Skip to content

New Identity set up for Contour 8.1 node

This guide is to get ready new identity setup, with assumption that Contour v8.1 is running on the node.

New Identity setup consistis of the following steps:

  • Request to create the new identity
  • Create identity admin users
  • Create new roles
  • Invite new users

Step 1. Request to create the new identity

For Staging/UAT testing environment, please raise a request to create new identity via the Contour Support Portal with below information.

For Production environment, please reach out Contour Sales team to create new identity with below information.

  1. The node name or node X500 name under which the new identity will be created
  2. Identity name
  3. Company legal name
  4. Identity registered address
  5. Location / City and Country
  6. Technical contact email (optional)
  7. SWIFT/BIC code or LEI code (optional)

Contour support team will inform you once the new identity is created.

Step 2. Create identity admin users

Once the new identity is created, the identity admin role will be created automatically, named as new-identity-name admin.

To add a new identity admin user, the action must be taken by 2 Node admin users in a request-approve manner. Node administrators are able to login to the Contour Admin Console via

https://your-site-name/ui/nodeadmin/login

Part 1: First node administrator (Request)

  1. Click on Admin Users at the side panel
  2. Click + Add admin users
  3. Enter email addresses of up to 10, and select user role to be assigned to the user
    • Important to ensure the accuracry of the email addresses as invitation link will be sent to the email addresses.
  4. Click Add.

Now, the user invitation is pending second administrator to review and approve, listed under the Requests tab.

Part 2: Second node administrator (Approve)

  1. Click on Admin Users at the side panel
  2. Click into the newly invited user, and review
  3. Click on Approve

For users that already exists on Contour, the user will now have the roles updated and receive an email notification for updated roles.

For new users, the user will be created and receive an invitation email with an activation link to create their account and set their own password.

Note:

  • The activation link is one-time use, expiries after the user created the account successfully.
  • The activation link is valid for 1 week from the moment it is generated.

Resend invitation if activation link expires.

Step 3. Create new roles

To create a new user role, the action must be taken by 2 Identity admin users in a request-approve manner.

Part 1: First administrator (Request)

  1. Click on Gear icon on the top right, then "User roles"
  2. Click on Add role
  3. Fill in the form
    • User role name: name of the role
    • Map to LDAP group (option): only applicable if Single sign-on or LDAP integration is enabled, mapping the role to a Active Directory group
    • Product: access to the products
    • Business transactions: view, make, check, approve
  4. Click on Preview, then Confirm

Now, the role creation is pending second administrator to review and approve, listed under the "Pending" tab.

Part 2: Second administrator (Approve)

  1. Click on Gear on the top right, then "User roles"
  2. Click into the newly created user role, and review
  3. Click on Approve, then Submit

Now, the role has been created successfully and become active, listed under the "Members" tab. Administrator can start assigning the role to individual users.

To finish a transaction in Contour, you will need create role for maker, checker and approver.

Step 4. Invite new users

To invite a new user, the action must be taken by 2 Identity admin users in a request-approve manner.

Part 1: First administrator (Request)

  1. Click on Gear on the top right, then Users
  2. Click Invite user
  3. Enter email, and select user role to be assigned to the user
    • Important to make sure correct email address, invitation link will be sent to the address once the user is created.
    • Contour has flexible 3-Level approval process: maker > checker > approver. If only 2-Level approval required, you can select 1 user (A) as "maker", and another user (B) as the "checker + approver".
  4. Click Confirm.

Now, the user invitation is pending second administrator to review and approve, listed under the "Pending" tab.

Part 2: Second administrator (Approve)

  1. Click on Gear on the top right, then Users
  2. Click into the newly invited user, and review
  3. Click on Approve, then Submit

For users that already exists on Contour, the user will now have the roles updated and receive an email notification for updated roles.

For new users, the user will be created and receive an invitation email with an activation link to create their account and set their own password.

Note:

  • The activation link is one-time use, expiries after the user created the account successfully.
  • The activation link is valid for 1 week from the moment it is generated.

Resend invitation if activation link expires.

How many identities the node can hold?

The performance testing is executed to figure out how many identities one node can hold. The testing is designed by concurrent users for multi identity feature. We concluded that it should limit to maximum 100 concurrent users based on the server resource we recommend here. Assumed one identity has 10 concurrent users normally, we recommend to create maximum 10 identities under one node.