Access control and Tracking with Javelin/Sitelok

Access control to secured documents can be provided via username/password entry. Users ("members of the service") can be pre-registered (manually or via file upload) and passwords issued by the publisher to their own customers, or users can be allowed to self-register, e.g. as guests or for specific services. After entering their username and password they would then have access to the document or documents for which access permission has been granted. Login access can be automated and managed via a hidden link or iframe on your own site, if this is a a preferred option, thereby hiding the link and/or the login details from the end user

A screenshot of the basic "SubAdmin" user management facility is shown below, with more details and screenshots provided further down this page.

Sitelok-SubAdmin

Access to a specific document or documents for a specific user is controlled by:

  • providing the user with the specific URL for that document (directly or via a menu or via an iframe or page re-direction that has the link defined within it)
  • defining whether the document itself is set for PUBLIC access (no login required) or PRIVATE access (Login required). Private access is defined and controlled by what Group or Groups of registered users are permitted to access that particular document. The Group setting for a converted document can be specified as ALL (the pre-defined default), which allows access by any logged in user, or restricted to a specific named Group, e.g. TEST01, as in the screenshot above. This Group name must be specified for the document in question - this can be enabled manually (by our team) or automatically based on the publisher's registered details - selection of the Group or Groups associated with a document is made via the FILES menu (File Management) facility for logged in Corporate and Enterprise users. If the registered user is assigned as a member of Group TEST01 then they will be permitted to view that document, otherwise access will not be permitted. See further the "Scenario" provided at the bottom of this page
  • users can also be instantly enabled/disabled, and/or have date/time restrictions placed on their user group membership so that their access to documents assigned to those particular user groups automatically expires on a specified date

Groups are created by the overall System Administrator - in general this is carried out by our own team, depending on the service level you subscribe to. Each of your users can then be associated with the Group or Groups that you specify for them and as a result, will potentially have access to all documents that are members of that Group.

The screenshots below show some of the Javelin/Sitelok web-based administration facilities for publishers who wish to manage their own user registrations for access control. This is a session-based security facility, with many selectable options. The screens show (i) the main Dashboard and function menus, with details of registered users - this is the full User Management Dashboard - the reduced version illustrated above is provided for Corporate and Enterprise subscribers as standard (the full version is only available for dedicated private Enterprise systems); (ii) the Add User facility, where users can be manually registered one at a time, plus a screenshot of the Import Users facility. Importing of username/password lists and other user-related data is supported for fast loading of large userlists and is available as a bespoke service and for dedicated Enterprise services; and (iii) a screen showing some of the log file details that are collected - log data can be viewed and exported for separate analysis. More details about Javelin/Sitelok are available on request.

The small icons to the left of each user entry in the screenshot below allow the following functions: Edit user, Email user, Delete user, and view user recent activity - as illustrated at the top of this page:

Sitelok-Admin
Sitelok-AddUser
The minimum requirement for importing from a text/csv file is: name,username,email (use these as a header row to map the file to the correct fields) - other fields, such as the password, enabled status and user group membership can be specified to be automatically created as part of the import process
Sitelok-ImportUsers
Sitelok-Log

The user management system includes features for self-registration by end users ("members"), amendment of user profiles by end users, guest access and more. These can be made available within the "members" area of the service to meet bespoke requirements as part of a broader project requirement.

The default service arrangement permits multiple logins on the same username/password, with all logins events tracked. Unique (non-concurrent) service access can be provided via our managed service, www.webdoxx.com, using a dedicated user management database and console. Note that the concept of concurrent and non-concurrent logins is far from straightforward in a web-based application environment, as in almost all cases users do not log out of a service they simply exit the browser or current tab, or just leave themselves logged in. The Javelin/Sitelok system with non-concurrent (unique) logins works in a similar manner to banking systems and if a second valid login is made, e.g. on a separate device, the first login event is automatically logged out. The pdf2html5 site allows for concurrent logins using a single username and password, i.e. does not auto-logout the previously logged in user. This has many advantages as it allows for typical end user behavior, allows for auto-login service access from third party websites, and enables groups or classes to login using a single username/password. However, in addition, access can be restricted to a specified number of devices if so desired. This feature is enabled by setting a value in the Concurrency field for the user record in question. This could be 10, for example, which would allow access from up to 10 devices. Each time a user logs in with that username on a particular device the Concurrency counter is reduced by 1 and a browser cookie set on that device to indicate that it can login to the service. When the Concurrency counter drops to 0 no more new devices (browsers) can be used to login with that username/password unless the user record is amended to increase the count once more. If you decide to use this feature you MUST inform your customers that your service uses cookies. Please see here for guidance from the UK authorities on compliance.

Subscription scenario

This scenario shows how you can use the service to offer a subscription service to your own customers and control their access. This is just one scenario and others may be more appropriate depending on the way in which you decide to manage your target customers and the various documents you wish to make available on a subscription payment basis:

  • A company called ABC Inc with 100 branches subscribes to your publication(s) service on March 1st 2017. The subscription is for 12 months. You register a single new user, abcuser, with a concurrency count of 100 devices and membership of your usergroup "ABC". You specify that their membership of the ABC usergroup is set to expire on 28th Feb 2018
  • you upload the 2017 manual and set the user group for this publication to ABC via the FILE menu (file management facility)
  • you provide ABC Inc with the link to your publication and the username and password for their organization (this could be more than one username/password of course, e.g. one for head office with 10 devices permitted, plus another for their 100 branches with perhaps 120 devices permitted - to allow for device changes in the branches). Note that the link could be provided via email or via your own website (and could be "hidden" on your site, with or without auto-login to the service, or even embedded on your site via an iframe).
  • ABC inc and their branch network use the service and all is fine, but then you issue the 2018 manual in January 2018. As with the 2017 manual you upload it, use the FILES menu to set the usergroup to ABC and let all your clients (including ABC Inc) know that a new version of the manual is available and provide them with the new links. ABC Inc is just one of these clients and they let their users/branches know the new link (or this is handled automatically via your own website links/iframe setup), and continue as before
  • ABC Inc fail to pay for the next year's subscription and think they can continue using the service, but from 1st March 2018 they will not be able to because their usergroup membership has expired.
  • Another subscriber, DEF Inc, say, has done exactly the same but subscribed in Jan 2017, does pay for the 2018 subscription so you change their group expiry date to 1st Feb 2019 and their users will be able to access the 2017 and 2018 manuals throughout the period to the end of their 2018/9 subscription
  • ABC Inc relent and pay up - you amend their subscription expiry date and their access springs into life again for all their users and both versions of the manual
  • In addition to the above, you can simply enable/disable any user at any time, for example if you detect misuse of the service or non-payment of a monthly subscription within a year' subscription window

Sessions and logins/logouts

The PDF2HTML5 service uses session IDs to identify logged in users. Whilst a browser is open and the user remains logged in, they can access the document or documents for which access has been enabled without repeatedly having to login for each document or after closing and opening tabs, UNLESS either they explicitly logout via a logout button, or a logout is forced upon them as a result of a timeout or programmatically generated logout event. A timeout occurs if there is no activity for 1200 seconds (20 minutes) or the web server overall session time is reached. With services hosted on our managed services via the webdoxx server these settings can be amended if required. It is also possibly to remotely force the current session to end as a programmatically generated logout event by accessing the service logout php function. Ask us for details if you think you need to use this facility.