-select">
<select class="form-control" name="preferred_shell">
<optgroup label="Recommended Shells">
<option data-content="<span class='label label-success'>/bin/bash</span>">/bin/bash</option>
<option data-content="<span class='label label-primary'>/bin/sh</span>">/bin/sh</option>
</optgroup>
<optgroup label=" Automation and Backup Accounts ">
<option data-content="<span class='label label-warning'>/sbin/nologin</span>">/sbin/nologin</option>
<option data-content="<span class='label label-danger'>/bin/false</span>">/bin/false</option>
</optgroup>
</select>
</div>
</div>
</div>
<div class="col-lg-12">
<label>SSH Public Key Import from <span style="text-decoration: none;" class="link" data-ah-action="import_github_key">GitHub <i class="fa fa-github-alt"></i><!--input type="text" name="github_username"--></span> or <span
style="text-decoration: none;" class="link" data-ah-action="import_gitlab_key">GitLab <i class="fa fa-gitlab"></i></span>.
<a style="font-weight: bold; text-decoration: none; margin-left: 0rem;" class="link" href="https://userify.com/docs/generating-ssh-keys-on-ec2/" target="NEW">Need help? <i class="fa fa-question-circle"></i></a>
</label>
<textarea style="height: 14em; font-size: .7em" name="ssh_public_key" placeholder="SSH Public Key" class="form-control"></textarea>
<p>More than one? Just paste them in with a blank line between! <!--span class=link data-ah-action="documentation">Need Help?</span--></p>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<span data-ah-action="change_password" type="submit" class="btn btn-default">Change Password</span>
<span data-ah-action="setup_mfa" type="submit" class="btn btn-default">Setup MFA</span>
<button data-ah-action="form_profile_update" type="submit" class="btn btn-success waitanimate"> Save </button>
<span>
<i style="display:none" class="saved_success text-success fa fa-check-circle-o"></i>
<i style="display:none" class="saved_error text-danger fa fa-times-circle"></i>
</span>
</div>
</div>
</div>
</form><form class="profile_image">
<div class="container-fluid">
<div class="row">
<div class="file_upload panel">
<div class="container-fluid">
<div class="row">
<div class="col-sm-12">
<label> Update photo. <span class="small"><i> Max 32 MB JPEG.</i></span>
<!--span class=uploaded_photo></span-->
</label>
</div>
</div>
<div class="row">
<div class="col-xs-9">
<input type="file" name="upload" class="avatar_upload form-control">
<br clear="both">
</div>
<div class="col-xs-1">
<button data-ah-action="form_profile_image_upload" class="tiny btn btn-success start_upload">Upload</button>
<br clear="both">
</div>
</div>
<br clear="both">
</div>
</div>
</div>
</div>
</form><form>
<div class="col-md-12">
<h1>Project <span class="project_name" data-update="name"></span></h1>
<div class="project-data well well-sm">
<p><b>Premium Feature</b> Grant and revoke individual user rights on this project. </p>
</div>
<div class="project_perms">
<div id="tag-info" class="input-append">
<input>
<button class="btn" type="button">Add <i class="icon-plus"></i></button>
</div>
<ul class="tag-cloud-main">
<li class="tag-cloud tag-cloud-warning">blog</li>
<li class="tag-cloud"> footer</li>
<li class="tag-cloud tag-cloud-success"> user interface</li>
<li class="tag-cloud tag-cloud-danger"> user</li>
<li class="tag-cloud tag-cloud-info"> post</li>
<li class="tag-cloud tag-cloud-inverse"> edit</li>
</ul>
</div>
</div>
</form><form>
<div class="col-md-12">
<div class="container-fluid">
<div class="row headerbar" style="margin-bottom: 0;">
<div class="col-xs-12">
<div style="float: left;">
<h1 style="margin-bottom:0">
<span class="project_name" data-update="name"></span>
</h1>
<p><span data-type="textarea" class="project_notes hidden-xs hidden-sm" data-update="notes"><span style="color: #ddd;">Notes</span> </span>
</p>
</div>
<div style="float: right;">
<h1>
<!--
<button data-ah-action="enterprise_user_manager" class="btn-sm btn btn-default visible-enterprise">Enterprise User Manager</button>
-->
<a data-ah-action="delete_project">
<i data-ah-action="delete_project" class="fa fa-times-circle company_admin_only delete_project pull-right no-underline text-danger pointer"></i>
</a>
<!--
<button data-ah-action="delete_project" class="delete_project btn-sm btn btn-danger">Delete</button>
<button data-ah-action="add_project" class="add_project btn-sm btn btn-default">New Server Group</button>
