Configuring Windows User Accounts on the Batch REST Service Computer

The batch widgets send a bearer token to the Batch Rest Service containing the currently logged in Ophub User account name. This account name must exist on the Batch Rest Service computer as a local Windows user, or as a domain user.
  • If using local Windows user accounts, create the corresponding local Windows user accounts on the Batch REST Service computer that match the Ophub user account names.
  • If you are using a domain user, the domain name can be a part of the Operations Hub user name (for example: ophubuser@DomainName). You can also use an Ophub account name without domain as part of the Operations Hub username. For example, ophubadmin.
  • If you use an Operations Hub user name without domain, for example ophubadmin, the Batch REST Service will first look up this user to see if it is a valid local Windows user on the Batch REST Service computer. If it is not found, then it will look up this user on the Domain used by the computer. The order of the user lookup can be customized with the UAAUserDomainLookupOption property and is described in more detail the Batch Rest API readme.txt.
  • As an extra security feature, if the basicAuthWindowsGroupValidation property is true, the Batch REST Service will validate that this user is a member of the basicAuthWindowsGroup. This group is initially set to PROFICY_BATCH_REST_USERS. If this is set to true, then be sure to add the windows user accounts to this Windows User Group.

Use e-Signatures

To use e-Signatures for batch widgets, do the following:
  1. Create Windows user groups on the Batch REST Service computer that correspond to the e-Signature Requirement Performed By and Verified By group names in the batch widgets.

    For example, Operator and Supervisor group names are used in the Batch widgets sample application.

  2. Create Windows users on the Batch REST Service computer and add them to the appropriate Windows user group used for e-Signature. Or if you are using Domain users, add the domain users to the appropriate Windows user groups used for e-Signature.
  3. Be sure that the Windows User accounts full name is not blank.
  4. If using Domain users, be sure to set the GE Intelligent Platforms Security Server (iSecurity.exe) Windows Service to run under a Domain user account, and restart this service.