This documentation refers to an old version of Accudemia 7.0 and has been replaced by Accudemia 9.0:
Accudemia 9.0 - Control Panel > User Accounts

Previous Article - Website Settings: Appearance and Themes | Table of Contents | Next Article - Website Settings: Terminology

User Accounts

Purpose: This section lets you customize security, user profiles, access rights, and other account-related information. This area is separated into the following 5 sections.
How to Access: Administration > Control Panel > User Accounts

Account Information

This section allows you to select the ID format, Alternate ID options, and general User Account creation options.

Users' ID Mask

To set up Users' ID mask use the following characters as mask-formatting characters:

  • 9 = only numeric
  • L = only letter
  • $ = only letters and blanks/spaces
  • # = only numeric and blanks/spaces
  • C = only custom characters (see note below)
  • A = only letter and custom (see note below)
  • N = only numeric and custom (see note below)
  • ? = any digit and blanks/spaces
These custom characters are accepted: dash (-), period (.), comma (,), slash (/) and backslash (\).
  • If you want to include a masked character “as is”, you can do it by preceding it with a backslash. ie. \? will display?
  • To repeat a masked character multiple times, put the number of repetitions between curly braces. For example, ?{15} will behave the same as ???????????????
ID Samples
MaskDescriptionAcceptsDoes Not Accept
999-99-9999Social Security Number123-45-6789ralflauren@college.edu
LLL-LL-LLLLAlphabetic Characters OnlyABC-de-fghi123-45-6789
$99$99$99Letters and Spaces Onlyb12 33b88ralflauren@college.edu
CCCCCCustom Characters Only/-/'12-8
AAAAALetters and Custom Characters Onlyad'/c12345
NNNNNNumeric and Custom Characters Only12'/4abcdf
?????????Any Character12/3ab--c
To enable the Student's Alternate ID for LDAP/SSO integration check the boxes that state: “Enable alternate ID support” & “Allow using an alternate ID from external access”

Set ID as mandatory - Use this option to avoid allowing users to create themselves without an ID number.

This is recommended as you'll have users with no way to be updated in the system via imports.
Alternate ID / SSO options

Enable alternate ID support - This option allows your Users to have a secondary ID which could be a card number for Magnetic Card readers or a secondary ID used for SSO (Single Sign-On).

Allow using an alternate ID from external access - This option allows your Users to use the secondary ID as well as the primary ID (which always is enabled) when logging into the portal using SSO.

Display alternate ID in reports - This option adds a button to reports that allow you to print the Alternate ID instead of the Student ID on reports in Accudemia.

At the moment this is only available in the Visitor History Report but we hope to integrate this option with more reports in the future.
Other Optional Requirements

Phone is required/Use Phone Mask - This option makes the Phone Number a required field so that when someone manually creates a User in the system they will have to include the phone number as well as the standard required fields (First Name, Last Name, and ID number). You can also choose to help them by creating a Phone Mask that could include a popular area code for your area such as: “(407) 999-9999” which would now pre-fill “(407)” and allow any numbers in the “999-9999” section when creating a User. This mask uses the same characters as above in the Users' ID Mask.

Email is required - This option makes the Email a required field so that when someone manually creates a User in the system they will have to include the phone number as well as the standard required fields (First Name, Last Name, and ID number).

Address is required - This option makes the Address a required field so that when someone manually creates a User in the system they will have to include the phone number as well as the standard required fields (First Name, Last Name, and ID number).

Password must meet complexity requirements - This option requires that Users create a complex-compliant password. Here are the rules it will use:

  • It must contain characters from at least two of the following categories:
    • UPPERCASE characters (A-Z)
    • lowercase characters (a-z)
    • Numbers (0-9)
    • Symbols (!,@,#,$,%,^,&,*,_,-,+, etc.)
Important! All passwords must be at least 8 characters long whether or not you use this setting.

Access Restrictions

This section allows you to give special permissions to the predefined User types (Students, Tutors, and Instructors) in Accudemia.

Students can access the sessions log screen - This option enables the Student to view the Session Logs screen (filtered on only them) as with the default settings they can only run reports on their visits when logged into Accudemia.

Non-administrators can edit own email address - This option allows non-administrators(students, tutors, instructors) to edit their own email address.

Make sure you understand the risks of allowing users to change their email address; if a user sets the wrong information, then Accudemia will not be able to send important notifications about the user sessions and activities in the system by email.