-->
<i data-ah-action="add_project" class="fa fa-plus-circle add_project company_admin_only pull-right no-underline text-success pointer"></i>
</h1>
<br>
<div class="project_server_count">
</div>
<!--
Missing company ID to pass to server and not really relevant here anyway
<button data-ah-action="invite_company_user"
data-permission-required="manage_company_invites"
class="invite_company_user btn-sm btn btn-success">Invite User</button>
-->
</div>
</div>
</div>
<div class="project_matrix no-padding">
<div class="user_cells_column">
<div class="user_column_top_cell">
<div style="
overflow: hidden;
background: rgba(0,0,0,.05);
height: 100%;
width: 100%;
position: relative; padding: 0;">
<input class="user_search" style="
background: transparent;
z-index: 500;
font-size: 2rem;
padding: 10px;
margin: 0;
border-bottom: none;
">
<span style="
position: absolute;
z-index: 0;
right: 10px;
top: 13px;">
<i class="fa fa-search text-success"></i>
</span>
</div>
<div class="hidden"> <i data-ah-action="shrink_tds" class="shrink-td pointer fa fa-chevron-left hidden-xs hidden-sm"></i>
</div>
</div>
</div>
<div class="project_matrix_table">
</div>
</div>
<div class="project_management">
<div class="projects">
</div>
<div class="project_management_menu">
</div>
<div class="project_management_main"> There aren't any server groups created yet... would you like to create one?<br>
<button data-ah-action="add_project" class="add_project btn-sm btn btn-default"> Create Server Group</button>
</div>
</div>
<div class="hidden-lg" style="margin-right: ">
</div>
<!--
<div style="margin-bottom: 300px;">
</div>
-->
</div>
</div>
</form><form class="signup signup_form panel" autocomplete="on">
<h2>Signup <a href="https://userify.com"><img class="logo" style="float:right" src="/userify-logo_2016-darkblue-blue-no-tagline_no-cloud-curve.svg"></a></h2>
<input type="text" class="form-control" name="username" placeholder="Username" required="true" autofocus="">
<input type="password" class="form-control" name="password" placeholder="Password" required="true">
<input type="email" class="form-control hidden_ldap" name="email" placeholder="Email" required="true">
<button style="margin-top: 2.8rem;" class="signup-button btn btn-lg btn-success btn-block" data-ah-action="signup" type="submit">Create Account</button>
<div style="margin-top: 1.0rem;">
<a class="link" data-ah-action="data-ah-flip" data-ah-flip="click:login_form" href="#">I already have a login.</a>
<br>
<div class="version_info">
<span class="app_full_name"></span>
</div>
</div>
<div class="progress hidden">
<div class="active progress-bar progress-bar-info progress-bar-striped" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100"
style="width: 100%; color: white; text-align:center; padding-top: 3px; padding-bottom: 3px; height: auto;"><b>One moment please..</b>
</div>
</div>
</form><form>
<div class="col-xs-12 col-md-8">
<div class="container-fluid">
<div class="row panel headerbar" style="margin-bottom: 0;">
<h1> Invite Users </h1>
<p> Please paste a comma-delimited, space-separated, or newline-separated list of users to invite to Userify. There is no limit except for your computer's memory to the number of users you can bulk invite. Please do not include names or any
other data with the email addresses. </p>
<textarea name="bulk_invite" style="color: #444; margin: 2em 0; height: 25em" class="form-control bulk_invite_input" placeholder="user1@example.com"></textarea>
<button class="btn btn-success" data-ah-action="bulk_invite">Invite Users</button>
<p></p>
</div>
</div>
</div>
<div class="col-xs-12 col-md-4" style="padding: 0 2em">
<div class="container-fluid">
<div class="row panel">
<h1>Tips</h1>
<div class="alert alert-info">
<h5 style="color:white;">Userify Enterprise</h5>
<p> If LDAP/Active Directory is configured, usernames may be used instead of emails. (Users must still accept invitations.) </p>
</div>
<div class="alert alert-success">
<b>
Inviting does not automatically grant <u>any</u> rights or
privileges to the invited users except for the ability to
see the company name and the list of users in the company.</b>
</div>
<p> <b>Project names and server groups will be invisible </b> until invited users are granted access. </p>
<p>
<b>You will not see them in your user list</b> until they create an account and accept your invitation.
