User management

Understanding user roles and permissions

MiaRec software provides role-based access control feature with granular permissions. Each user account is associated with one role. And each role is configured with a set of permissions.

UserPermissions

Each role is associated with a set of permissions, which are granted to users of this role. Permissions include such privileges like "Configure System", "Configure Users", "Playback calls", "Delete calls" etc.

RolePermissions

By default the following roles are pre-created in MiaRec system, but administrator may create new roles or modify existing ones:

Root Administrator

Users of this role have unlimited access to system.

Administrator

Users of this role have a set of permissions as configured by Root Administrator. By default users of type Administrator can create/edit other user accounts.

Supervisor

Supervisor has access to call recordings, which are associated with users in his/her managed group(s). They cannot create/edit other user accounts.

Agent

Agents have access to own call recordings only.

Roles

Each user in MiaRec system should be assigned a role. The role defines what system resources are accessible by user and what operations are permitted on these resources.

List of roles

Navigate menu Administration -> Users Management -> Roles to see a list of available roles. During installation MiaRec automatically pre-creates a few roles. Administrator may create new roles or modify existing ones.

Role Access Level

Configure access scope

Access scope setting specifies which resources are accessible by user of such role.

Role Access Level

Access scope Description
SUPERUSER User with such role has unrestricted access to the system.
System User with such role has access to all resources on the system (users, groups, calls), but the operations are restricted by permissions. One exception from this rule is when multi-tenancy is enabled and user belongs to particular tenant account. In this case access is limited to tenant resources only.
Managed Groups User with such role has access only to resources within the managed groups. A list of managed groups is configured in user's profile. The group manager may see only users and their calls, for which he/she is a manager. Other users/calls are not visible to group manager.
User User with such role has access only to own call recordings.

Configure permissions

Permissions setting specifies what operations are permitted on the accessible resources. These operations include view, edit, delete, playback etc.

Role Permissionsl

Groups

Each user should belong to one of groups. Most of users are just members of their group, but some of users may be managers of groups. A single user may be a manager of multiple groups at the same time.

List of groups

Navigate menu Administration -> Users Management -> Groups to see a list of available groups. During installation MiaRec automatically pre-creates a few sample groups. Administrator may create new groups or edit existing ones.

Group List

View group

The group's profile page displays a list of all users, who are member of this group.

Group View

Edit group settings

Configuration of group includes the following options:

  • Group name
  • Timezone, which will be used by default for each user in this group. The timezone setting may be overridden on user's profile page.

Group Edit

Users

List of users

Navigate menu Administration -> Users Management -> Users to see a list of users. You can search users by name, group, role or extension.

Users List

View user

User's profile page

Add/edit user

Add/Edit User

Managed groups

If the user's role has access level "Group Manager", then you can configure which groups are managed by this user. The group manager has access only to users and their calls recordings, which belong to his managed groups. You may select one or more managed groups from a list.

Configure Managed Groups

Recording settings

If it is necessary to record such user, then you need to specify which extensions are assigned to this user. MiaRec uses the extensions configuration to automatically associate call recordings with users. One user may have more than one extension.

Configure Recording

Web access settings

If the user needs access to MiaRec web portal, then administrator may create login for him/her.

Configure Web Access

Associating calls with users

MiaRec automatically associates calls to users based on user's extension.

User with extension data

Administrator should configure extension on user's profile page. In below screenshot user "Roland Corry" is configured with extension "21311005005". When MiaRec recognizes a call with extension "21311005005", then such call is automatically associated with user "Roland Corry".

Such call association allows quick filtering of calls by user name. Also, this information is used when granting access to recordings. For example, supervisor will be able to view only call recordings, which are associated with users in his/her group.

User with extension data

What happens when MiaRec records call with unknown extension?

If MiaRec doesn't recognize extension for newly recorded call, then a default recording rule applies for the call. By default, MiaRec is configured to record such unknown calls, but this behavior may be changed by administrator (see section [Filters::OnCallStart] inside configuration file MiaRec.ini).

When call with unknown extension is recorded, then the column "User" will be empty (as shown in below screenshot).

User with extension data

Also, these calls are shown in panel "Not assigned to users" (visible only to administrators).

User with extension data

Administrator can manually assign the call to one of existing users. First, he needs to click on a call to display call details. Then he needs to click on button "Assign to user".

User with extension data

New page will be opened with the following options:

Extension

Administrator should decide whether to use phone number or optional phone name to associate calls to users.

Assign to User

The user to associate this call with.

Apply this rule to all similar calls

When checked, then other calls with the same extension will be automatically assigned to this user. Note, MiaRec will search only calls, which are not assigned yet to any of users.