Tutors can edit their own schedule - This option allows Tutors the ability to create and make changes to their schedules. By default, a College or Center Administrator would make their schedule.

Tutors can view all sessions - This option allows Tutors to view all session logs instead of being filtered to only view their sessions with Students in the Session Logs screen.

By enabling this option a tutor can see all students that are in any waiting line regardless of the tutor they selected

Tutors can edit their own session comments - This option allows Tutors to edit the Session Comments they've made previously. This is not enabled by default.

  • Max hours for tutors to edit session comments: X - This option lets the Tutors set the time (in hours) that a tutor has to edit the comments of a session log. After the time expires the Tutor can only Add comments
Note: Leave blank to allow tutors to edit the comments indefinitely.

Tutors can bulk sign-in students - This option allows Tutors to manually sign-in Student(s) to the Center (individually or in a group).

Tutors can bulk sign-out students - This option allows Tutors to manually sign-out Student(s) at the Center (individually or in a group).

Tutors can sign themselves in and out from any screen - This option allows Tutors to manually sign in and sign out from any Kiosk.

Professors can edit Class attendance - This option allows Instructors to manually adjust the Roll Call screen for a Class in Accudemia. This is disabled by default as most Instructors will typically use the Sign-in Station option for the Classroom. Using a Sign-in Station in the Classroom the Student(s) can swipe in and swipe out on their own while the Sign-in Station cycles through the Classes based on the current time.

Display student ID in session logs, manage center screens, and others - Select whether users can see and filter by student ID in screens like Session Logs, Manage Center screen, New Appointment screen, or certain exports.

This feature applies to the “New Appointment” screen too, if unchecked the Appointment's participant's IDs do not show

Allow professors to access tutoring assessment reports - This option allows professors to run and view the tutoring assessment reports

Extended Profile

This section allows you to choose who these options are shown on. Typically this is stored profile information that is used to display additional information uploaded on the Student but they could be used to store information for other User types.

Communication

This section allows you to enable several communication options such as chat, SMS, and Email communications between users that are logged into Accudemia. You can enable Communication options that can help facilitate the introduction and talk about expectations for the first tutoring session in the Administration > Control Panel > User Accounts section of Accudemia.

Enable messaging - This option enables a messaging feature (via e-mail) that appears at the bottom of the screen when a User is logged into Accudemia.

Enable chat - This option enables a chat (Instant Messaging) feature that appears at the bottom of the screen when a User is logged into Accudemia.

Enable communication in sign-in stations - This option enables both the chat (Instant Messaging) and messaging (via e-mail) features when a User is logged into Accudemia from a computer designated as a Sign-in Station.

Enable communication between students - This option allows Students to use the communications options to message and chat with each other.

Center administrators' e-mail address(es) - This option allows you to set up an e-mail address for Users that have questions regarding the questions about the appointments setup or problems they are having in the system. Engineerica Systems does not support other users that are not listed as Technical Contacts so this option allows those other Users to get help.

You can use a comma to separate e-mail addresses if you want these messages to be forwarded to more users than one when the Students, Tutors, or Instructors click the 'Contact center administrator' button at the top of their login screen.

Denotes a College-level only setting because it affects the interface that all users see in Accudemia.

The Communications Bar

Depending on the options enabled the users who have access will now see a communications bar at the bottom of the Accudemia interface as shown below:

Sending a New (Email) Message

This New Message button on the Communications bar allows sending messages between users. This module displays a “New Message” pop-up window to create a new message. To create the message:

  1. Search for and select the user's full name (or ID).
    NOTE: You may have to click on the search category to find the user which includes:
    • Contacts (default): Allows you to send messages to anyone you've added as a contact in the Chat System in Accudemia.
    • Everyone: Allows you to send messages to anyone in Accudemia.
    • Groups: Allows you to send messages to any group of people in Accudemia.
    • Classes: Allows you to send messages to any class of Students in Accudemia.
  2. Type the Subject for the email message and type your Message to the selected user(s).
  3. Then click the Send button to send it.
Accudemia should now show the messages sent to the email account of the users in the Inbox section. Additionally, when a message has been sent to you there will be a prompt to check your inbox.
If the user does not have an email or the message cannot be sent you may get this error:
For security reasons and our policy this Search option only displays Full Name