</p>
<p>
<b>
If users already exist in Userify (perhaps as part of another company),</b> they'll be instantly added to your company and you can grant access to them immediately.
</p>
</div>
</div>
</div>
</form><form>
<div class="error_msg"></div>
<br>
<p>Over the next several screens, you'll set up your new Userify server. </p>
<!--using S3 or a local filesystem, or load an
existing configuration from S3.</p>-->
<p>If you have any trouble, please don't hesitate to email us at <a href="support@userify.com">support@userify.com.</a>
</p>
<br>
<br>
<div class="btn-group btn-group-lg btn-group-justified" role="group">
<!--
<div class="btn-group" role="group">
<button type="button" class="btn btn-default "
data-ah-action="data-ah-flip"
data-ah-flip="click:base_config_s3_bucket"
href="#">S3 Configuration
</button>
</div>
-->
<div class="btn-group" role="group">
<button type="button" class="btn btn-default" style="border-left: 1px solid rgba(0,0,0,.2);" data-ah-action="data-ah-flip" data-ah-flip="click:base_config_filesystem" href="#">Next </button>
</div>
</div>
</form>Text Content
Thank you for checking out Cloud SSH Key and sudo management ! Cloud SSH Key and sudo management uses Javascript, but unfortunately it is disabled in your browser. Click here to learn how to enable Javascript. SERVER CONFIGURATION LOGIN Stay Logged In Login Forgot Password (local) Sign Up (local) Never log in on a machine that doesn't belong to you. USERIFY ENTERPRISE 6.1.1-2979 20 + New UX coming soon! The Userify dashboard is getting a facelift soon! Userify Enterprise 6.1.1-2979 Copyright © Userify Corporation SETTINGS CONFIRMATION STORE THIS INFORMATION IN A SAFE PLACE! Userify uses strong cryptography for storage of data in AWS. If you lose the keys on this page, your entire Userify system will be left in an irrecoverable encrypted state. All backups will be completely useless without this information. Store an offsite backup copy with your company security or risk management team. CONFIDENTIAL & MISSION CRITICAL THE ENCRYPTION KEY WITHIN THIS WIZARD CANNOT BE RECOVERED. PLEASE RECORD IN A SAFE PLACE. NAME DESCRIPTION VALUE File System Path The local filesystem where all data files will be stored. AWS Access Id The AWS access key to access S3 data (in any bucket). Bucket Name The name of the S3 bucket where your configuration data will be stored. S3 Bucket Region The region of the S3 bucket where your configuration data will be stored. Make sure this is right. Server Administrator Username This server special administrator username NOTE: This is NOT the same as your company administrator user account that you will create your first company with, which you will create by signing up as a regular user account. This account is only used to access the administrative control panel for the Userify Enterprise/Pro server itself. Crypto Key: DO NOT LOSE THIS KEY Encryption Key Proceed to Configuration BASE CONFIGURATION RETURN SERVER CONFIGURATION ADMINISTRATOR Please set the username and password for the account that will be used to manage this server. This is a special systems administrator account that exists outside of Userify itself and is only used to manage this server system configuration, such as cache and email settings. NAME DESCRIPTION VALUE Username This server special administrator username Password This server special administrator password (displayed) NEXT EXISTING CONFIGURATION FOUND Please provide the key to unlock this configuration. Note: If you are seeing this error without an existing config, then you may not have configured your IAM policy properly. NAME DESCRIPTION VALUE Crypto key Original Encryption Key BASE CONFIGURATION (S3) RETURN TO FS SELECTION BUCKET SETTINGS Don't forget to create the bucket and assign IAM permissions to this user. Example IAM policy. NAME DESCRIPTION VALUE AWS Access Id The AWS access key to access S3 data (in any bucket). AWS Secret Key The AWS secret key to access S3 data (in any bucket). Bucket Name The name of the S3 bucket where your configuration data will be stored. Don't forget to create it and set IAM permissions as mentioned above. This bucket name must not contain periods(.). S3 Bucket Region The region of the S3 bucket where your configuration data will be stored. Make sure this is right. US-Standard US-East-1 US-West-1 US-West-2 EU-West-1 EU-Central-1 AP-SouthEast-1 AP-SouthEast-2 AP-NorthEast-1 SA-East-1 SERVER CONFIGURATION ADMINISTRATOR This is a special systems administrator account that exists outside of Userify itself and is only used to manage this server system configuration, such as cache and email settings. NAME DESCRIPTION VALUE Username This server special administrator username Password This server special administrator password (displayed) NEXT Upgrade to Pro No projects yet; click New