CM.Track V2: System Access for CM.Track Users (Customers)

In the following chapter you will find detailed information about how to configure your ConSol CM system to grant access to CM.Track V2 (the ConSol CM portal) to your customers.

Precondition

CM.Track V2 is not part of every default shipment of ConSol CM. When you (your company) have purchased the license, you will receive a .war file which has to be deployed in the application server. Some minor modifications then have to be made in CM configuration files in the application server in order to operate CM.Track V2. This is all are explained in the ConSol CM Set-Up Manual.

The default function set of CM.Track provides basic functionalities (e.g., viewing a ticket list, creating a new ticket, seeing ticket details) and the pages have a CM standard layout. In order to use CM.Track as a powerful portal for customer access to the system, the layout should be adapted to a company's CD (corporate design), a process called Skinning. The forms and lists which are displayed for the customer might be modified and/or extended. Please contact our consulting team or your account manager if you would like to adjust CM.Track for your company in an optimal way.

CM.Track V2 Technical Background

The portal CM.Track is based on the REST API of ConSol CM. Please refer to the separate document ConSol CM REST API Documentation for details.

General Principle of System Access via CM.Track V2

A customer who wants, or should, have access to your ConSol CM system using the portal CM.Track has to have a login and a password. Both can be initially provided by the engineer who edits the customer data using the ConSol CM Web Client, or the values can be imported automatically into the database.

The fields for the login and password of customers are customer fields which are defined like any other customer field and which have special annotations. If you are not familiar with customer fields, please refer to section Customer Field Management and GUI Design for Customer Data.

The access permissions of the customer are defined by assigning a CM.Track user profile to the customer's account. The CM.Track user profiles are managed by the ConSol CM administrator using the Admin Tool.

Defining the User Profiles/Access Permissions for CM.Track V2

As one of the first steps, you have to define CM.Track user profiles, i.e., profiles of access permissions to CM.Track. A CM.Track user profile is defined like a regular engineer (please see section Engineer Administration for details), but is marked as Track.

The following example shows some CM.Track user profiles in the Admin Tool. You reach this screen by opening the navigation group Access and Roles, navigation item Engineers.

Figure 611: ConSol CM Admin Tool - Access and Roles, Engineers: User profile name for CM.Track

One or more roles are then assigned to the user profile to define the access permissions to queues and customer groups. For example you can set up a user profile (engineer) track_reseller that has the role TrackReseller. This role has read/write/append permissions for the queues FAQs_active, Helpdesk_1st_Level, Helpdesk_2nd_Level, ServiceDesk, and SpecialTasks and has customer group permissions for one customer group. Please note that

• always queue and customer group permissions have to be granted to allow ticket acces via CM.Track for customers
• you must assign matching queue and customer group permissions, i.e. assign queues where the respective customer groups have been assigned (see section Queue Administration).
• read permissions for customer groups will be sufficient in most (standard) cases, since it is not possible to edit customer data using the portal.
• write permissions for the "own" customer group are required for the customer to be allowed to reset his password

In our example, the role TrackReseller has read and write access to the Reseller customer group. You reach the following screens by opening the navigation group Access and Roles, navigation item Roles. In your system, it might be required to create different CM.Track roles with access to different customer groups. For a detailed introduction to role administration, please refer to section Role Administration.

Figure 612: ConSol CM Admin Tool - Access and Roles, Roles: User profile for CM.Track, queue permissions

Figure 613: ConSol CM Admin Tool - Access and Roles, Roles: User profile for CM.Track, customer group permissions

With this approach, a customer with the CM.Track user profile cmtrack_basiccustomers can only see and add comments to tickets from those queues. Another user profile might have access to Sales tickets and/or to an FAQ queue.

Defining the Customer Fields for CM.Track V2 Login and Password

The fields for login and password for a customer are regular customer fields at the contact level. Please see section Setting Up the Customer Data Model for an introduction to customer field management and GUI configuration for customer data.