Sending a New (SMS) Text Message

This New Text Message button on the Communications bar allows sending SMS Text messages between users. This module displays a “New Text Message” pop-up window to create a new message. To create the message:

  1. Search for and select the user's full name (or ID).
    NOTE: You may have to click on the search category to find the user which includes:
    • Contacts (default): Allows you to send messages to anyone you've added as a contact in the Chat System in Accudemia.
    • Everyone: Allows you to send messages to anyone in Accudemia.
    • Groups: Allows you to send messages to any group of people in Accudemia.
    • Classes: Allows you to send messages to any class of Students in Accudemia.
  2. Type your Message to the selected user(s). NOTE: The message will need to be brief to fit in one SMS text message. In other words, you'll need to limit the message to less than 255 characters as the Accudemia system will only send one SMS text message at a time.
  3. Then click the Send button to send it.
If the message sends successfully you will see this pop-up displayed in the top-right of the screen:
For security reasons and our policy this Search option only displays Full Name

Inbox

This area simply displays a copy of all messages received from other users who sent messages in Accudemia. Simply click the Subject line to read and reply to the email.

You can click the New Message button in the top-right of this screen to send a new email message.
For security reasons and our policy this Search option only displays Full Name.

Using the Chat System

Click the Chat button to see your contacts list.

  1. To add new contacts, click Add Contacts at the bottom of the application.
  2. An Add Contact pop-up window will display the option to search through all Accudemia users.
  3. Click Add to send an invitation to the selected user you want to be a Contact.
  4. Now, simply wait for them to accept your invitation (or call them and tell them to accept it).
Once they've accepted you simply click on their name in the Contacts list and click the Start Chat option near their name. You're all done now so you can start chatting away with your staff and coworkers!
If you need to clean up the list of Contacts you can simply click on their name in the Contacts list and click the Delete (trashcan icon) option near their name.
If the user is not online (indicated by a red circle) it will be sent to them the next time they log into Accudemia. You may want to send an email or text message instead if the question is urgent. The green circle will indicate someone is online to chat now.

SAML 2.0 Single Sign-On


This new feature to authenticate users using the SAML protocols for SSO to simplify password management and increase security that will allow your students to log in to Accudemia from your college portal rather than a separate webpage/URL should be relatively easy to set up in Accudemia.  And here's how:

Configuring Accudemia

1. Login to your school's https://<mycollege>.accudemia.net website using your domain in place of the <mycollege> and admin credentials provided.





2. Now to enable this option, you can access the setup under Administration > Control Panel >  User Accounts section form the left-side navigation menu.





3. In the User Accounts page of your Accudemia website, scroll down to the SAML Single Sign-On section. Here you'll enable SSO by checking the checkbox labeled "Enable SAML SSO".

You'll need to set the Identity Provider URL, Public Certificate, and Logout URL to Accudemia so it knows where the users will be coming from and directed after they logout.  Optionally there are other things you can do if needed too such as an error page and alternate ID use (if uploaded into Accudemia specifically for SSO).  For the logout URL, typically you would use the logout URL provided by the IDP(like Azure), however sometimes that URL does not work correctly, in this case, you want to try updating the logout URL by adding this additional text at the end: "?wa=wsignout1.0", "/wsfederation?wa=wsignout1.0" (if the logout URL ends with /saml replace it with "/wsfederation?wa=wsignout1.0"). Another option is to use this URL "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0" but in this case, it would sign out from all APP using SSO // Please make sure the certificate is in "PEM" format as explained here: [[https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail]] Here is an sample of this completed:





4. Once done completing this section please be sure to save this information at the top of the page by clicking on the  Save Changes button.





Done!  Now to test it goes out to your portal that you have set up for users and attempts to log in using your credentials or a test user account.