Project to create one. SETTINGS New Project UPGRADE No users yet; Invite another user. * Company * Projects * Users * Settings PROJECTS No visible projects yet. Click New Project to create one. USERS No users yet; click Invite User to invite someone. Name Notes Notes Utilization Update Card UTILIZATION January February March April May June July August September October November December 2022 2021 Load Delete Company Notes Enterprise User Manager Delete Settings Projects Users Toggle navigation * Welcome * Registration * High Scalability * Configuration * TLS/SSL Certificates * Reset Password * Hostname * TLS Certificates * Mail * Active Directory & LDAP * License Save Configuration and Restart Server WELCOME TO USERIFY! What's next: configure your server and click save. This will restart your server with the new configuration. PLEASE NOTE: The user account you just logged in with is for this server configuration dashboard only. Company administrators do not have the ability to do server administration. Because of this, you will be prompted to create your first company administrator after configuration, and then that administrator will create companies and invite users (and possibly appoint additional administrators). IMPORTANT: Back up your entire /opt/userify-server directory, including the base_config file, at least daily. Don't forget about this. Even if you backup the data files, they are encrypted with strong crypto and are useless without the key stored in the base_config file. Lost your encryption key? Don't worry - you can still recover it by logging in with SSH and accessing the /opt/userify-server/base_config.cfg file, which is a plain-text JSON file on your server. Data is very strongly encrypted, so if you lose this encryption key, you also permanently lose access to your data in S3 or the network filesystem. We recommend that you back up your base_config.cfg file and your S3 bucket (or network filesystem) for best results. Tip: you can move over to a completely new Userify server just by copying over that base_config and granting it access to the same S3 bucket or network filesystem that it was original created with, or just by providing the same encryption key. REGISTRATION Register below for free priority support and security alerts. COMPANY NAME Your company's name CONTACT NAME Your name CONTACT EMAIL Your email Comment Do you have a question, comment, or feature request? HIGH SCALABILITY AND HA SETTINGS What you need to know about scalability: Userify uses Redis for cache, shared state, and to synchronize across multiple nodes. Userify can handle hundreds of thousands of nodes with a suitable architecture. Although Redis is required for normal operation, the data in Redis can be lost or destroyed and Userify will recover critical data and configuration Just In Time from S3/disk. Architectural support is available from userify.com or support@userify.com. REDIS HOST The hostname for your Redis cache server. REDIS PORT The default is 6379. REDIS PASSWD Redis password (required by some services) REDIS DB The number of the Redis database to use (usually 0). LDAP/ACTIVE DIRECTORY What you need to know about how Userify handles AD/LDAP: Optionally, provide details of your Active Directory/LDAP server(s), or, to stop using AD/LDAP, blank the fields. Synchronization requires a non-administrative AD/LDAP user account. Click for Additional Documentation DN's are generally case insensitive, but USERNAME (if you choose to use it) is case sensitive and will be replaced by the user's provided username upon use. Active Directory configuration is OPTIONAL. You can use Userify without ever deploying AD/LDAP and users will be created locally. Also, Userify can still be used even if the AD/LDAP server temporarily goes offline. Authentication and search filters can be difficult to create. PLEASE contact support@userify.com if you run into configuration difficulties. NOTE: The search filter is used to search for other users, such as when you are inviting a user or the Status Check user is checking the status (such as disabled or locked out) of a user to synchronize AD to Userify. The Login template is used exclusively to login (and is used also by the status check user to initially log in to the AD server.) Useful fields for Active Directory filters to key on are sAMAccountName, which is usually the normal username for that user (joe_smith), or the userPrincipalName (aka UPN): joe_smith@corp.example.com. ALL LOGINS must have email (generally 'mail') attributes enabled in order to send invitations. AD/LDAP HOST (REQUIRED IF USING AD/LDAP) The hostname for your directory server(s). This should be a full resolvable hostname, IP address, or ldap[s]://hostname[:port] (not a WINS or NetBIOS name). SSL (ldaps) recommended. AD/LDAP STATUS CHECK