Edit the fields which contain the customer data (if there are two levels: not the company level, but the contact level!) as demonstrated in the following example. You reach the following screen by opening the navigation group Customers, navigation item Data Models.

• One field for the login has to be created, annotation username = true.

  

  Figure 614: ConSol CM Admin Tool, Customers, Data Models - CM.Track: Annotation 'username' for login

  Assigning the annotation username to a customer field is only possible, if there is no previous assignment of this annotation. Otherwise it will be prohibited. When assigning it, a warning dialog must be confirmed before it is executed, since it can be a longer running operation. Un-assigning the annotation must be confirmed as well, because it cannot be undone: Un-assignment delete the username values unrecoverably from internal storage.

• One field for the password has to be created, annotation password = true. The annotation text-type = password guarantees that only stars/dots are displayed in the Web Client, not the clear text password.

  

  Figure 615: ConSol CM Admin Tool, Customers, Data Models - CM.Track: Annotation for password

  The annotation password requires confirmation when assigned.

  In case of an update from CM versions lower than 6.11 to 6.11 and up: When this annotation is set, the system reads the plain text passwords from the original field values, encrypts them and saves the encrypted values to the internal storage. Then the original field values are deleted and thus the plain text value cannot be recovered anymore.

  When trying to un-assign the password annotation the operation must be confirmed as well, since the encrypted passwords are deleted from the internal storage. After the annotation unassignment the password information is completely lost and cannot be recovered at all.

When a scenario from a CM version lower than 6.11 is imported into a system with CM 6.11 (or higher), a transformation of user names and passwords is performed automatically. This is described in detail in section Transformation of user name and password fields during import into CM 6.11 .

Granting Access to CM.Track V2 for Customers

The engineer working with the Web Client can then assign a user name, initial password, and a CM.Track user profile to every customer who should have access to the portal CM.Track. The user name has to be unique. This is checked by the system. You cannot enter a name a second time if this has already been assigned to another customer. The password is stored as encrypted string in the CM database. This means that an engineer can set a new password, e.g., when a customer calls and asks for this, but it is never possible to read the password from the system.

You, as an administrator, can define if the CM.Track user names should be case sensitive. Use the CM system property cmas-core-security, policy.track.username.case.sensitive. This is a boolean variable. When it is set to true, the CM.Track user names are case sensitive. Please make sure that the database collation which is in use supports case sensitive strings!

The following example shows the customer data of an example contact in the ConSol CM Web Client. You reach this screen by opening a contact data set in edit mode.

Figure 616: ConSol CM Web Client, contact page - CM.Track user data

Customer Login to the System

Then customers can log in to the system and see their tickets. Please refer to the ConSol CM User Manual, section CM.Track for a detailed explanation on how to work with ConSol CM as a customer.

There are two mechanisms for performing user authentication:

• simple authentication
• LDAP authentication

Please refer to section CM.Track V2: Authentication Modes for the Portal for details.

Figure 617: ConSol CM.Track - Customer login

Figure 618: ConSol CM.Track - Ticket list

Extended Customer Permissions to See Company Tickets

In some cases it might be required that customers log in to the ConSol CM portal CM.Track and have to have access not only to their personal tickets but to all tickets of their company. In this case, the role for the CM.Track user (user profile) should be assigned the permission Access tickets of the own company under Track User Permissions. Please refer to the section Role Administration for a detailed explanation.

Configure CM.Track V2 for Password Reset by Customers

Starting with ConSol CM version 6.10.5.4, CM.Track V2 can be configured to offer a hyperlink for customers where a customer can reset his password. This is based on the template track-password-reset-template. Please refer to section Password Reset Template for Customers Using CM.Track V2 for a detailed explanation. The password reset in CM.Track is only possible when the DATABASE mode is used. It is not possible when LDAP authentication is in operation. See section CM.Track V2: Authentication Modes for the Portal for the portal for an explanation of all possible authentication modes.

Please note that the Fromaddress of the email which is sent to a customer who has requested a new password can be set using the CM system property cmas-core-security, password.reset.mail.from, see Alphabetical List of System Properties for details.