Configuring your IdP / SAML Server

To configure your Identity Provider (IdP), you need the Accudemia SAML Metadata. You can find it in:

https://<your-domain>.accudemia.net/saml/metadata.aspx

Once you have entered the metadata in your IdP, you will need to set it up to send the user ID or alternate ID in the NameID field, under the Subject tag.  It's important to note that the NameID doesn't have to an attribute, but the tag that's defined under the Subject node/tag in the XML. If you look at the SAML authentication request, it should look like this:

  1. <saml:Subject>
  2.      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">111-11-1111</saml:NameID>
  3.      ...
  4. </saml:Subject>

Configuring Active Directory Federation Services (ADFS)

In order to send the NameID in the Subject tag, you need to go to AD FS Management, navigate to Trust Relationships > Claims Provider Trusts, then right-click on your provider and select Edit Claim Rules:



Then click Add Rule and add the following rules:


First, to send the LDAP attribute as a claim, create a rule of type "Send LDAP Attributes as Claims".  Set the attribute you want to use to authenticate from your AD. For example, the Employee Number:



Then, create a second rule. This time, select "Transform an Incoming Claim". in another rule transform the NameID to the Subject:



For more information you can also checkout this video:


For any questions regarding this new feature, please contact our support team at support@accudemia.com or simply Submit a Ticket on this site.




CANVAS SSO Single Sign-On

This feature allows Accudemia to authenticate users using CANVAS SSO. It simplifies password management and increases security. This section will explain how to do this.

Previous knowledge of Canvas will be required for this article.

Configuring Accudemia 1. Log into Accudemia with an administrative account.

2. Go to Administration > Control Panel > User Accounts from the navigation menu at the top of the screen.

3. Scroll down to the Canvas SSO section and copy the “Canvas Developer Key - Client ID string (this is automatically generated, see an example highlighted below).

Copy the generated Developer Keys in the Client ID field (highlighted here), we will paste this key in Step 5.

4. Go to your Canvas portal and create a new Developer Key (API Key)

Some content has been blurred for privacy purposes in this screenshot.

5. Create the new developer Key using the information copied from Accudemia in step 3 above.

Some content has been blurred for privacy purposes in this screenshot.

5.1- Set a name for this key (typically you want to include the App name and any other relevant data) 5.2- Set an email (typically you want to have the administrator email for the app) 5.3- Paste here the key copied in step 3 (the key generated by Accudemia for the integration with Canvas) 5.4- Paste here the key copied in step 3 (the key generated by Accudemia for the integration with Canvas) again. 5.5- Save all changes

6. Copy some information from the Developer Key screen in Canvas to Accudemia's Canvas SSO page.

Some content has been blurred for privacy purposes in this screenshot.

Here see side by side both configuration pages, the Canvas “Developer Key” screen on the left, and the Accudemia “Canvas SSO” page on the right, the arrows indicate which value from Canvas goes to Accudemia, notice that this is the Developer Key we just created from step 5.

6.1 - Canvas URL: Copy your Canvas system URL to the field “Canvas URL” in Accudemia

6.2 - Copy the Canvas Client ID to the field “Canvas Developer Key - Client ID” in Accudemia.

6.3 - Click the “Show Key” option on the Canvas “Developer Key” screen to display a string(the actual key) that needs to be copied to the field “Canvas Developer Key - Client Secret” in Accudemia.

6.4 - This prefix could be any string, such string would be attached to the Canvas unique identifier number that is returned when a user logs in through the Canvas portal, in this example, when the user with identifier #1 in Canvas logs in the value would read “CANVAS1”, the prefix being “Canvas” and “1” the unique identifier for that user. 6.5 - Set a logout URL, this is the URL you want users to go to after logging out of Accudemia.

6.6 - Enable Canvas SSO so users can start using this method of authentication.

6.7 - Test several users to make sure it all works as expected. notice that even if Canvas SSO is enabled you can use this link to sign in using Accudemia credentials instead of SSO credentials: https://YOURDOMAIN.accudemia.net/LoginForm.aspx where you need to change YOURDOMAIN with the real domain you are using in Accudemia.

Please notice that each user in Accudemia must have a Canvas unique ID value loaded in any of their profile “Alternate ID fields” for them to be able to log in using Canvas SSO. Following the previous example the user with unique identifier #1 in Canvas, following the prefix concatenation to form the value “CANVAS1” must have such value in any of the Secondary ID or Other ID fields, as seen below the “CANVAS1” value which works as an identifier to the Canvas SSO process is on his Secondary ID field, so basically this user “Jorge Rodriguez” would log in through Canvas and then Canvas would provide the value “CANVAS1” to Accudemia as an identifier, so Accudemia can search which user in the system has that value “CANVAS1” in any of the Alternate ID fields, once Accudemia finds that value in the user “Jorge Rodriguez” then Accudemia would grant the permissions to this user to go in Accudemia.


Previous Article - Website Settings: Appearance and Themes | Table of Contents | Next Article - Website Settings: Terminology