USERNAME (REQUIRED IF USING AD/LDAP) A non-administrative username with read-only privileges. This must be an actual username and password on the AD/LDAP server. It is used to check other user accounts for deleted/disabled/locked out status. (Disabled/locked out flags only have a pre-defined meaning for AD.) AD/LDAP STATUS CHECK PASSWORD (REQUIRED IF USING AD/LDAP) Password for the non-admin user. AD/LDAP BASE DN (REQUIRED IF USING AD/LDAP) Active Directory: use the AD Realm such as DC=corp,DC=example,DC=com. LDAP: use a full DN such as: ou=users,dc=example,dc=com AD/LDAP USERNAME LOGIN TEMPLATE (REQUIRED ONLY IF USING LDAP) Active Directory: leave this blank. Windows notes: see help above. LDAP: If using a field other than 'cn' for username, provide a full DN for processing logins such as: uid=USERNAME,ou=users,dc=example,dc=com or a Windows-style UPN such as USERNAME@corp.example.com. LDAP SEARCH FILTER (REQUIRED ONLY IF USING LDAP) Active Directory: leave unchanged. (defaults to (&(objectClass=user)(sAMAccountName=USERNAME)) ). LDAP Examples: (&(objectClass=inetOrgPerson)(cn=USERNAME)) (&(CN=USERNAME)(!(objectClass=contact))) LDAP MAIL ATTRIBUTE NAME (OPTIONAL) The name of the attribute containing the user's email address Both Active Directory and LDAP (inetOrgPerson) call this 'mail', while some Active Directory schemas prefer userPrincipalName instead. MAIL SETTINGS REQUIRED SMTP (mail sending) must be configured for Userify to work properly. AWS and other cloud providers restrict or throttle outbound SMTP on port 25, so appending :587 to the SMTP server name is frequently required. The mail server name shown is correct for Gmail/Google Apps. Click here for step-by-step directions to set up Userify with Amazon SES. What you need to know about how Userify sends email: Userify uses standard SMTP to send email to invite users and notify them of changes to their account. TLS is required. Port 587 is recommended as many providers, including Amazon, throttle or block outgoing port 25. SMTP SERVER DISABLE TLS Disables TLS connections to the mail server. (warning: insecure) SMTP USERNAME SMTP PASSWORD SMTP FROM EMAIL ADDRESS SUBJECT KEY WORD Useful for mail filters, almost every notification email begins with this word in square brackets. [Userify] HOSTNAME Please configure the hostname that you would like to use with this Userify server. TLS CERTIFICATE CONFIGURATION Use Let's Encrypt Most secure: use Let's Encrypt to receive a free TLS (formerly SSL) certificate for the hostname of your choice. By choosing this, you certify that you agree to Let's Encrypt's terms of service. Please ensure before proceeding that: A DNS "A" record exists (such as userify.yourcompany.com) that is pointing at this server's IP. This server's IP is externally accessible on ports 80 and 443. Email for Let's Encrypt to let you know about certificate renewals/issues: Custom SSL/TLS Configuration Self-Signed Cannot be used to deploy servers. URLS AND SERVER SETTINGS What you need to know about how server settings: Be sure to adjust the URL (and your DNS services) to point at the hostname that matches the name in the URL below. Otherwise, these settings are probably correct at their guessed defaults. In most cases, the hostname should stay as the external IP address or Elastic IP address, but if you are deploying this server inside a VPC, you may wish to use the internal IP address of the server for the shim installation server and the shim configuration server. WEB SERVER URL The full URL to this server. This is pre-pended to password reset and invitation codes in emails, as well prepended to the shim installation path. SHIM INSTALLER SERVER The hostname (IP or name) of the API server that the shim installer.sh calls back to. This should almost always be the same as this server name or IP address. SHIM CONFIGURATION SERVER The hostname (IP or name) of the shim server that the shim calls into. This should almost always be the same as the shim_installer_server setting. SERVER CERTIFICATES Configure your TLS certificates here (optional) if you'd like the server to start on port 443. (Otherwise, the server will start on port 8120 and can be proxied with NGINX or another TLS/SSL server such as caddy2.) What you need to know about how server certificates: Userify uses TLS certificates to encrypt the connection between you and the server, and between client nodes and Userify. Although you can use self-signed certificates, it's much more secure to install a proper CA-signed certificates and will prevent MITM attacks between your server nodes and the Userify server. Installing certificates below will automatically trigger all newly configured client nodes to start checking certificates. Important to understand: if you ever want to revert back to self-signed, you