Welcome
Managing Security
HCL DevOps Deploy (Deploy) uses a flexible team-based and role-based security model that maps to your organizational structure.
Authentication realms
Authentication realms manage users and determine user identity within authorization realms for the server.
Locking and deleting user accounts automatically
As part of your secured user account management process, you can configure the system to lock and delete idle or inactive users automatically.

Release Notes
This section includes what's new, defect fixes, and deprecations and removals in all releases.
System Requirements
This document includes information about the hardware, containers, prerequisite software, supported operating system, and database requirements with component level detail for the HCL DevOps Deploy (Deploy).
Getting Started
Quickly become productive with HCL DevOps Deploy (Deploy).
Installing
A HCL DevOps Deploy (Deploy) installation consists of a Deploy server, a database server, and at least one agent.
Upgrading and Migrating
Stay updated with latest features and functionalities by upgrading HCL DevOps Deploy (Deploy) server, agents, and relays. This section also provides instruction on how to migrate your Deploy instance.
Integrating
HCL DevOps Deploy (Deploy) supports integrations with other IBM® and HCL products, products from others, and certain cloud systems.
Administering
Learn how to administer settings in HCL DevOps Deploy (Deploy) elements and communication between the elements.
Managing Security
HCL DevOps Deploy (Deploy) uses a flexible team-based and role-based security model that maps to your organizational structure.
- Guidelines for setting up server security
  Although there is no single best way to set up security for the server, the following steps are sufficient in most cases.
- SSL configuration
  With Secure Sockets Layer (SSL) technology, clients and servers can communicate securely by encrypting all communications. Data is encrypted before it is sent and decrypted by the recipient. This communication cannot be deciphered or modified by third-parties. In addition to encryption, SSL can also support authentication.
- Encryption key tools
  Using the encryption key tools, you can manage your encryption keys.
- Authorization realms
  Use the Authorization Realms pane to create authorization realms and user groups for the server. Groups can be imported from external systems, such as LDAP.
- Authentication realms
  Authentication realms manage users and determine user identity within authorization realms for the server.
  - Creating authentication realms
    To create an authentication realm on the server, specify where to store user information, such as internal storage on the server, a single sign-on service, an LDAP server, or in OpenID Connect.
  - Creating users manually
    You can manually create users on the server for internal security and SSO type authentication realms.
  - Importing LDAP users
    On the server, LDAP authentication realm users are imported from external LDAP systems.
  - Updating LDAP users and groups
    LDAP users' name, addresses, and groups can be updated.
  - Editing user information manually
    You can manually edit the stored name, email address, password, and additional settings for user accounts on the server for internal security realms. For an SSO authentication realm, name and email address are passed in via HTTP headers (for example, from an HTTP proxy that is translating Kerberos tokens into HTTP headers).
  - Locking and deleting user accounts automatically
    As part of your secured user account management process, you can configure the system to lock and delete idle or inactive users automatically.
- Roles and permissions
  A role is a list of permissions that users have on the HCL DevOps Deploy (Deploy) server. These permissions include the ability to create, edit, and delete objects, such as applications, environments, and components. The permission also includes the parts of the server interface that users can access.
- Secret stores
  You can store user credentials in Hashicorp Vault and integrate with HCL DevOps Deploy (Deploy) to retrieve values from the Vault.
- Security teams
  Users and groups on the server are assigned roles when they are added to teams.
- Security types
  Security types define categories of objects on the server. You can put all objects into a single category, or you can put them in separate categories and give roles different access rights to different categories.
- Tokens
  Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL DevOps Deploy (Deploy) server and external services.
Modeling Software Deployment
Modeling software deployment in HCL DevOps Deploy (Deploy) includes configuring components and component processes and adding those components to applications. Then, you use processes to deploy the components to environments.
Deploying
Learn how to deploy applications in HCL DevOps Deploy (Deploy).
Reporting
Provides several different deployment and security reports.
Extending Product Function
Learn how to extend the function of HCL DevOps Deploy (Deploy).
Troubleshooting and Support
Learn how to troubleshoot some common issues with HCL DevOps Deploy (Deploy).
Security Considerations
You can act to ensure that your installation is secure and set up user access controls.

Locking and deleting user accounts automatically

As part of your secured user account management process, you can configure the system to lock and delete idle or inactive users automatically.

Before you begin

You must have the following role permissions:

Web UI > Settings Tab
Server Configuration > Edit Basic System Settings
Server Configuration > View Users

About this task

A user account is considered idle or inactive if the user has not logged in for a specific duration. You can configure the system to lock these accounts after a specific duration and further delete them, if neccessary.

Procedure

On the Web UI, go to Settings > System Settings > Security settings.
Specify the number of days users must be inactive before their accounts are locked in the User Idle Days to Lock field.

Note: You can leave the field empty or set the value to 0 to disable locking of the user accounts.
Specify the number of days users must be inactive before their accounts are deleted in the User Idle Days to Delete field, .
The value must be greater than the value specified in the User Idle Days to Lock field or you can set the value to 0 to disable deletion of the user accounts.
Save the settings.

Results

You have configured automatic locking and deletion of user accounts in the system. The users are locked and deleted automatically based on your defined settings.

What to do next

At any point of time, you can click Preview Idle User Lock in the system settings to check the number of user accounts that are going to be locked and deleted. Additionally, you can view the Last Logon Time, Locked Time, Will Lock, and Will delete times of each user in the Authentication (Users) page.

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.