User with extension data

Upon clicking the on "Save" button the recorded calls will be searched and automatically assigned to the selected user. Additionally, the selected extension will be automatically added to user (as shown in below screenshot).

User with extension data

Configuring LDAP integration

MiaRec supports LDAP (Active Directory) integration to accomplish two tasks:

  • LDAP authentication
  • LDAP user synchronization

LDAP authentication

Navigate to Administration -> System Configuration -> LDAP Integration to configure LDAP autentication.

LDAP integration

How it works

When user tries to login to MiaRec web portal, his/her login and password is verified on LDAP server. If login and password are accepted by LDAP server, then user is allowed to login to MiaRec web portal.

Such feature allows to manage users' passwords in one location only (on your LDAP server). MiaRec doesn't store user's passwords in own database in this scenario. If user's password is changed in LDAP server, then MiaRec will automatically accept such new password during login phase. Also, when user account is removed/deactivated in LDAP server, then such user will not be able to login to MiaRec web-portal too.

Please, note, MiaRec doesn't accept automatically login from any LDAP user in your system. It is required that user account has been previously created in MiaRec and appropriate access permissions have been granted to user. On user's profile page administrator may specify whether user's password should be stored locally (in encrypted one-way hash form) or LDAP authentication is enabled for such user.

LDAP user synchronization

When LDAP user synchronization is enabled, then MiaRec will automatically scan LDAP directory for new user accounts and create MiaRec users.

LDAP integration

How it works

First you need to create LDAP user synchronization job. This job may be started manually or by schedule (for example, every night).

If MiaRec detects new user account in LDAP server, then during synchronization the same account will be created in MiaRec. This newly created user will be added into pre-configured default user group and a default role will be assigned to user.

If LDAP database contains phone number for users, then such phone number will be automatically added as an extension to user.

When phone number is updated in LDAP server, then during synchronization such change will be applied to MiaRec user record also. For, example, when phone number in LDAP server is moved from one user to another, then MiaRec will move corresponding extension to new user too.

When phone number is removed from LDAP user account, but the same phone number is not assigned to any other users, then MiaRec will do nothing during synchronization. The extension will not be removed from user account. This is by design. It allows you to add extensions to MiaRec users manually on his/her profile page, and such manually created extensions will not be removed during synchronization if your LDAP server is missing phone number info.

Multi-tenancy

Enable multi-tenancy in MiaRec

In MiaRec web portal navigate to Administration -> System Configuration -> Advanced Settings. Click on Edit settings and change Multitenancy settings from disabled to enabled.

Now you should be able to see Tenants configuration inside administration interface.

Understanding multi-tenancy

MiaRec supports a multi-tenant configuration. Multi-tenancy involve an architecture where a single package application can serve multiple customers. Each and every client or company that is created under such multi tenant architecture is referred to as a tenant. A multi-tenant software enables users to setup separate tenant partitions where one tenant cannot have access to the configurations or data of other tenants.

Who should use a multi-tenant configuration?

Multi-tenancy is the best suited for service provides and/or BPO contact centers, who record calls on behalf of other business organizations.

How it works

Each and every tenant has own set of users, groups, roles, and extensions. Tenant users have access to data only within boundaries of own tenant account. Tenant's data is isolated from each other.

MiaRec provides self-service capability to tenants. For example, tenant administrator may reset own users' passwords, modify role permissions, move existing user into another group, etc.

Multi-tenancy.png

Frequently asked questions

  1. How call recordings are associated with tenant?

    Each tenant has a pre-configured set of extensions. MiaRec uses this data to automatically associate calls to users.

  2. Can tenant administrator change own extensions?

    No. The extensions are configured by system administrator. The tenant administrator may only re-allocate available extension from one user to another.

  3. Is it required to give tenants an access to admin interface?

    No, it is not required. It's possible to create tenant users with read-only access to MiaRec web-portal and skip creation of tenant administrator role.

Add tenant

To create a new tenant account navigate to Administration -> Users Management -> Tenants and complete the following steps:

  1. Create new tenant account
  2. Create at least one group. For example, "Users".
  3. Create at least one role with appropriate permissions. For example, "Agent role". Optionally, you may create tenant admin account who will be able to manage own tenant users (reset users passwords, edit role permissions, create new groups, etc).
  4. Create users and assign extensions to them.

Extension in MiaRec is a "phone number", "phone name" and/or "broadworks user ID". If you are using Broadworks platform, then it is recommended to enter your users' broadworks ID's as extensions. For other platforms it is recommended to use users phone number as an extension. Using of phone name is recommended in cases when multiple users share the same extension and only the phone name part is unique.

Tenant view