will have to change the configuration file on all client nodes back to self-signed in order to make them stop checking certificates, so keep this certificate current. If this server is unable to start with your pasted key and certificate, the self-signed certificate will be used instead until you can correct the problem. It is very important that your hostname on the Server Settings tab match the hostname that is set in the certificate, or you'll get a mismatch error and shim clients will not be able to connect. (This is especially true for the shim_configuration_server and shim_installer_server setting.) Any previously configured shims may require hostname adjustments if they are configured to use a different name. For the certificate chain, paste the certificate chain that you received from your Certificate Authority with your certificate last. Place at least one blank line between certificates. Certificates (provided by your CA) begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----, and the secret key (from the server that originally generated the CSR) similarly begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----. Don't have separate certificates but have a combined .pem file? Paste the entire PEM file into either of the fields below and leave the other blank. You should have only one secret key and multiple certificates. Separate them by blank lines. Optionally include # comments on their own lines. These fields are optional and the server will used self-signed certificates if you leave them blank. Questions? Contact support@userify.com with your account ID. Checking this box will cause your server deployment recipes to not verify your server certificates. Warning: this is insecure. You can paste an SSL/TLS secret key and certificate below so that you can securely access your server; for example, https://userify.example.com. You should do this before deploying servers, so that they are pointing at the correct, secured hostname. It's recommended that you do not paste a key if accessing this configuration dashboard via an insecure (http instead of http) connection. You can instead update the base_config.yaml file directly. -------------------------------------------------------------------------------- SSL/TLS Secret Key TLS Certificates. USERIFY LICENSE KEY If your License expires or is blank, you'll be placed on a limited free license. Questions? Contact support@userify.com. License Key Please provide this license key to Userify Support and your license will be automatically provisioned. RESET SERVER ADMIN PASSWORD Leave this blank to keep your current password. Password will not be displayed. It can also be reset by pasting a new unhashed password into the sa_password field in /opt/userify-server/base_config.cfg on the server. New Server Admin Password USERIFY ENTERPRISE CO-BRANDING Replace the Userify logo with your corporate logo. Max size: half MB. Update Server Logo. Recommended: 180x50 PNG Upload Copyright © 2022 Userify Corporation SERVER CONFIGURATION LOGIN Login Unauthorized access prohibited. Return to primary login. ENTERPRISE USER MANAGER * Usergroups * Roles * Grants User Group New.. User groups generally have plural names. Users Please select a user group above to add or remove users. Role New.. Note: built-in roles cannot be edited. Roles generally have singular names. Permissions Please select a role above to adjust its permissions. Role New.. Grants link a role to one or more usergroups. User Groups Please select a role above to adjust its usergroups. Login Forgot Password (local) Sign Up (local) Never log in on a machine that doesn't belong to you. SERVER CONFIGURATION LOGIN Stay Logged In Login Forgot Password (local) Sign Up (local) Never log in on a machine that doesn't belong to you. USERIFY ENTERPRISE 6.1.1-2979 20 + New UX coming soon! The Userify dashboard is getting a facelift soon! Userify Enterprise 6.1.1-2979 Copyright © Userify Corporation BASE CONFIGURATION * Introduction * Crypto Keys * First User Account * Configuration * AWS Configuration Welcome to Userify! To prevent compromise of data stored in an S3 bucket, Userify encrypts all data except for usernames before storing to S3. The key used for this encryption (Salsa 20, a replacement for RC4) is automatically generated but must be backed up. WARNING! Your encryption key is irrecoverable, rendering all Userify data lost. Back up /opt/userify-server after this server initialization is complete. NAME DESCRIPTION VALUE Secret Key Automatically generated secret key. Using the crypto key on the prior page, Leave blank to not store encrypted configuration in S3. Finish Create a user account for the first user. This user will have Manage Server permissions. Please ensure this account has a valid email for notifications and resets. NAME