katxeus/npis-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new base npis-docs

Browse Source
This commit is contained in:
katxeus
2025-10-16 09:01:38 +03:00
parent 6a64eac91c
commit d2961071d9
62 changed files with 14836 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/user-guide/admin/admin-console/admin-console-login.mdx Normal file
View File

@@ -0,0 +1,31 @@
---
sidebar_position: 1
sidebar_label: 'admin console login'
---
# Admin Console
Its users granted with the superuser admin role(those within the admin user group) who interact with the NPIS-IAM's backend configuration interface called the **admin console**. It is preconfigured with an admin account out of the box. This account will allow you to create an admin that can log into the master realms administration console so that admin can start creating realms, users and register applications to be secured by NPIS-IAM.
## Video Tutorial
import videojs from 'video.js';
<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/login.png" >
<source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
</video>
## Reference instructions
Please follow the instructions below:
### login
The NPIS server is accessible at **npis.go.ug**, and the admin user accesses the admin console at the http://npis.go.ug:8080/auth/ URL or directly to the login http://npis.go.ug:8080/auth/admin URL.
![NPIS Admin console login](/img/user-guide/admin-console-login.png)
Click the **administration console** link on the Welcome Page and enter the **username** and **password**.
![NPIS Admin console login](/img/user-guide/login.png)
The left drop down menu allows the admin to pick a realm they would want to manage or to create a new one. The right drop down menu allows the admin to view admin user account or logout. Simply hovering the mouse over any question mark ? icon reveals about a certain feature, button, or field within the Admin Console, This will pop up tooltip text to describe the area of the console interested in. The image below shows the tooltip in action
![NPIS Admin console login](/img/user-guide/admin-console.png)

38
docs/user-guide/admin/admin-console/create-realm.mdx Normal file
View File

@@ -0,0 +1,38 @@
---
sidebar_position: 1
sidebar_label: 'create realm'
---
# Realms
The core concept in NPIS-IAM is a Realm. A realm secures and manages security metadata for a set of users and registered clients. Users can be created within a specific realm within the Administration console. Roles (permission types) can be defined at the realm level and the admin can also set up user role mappings to assign these permissions to specific users.
## Video Tutorial
import videojs from 'video.js';
<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/create-realm.png" >
<source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
</video>
## Reference instructions
Please follow the instructions below:
### The Master Realm
NPIS_IAM is preconfigured with a pre-defined realm. This initial realm is the **master realm**. It is the highest level in the hierarchy of realms. Admin accounts in this realm have permissions to view and manage any other realm created. The initial admin account, is created in the master realm. Also, the initial login to the admin console will also be via the master realm.
The master realm isn't to be used to manage the users and applications in NPIS. It is reserved to be used for super admins to create and manage the realms in NPIS. Following this security model helps prevent accidental changes and follows the tradition of permitting user accounts access to only those privileges and powers necessary for the successful completion of their current task.
<!-- It is possible to disable the master realm and define admin accounts within each individual new realm you create. Each realm has its own dedicated Admin Console that you can log into with local accounts. -->
![NPIS Admin console login](/img/user-guide/create-realm.png)
The left drop down menu allows the admin to pick a realm they would want to manage or to create a new one.
Creating a new realm is very simple. Mouse over the top left corner drop down menu that is titled with Master. If you are logged in the master realm this drop down menu lists all the realms created. The last entry of this drop down menu is always Add Realm. Click this to add a realm.
![NPIS Admin console login](/img/user-guide/new-realm.png)
This menu option will bring you to the `Add Realm` page. Adding a new NPIS realm requires the admin to fill a mandatory name field, checking an option enable button which straight away enables the realm, click the `Create` button. Alternatively you can import a JSON document that defines your new realm. This will be provided later in more detail in the **Export and Import** subsection.
After creating the realm you are brought back to the main Admin Console page. The current realm will now be set to the realm you just created. You can switch between managing different realms by doing a mouse over on the top left corner drop down menu.

52
docs/user-guide/admin/admin-console/email-settings.mdx Normal file
View File

@@ -0,0 +1,52 @@
---
sidebar_position: 1
sidebar_label: 'email settings'
---
# Email Settings
NPIS-IAM sends emails to users to verify their email address, when they forget their passwords, or when an admin needs to receive notifications about a server event. To enable NPIS_IAM to send emails the admin needs to configure SMTP server settings. This is configured per realm.
## Video Tutorial
import videojs from 'video.js';
<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/email-settings.png" >
<source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
</video>
## Reference instructions
Please follow the instructions below:
### Email Tab
As emails are used for recovering usernames and passwords its recommended to use SSL or TLS, especially if the SMTP server is on an external network. To enable SSL click on Enable SSL or to enable TLS click on Enable TLS. You will most likely also need to change the Port (the default port for SSL/TLS is 465).
If your SMTP server requires authentication click on Enable Authentication and insert the Username and Password.
![NPIS Admin console login](/img/user-guide/email-settings.png)
* Host
- Host denotes the SMTP server hostname used for sending emails.
* Port
- Port denotes the SMTP server port.
* From
- From denotes the address used for the From SMTP-Header for the emails sent.
* From Display Name
- From Display Name allows to configure a user friendly email address aliases (optional). If not set the plain From email address will be displayed in email clients.
* Reply To
- Reply To denotes the address used for the Reply-To SMTP-Header for the mails sent (optional). If not set the plain From email address will be used.
* Reply To Display Name
- Reply To Display Name allows to configure a user friendly email address aliases (optional). If not set the plain Reply To email address will be displayed.
* Envelope From
- Envelope From denotes the Bounce Address used for the Return-Path SMTP-Header for the mails sent (optional).

41
docs/user-guide/admin/admin-console/ssl-mode.mdx Normal file
View File

@@ -0,0 +1,41 @@
---
sidebar_position: 1
sidebar_label: 'ssl'
---
# Secure Socket Layer/Transport Layer Security
Each realm has an SSL Mode associated with it. The SSL Mode defines the SSL/HTTPS requirements for interacting with the realm. Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they will not be allowed to interact with the server.
## Video Tutorial
import videojs from 'video.js';
<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/ssl-mode.png" >
<source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
</video>
## Reference instructions
Please follow the instructions below:
### SSL Mode
NPIS-IAM generates a self-signed certificate which unfortunately isn't secure, and shouldonly be used for testing purposes installing a CA-signed certificate in NPIS-IAM itself or on areverse proxy in front of the NPIS-IAM. The NPIS admin is advised to procure a **wildcard** for the domain npis.go.ug from a credible certificate authority.
![NPIS Admin console login](/img/user-guide/ssl-mode.png)
To configure the SSL Mode of a created or existing realm, the admin needs to click on the Realm Settings left menu item and go to the Login tab.
The **Require SSL** option allows you to pick the SSL Mode you want. Here is an explanation of each mode:
* external requests
- Users can interact with NPIS-IAM without SSL so long as they stick to private IP addresses like localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. Any attempt to access NPIS-IAM without SSL from a non-private IP address you will get an error.
* none
- NPIS-IAM does not require SSL. This should really only be used in testing
* all requests
- NPIS-IAM requires SSL for all IP addresses.