.. include:: ../variables.rst

Authentication
==============

.. figure:: /images/banners/hospitalbuilding.jpg
   :align: center
   :width: 100 %
   

|br|

Users
-----

To access the user menu click on :blue:`Account` | :blue:`Users`.

.. figure:: /images/web/user.list.png
   :align: center
   :width: 100 %

|br|

User Detail
^^^^^^^^^^^

.. figure:: /images/web/user.detail.png
   :align: center   
   :width: 100 %

|br|

Roles
-----

|APPNAME| controls users access through a set of roles.  The roles contains all the permission assignments.  
Each user can be assigned to a role depending on the access required.

Typically |APPNAME| comes preconfigured with two roles:

* HH Administrator
* HH Observer

To fine tune access for different users, you can define additional roles and limit access to functionality, and a users ability
to audit in certain units.

.. figure:: /images/web/role.list.png
   :align: center  
   :width: 100 %

|br|

Role Detail
^^^^^^^^^^^

The role detail screen is seperated into three parts:

* The Role Definition
* The Permission Matrix
* The Unit Permissions

.. figure:: /images/web/role.detail.png
   :align: center  
   :width: 100 %

|br|

Active Role
"""""""""""

The Active Role check box can be used to enable or disable an entire group of users from accessing |APPNAME|. 
Generally the Active Role check box should be checked. 

Role Type
"""""""""

|APPNAME| has a number of predefined role types they are:

* Standard
* Administrator


.. warning::

   Any auditor only accounts should be set to Standard.  This roles resticts access to critical features, that an auditor would 
   never neet.  

Auto Expire Accounts 
""""""""""""""""""""

|APPNAME| will automatically expire user accounts that are part of the role where the expiry date 
specified in the users profile has expired. 

Allow Logins
""""""""""""

if Auto Logins is disabled |APPNAME| will prevent any user with this role from logging in.

Allow Audit Backdating 
""""""""""""""""""""""

The Allow Audit Backdating allows users in this role to enter a previous date in |AUDITSOFTWARE| when starting an audit.

|br|

Role Permission Matrix
^^^^^^^^^^^^^^^^^^^^^^

.. figure:: /images/web/role.detail.permissions.png
   :align: center  
   :width: 100 %

|br|

Role Unit Permissions
^^^^^^^^^^^^^^^^^^^^^

If you would like to limit a specific role to one or more units.  
Place a check mark for the unit to include, and leave it unchecked if you want to prevent a group of users 
from auditing in that unit.

.. figure:: /images/web/role.pca.permissions.png
   :align: center  
   :width: 100 %

|br|

Auditor Groups
--------------

User categories allows administrators to group users together, so audits completed by a group can be reported or 
displayed as a single data set. For example auditors that are part of Infection Prevention and Control team could 
report hand hygiene compliance rates based on the auditing they completed, while still allowing Hand Hygiene 
Champions to contribute and report their own auditing results. To view the current user categories 
go to :blue:`Authentication` | :blue:`Users Categories`. 

The user category screen shows the currently defined categories. The users that are part of each 
category is shown in the Assigned Auditors column. The compliance for each group is also shown. 
The compliance period is based on the period drop down selection shown above the list. Users can select 
any predefined period and the compliance column will automatically update.

.. figure:: /images/web/user.groups.png
   :align: center  
   :width: 100 %

.. :note::
    Any uncategorized users are shown at the bottom of the list. Administrators can click on those users to
    be taken directly to that users detail page so it can be modified. 

|br|

Creating a User Category
^^^^^^^^^^^^^^^^^^^^^^^^

.. figure:: /images/web/user.group.detail.png
   :align: center
   :width: 100 %

|br|
To create a category go to :blue:`Authentication` | :blue:`Auditor Groups`. From the action drop down select :blue:`Add a User Category`. 
Set the state of the category to Active, give it a name, and a description (optional). Finally check the Include 
in Dashboard check box if the data from this category is to be included in the dashboard.

Deleting a User Category 
^^^^^^^^^^^^^^^^^^^^^^^^

To delete click on the trash icon. The trash can icon will only be enabled if the category is disabled. All users 
assigned to the category will be moved to uncategorized. 

Default User Category  
^^^^^^^^^^^^^^^^^^^^^

Any user category can be marked as the default category. Any new users added to |APPNAME| will automatically 
be set to the default category if one is not explicitly set for it.  |APPNAME| will automatically add a Default 
User Category called "Default User Category" if one does not exist. It will also automatically assign any users 
not currently a member of any other defined user category to the default category. Attempting to delete the default 
category will only result in |APPNAME| recreating it and assigning all users to it

How To Use
^^^^^^^^^^

* Create User Categories (:blue:`Authentication` | :blue:`Auditor Groups`.  select Add sAudit Group from action dropdown.)
* Assign Users to new categories (:blue:`Authentication` | :blue:`Users` select a user)
* Create (or modify) a Report Definition to include a User Category.
* Execute the Report

LDAP / Active Directory
-----------------------

This feature is only available for on premise deloyments with |APPNAME| |UEDITION| edition, 
for more information about LDAP/Active Directory support contact us at |SUPPORTEMAIL|.