DESCRIPTION VALUE Email Your Email address. (Not currently editable after install.) Your (Linux) Username This can be the same as email if desired (if your Linux supports this). (Not currently editable after install.) Password This is the password you will use to log into the web console. Please note: In Userify AWS, you are responsible for backing up your own disk configuration. Please back up the entire /opt/userify-server/ directory. DO NOT CLICK FINISH until you have the previous configuration pages correct, and any necessary S3 buckets created and permissions assigned. Skip to Login Main Menu ENTERPRISE ENTERPRISE Projects * 20 * * One moment please.. Loading.. SERVER CONFIGURATION MULTI-FACTOR AUTHENTICATION WHAT IS THIS? Two factor, also known as multi-factor authentication (2FA/MFA), require you to provide two or more factors to identify yourself when logging in, such as something you know, like a password or PIN, and something you have, such as your phone which is running a timed cryptographic key generator that generates a one-time password (OTP), which is usually in the form of a 6 digit number that expires every 30 seconds. Each time you log in at a new device, you will be prompted for a new code. MFA is no substitute for a weak password! What you need to know: Adding two factor authentication will require you to enter a code from your phone whenever you log in from a new device. Currently, you will need a smart phone to enable two-factor authentication running an authenticator, such as Google Authenticator or Red Hat's FreeOTP Authenticator (recommended: Android/ IOS ). We recommend FreeOTP as it does not rely on third-party QR scanners. Auth apps that synchronize codes are by definition less secure than ones that have codes wipe. Just open the app and use the built-in scanner on the displayed QR code. Tip: print this page (and QR code) and save somewhere safe. You should also save the backup code, which will let you in if you damage or lose your phone. BACKUP CODE Display Backup Code Cancel Disabling MFA revokes codes on all devices. none user root PROFILE Name Email Linux Username Preferred Shell /bin/bash /bin/sh /sbin/nologin /bin/false SSH Public Key Import from GitHub or GitLab . Need help? More than one? Just paste them in with a blank line between! Change Password Setup MFA Save Update photo. Max 32 MB JPEG. Upload Enable Logins (DISABLED) Delete Server Group Enterprise User Manager Rename Server Group Revoke Server Group API Keys View Servers Create Company PROJECT Premium Feature Grant and revoke individual user rights on this project. Add * blog * footer * user interface * user * post * edit Notes There aren't any server groups created yet... would you like to create one? Create Server Group SERVER CONFIGURATION WHAT'S USERIFY? Securely update your key across all servers in seconds. Admins can assign you new server privileges in two clicks. View your privileges and IP addresses of your servers. USERIFY ENTERPRISE 6.1.1-2979 20 + New UX coming soon! The Userify dashboard is getting a facelift soon! This is a secured installation. Unauthorized access is prohibited. SIGNUP Create Account I already have a login. One moment please.. INVITE USERS Please paste a comma-delimited, space-separated, or newline-separated list of users to invite to Userify. There is no limit except for your computer's memory to the number of users you can bulk invite. Please do not include names or any other data with the email addresses. Invite Users TIPS USERIFY ENTERPRISE If LDAP/Active Directory is configured, usernames may be used instead of emails. (Users must still accept invitations.) Inviting does not automatically grant any rights or privileges to the invited users except for the ability to see the company name and the list of users in the company. Project names and server groups will be invisible until invited users are granted access. You will not see them in your user list until they create an account and accept your invitation. If users already exist in Userify (perhaps as part of another company), they'll be instantly added to your company and you can grant access to them immediately. /bin/sh /bin/sh /bin/bash /bin/bash sh bash /bin/sh /bin/bash /bin/sh /bin/sh /bin/bash /bin/bash INSTANCE ID SECURITY CHECK TO VALIDATE YOUR ACCESS TO THIS INSTANCE, PLEASE PROVIDE THIS INSTANCE'S ID FROM THE WEB DASHBOARD. For AWS EC2 instances, the simplest way to do this is to check in the EC2 dashboard, but you can also check this instance ID by SSH'ing into the instance and typing: curl -s http://169.254.169.254/latest/meta-data/instance-id Check Instance ID WELCOME TO USERIFY! Over the next several screens, you'll set up your new Userify server. If you have any trouble, please don't hesitate to email us at support@userify.com. Next