In addition to folder permissions, the account used for updating, whether a domain admin or custom account, +must be provided permissinos to be able to manage IIS sites or services on the web host.
The application encrypts sensitive database data such as passwords. Blazam uses the EncryptionString from the
appSettings.json configuration file
Main Site
Blazam is a powerful, free, web-based Active Directory management portal.
Enable you and your users to manage legacy Active Directory in a modern way.
"},{"location":"#environment-requirements","title":"Environment Requirements","text":"Sorry
This app is simply not designed for organizations that clump all their users into a select few OU's. Having a well defined OU structure is imperitive to the operation of this application.
Sure you can use it, but the granularity of your delegation control is proportional to the granularity of your OU tree.
Continuing
If you're looking for an app that delegates to groups instead of OU's, good luck. The technical reality of LDAP and Active Directory prohibit any tolerable experience delegating groups to groups.
"},{"location":"#open-source","title":"Open Source","text":"Blazam and it's documentation are open source. Contributions are encouraged.
"},{"location":"license/","title":"Blazam License Agreement","text":"Copyright (c) 2023 Blazam
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
This license is only applicable to versions of the Software that included this license in the installed software directory or source code. Future versions including a different license will not be subject to this agreement and will operate entirely under the included license of said future version of the Software.
THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"},{"location":"privacy/","title":"Privacy Policy for Blazam","text":"Last updated: March 15, 2023
"},{"location":"privacy/#introduction","title":"Introduction","text":"This Privacy Policy describes how Blazam (\"we\", \"us\", or \"our\") collects, uses, shares, and protects your personal information when you use our web app Blazam (\"the Software\").
By using the Software, you agree to the collection and use of your personal information in accordance with this Privacy Policy.
"},{"location":"privacy/#what-information-do-we-collect","title":"What information do we collect?","text":"We collect information that you provide to us when you use the Software, such as your name, email address, password, and any other information that you choose to provide.
We also collect information that is automatically generated when you use the Software, such as your IP address, browser type, device type, operating system, pages visited, time spent on the Software, and other statistical data.
We use Google Analytics 4 to help us analyze how users use the Software. Google Analytics 4 collects information such as how often users visit the Software, what pages they visit, and what other sites they used prior to coming to the Software. Google Analytics 4 does not collect your name or other identifying information. We do not combine the information collected by Google Analytics 4 with any personally identifiable information. You can learn more about how Google collects and processes data at https://policies.google.com/technologies/partner-sites.
"},{"location":"privacy/#how-do-we-use-your-information","title":"How do we use your information?","text":"We use your information for the following purposes:
We do not sell or rent your personal information to third parties. We may share your personal information with third parties in the following circumstances:
You have certain rights regarding your personal information that we collect and process. Depending on where you live, these rights may include:
To exercise any of these rights, please contact us at support@blazam.org. We will respond to your request within a reasonable timeframe.
"},{"location":"privacy/#how-do-we-protect-your-information","title":"How do we protect your information?","text":"We take reasonable measures to protect your personal information from unauthorized access,use, disclosure, alteration, or destruction. However, no method of transmission or storage is completely secure and we cannot guarantee the absolute security of your personal information.
We store your personal information for as long as it is necessary to provide the Software and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
"},{"location":"privacy/#how-do-we-use-cookies-and-other-tracking-technologies","title":"How do we use cookies and other tracking technologies?","text":"We use cookies and other tracking technologies to collect and store information about your preferences and activity on the Software. Cookies are small files that are placed on your device when you visit a website. They help us recognize you and remember your settings when you return to the Software. You can manage your cookie preferences in your browser settings, but please note that some features of the Software may not function properly if you disable or reject cookies.
We also use web beacons, pixels, tags, and scripts to collect and track information about how you interact with the Software and our email communications. These technologies help us measure the effectiveness of our marketing campaigns and improve our Software.
"},{"location":"privacy/#do-we-link-to-other-websites","title":"Do we link to other websites?","text":"The Software may contain links to other websites that are not operated by us. We are not responsible for the content or privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites that you visit.
"},{"location":"privacy/#how-do-we-update-this-privacy-policy","title":"How do we update this Privacy Policy?","text":"We may update this Privacy Policy from time to time to reflect changes in our data practices or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on the Software or by sending you an email notification. Your continued use of the Software after we post the updated Privacy Policy constitutes your acceptance of the new Privacy Policy.
"},{"location":"privacy/#how-can-you-contact-us","title":"How can you contact us?","text":"If you have any questions or comments about this Privacy Policy or our data practices, please contact us at:
Jacobsen Productions USA Email: support@blazam.org
"},{"location":"admin/fields/","title":"Fields","text":"The fields configuration section allows for the definition of custom schema attributes in your Active Directory environment.
Once a field is defined it will become available for delegation in Permissions.
"},{"location":"admin/fields/#display-name","title":"Display Name","text":"This is the label that will be shown for this attribute in Blazam. It can be in your localized language for your convenience.
"},{"location":"admin/fields/#field-name","title":"Field Name","text":"This is the name of the attribute as shown on the attributes tab of the object in Active Directory.
Remember you need to enable Advanced View in ADUC to see the attributes tab.
This should be set based on the type of data the the attribute stores. Check the attribute values to determine the best match. If the value does not show in Blazam try a different type.
"},{"location":"admin/fields/#object-types","title":"Object Types","text":"The final section of defining a field is the selection of object types. Check whichever types the attribute is used on.
"},{"location":"admin/initialSetup/","title":"Initial Setup","text":"After installing Blazam, open a browser to your published website.
Upon first launch, the application will enter an installation wizard to guide you in completing the initial configuration.
"},{"location":"admin/initialSetup/#setup-wizard","title":"Setup Wizard","text":""},{"location":"admin/initialSetup/#database","title":"Database","text":""},{"location":"admin/initialSetup/#pre-requisites-excluding-sqlite","title":"Pre-requisites (Excluding Sqlite)","text":"Tip
The web installer ensures the prerequisites are fulfilled before allowing installation.
The database page confirms that the settings you configured in appSettings.json (or as performed by the web installer) are correct and a connection to the database is successful.
You can then \"install\" the database, which will set up all the necessary tables and seed data.
"},{"location":"admin/initialSetup/#authentication","title":"Authentication","text":"The authentication install page allows you to set up your built-in admin password.
This account is provided to allow login even when no connection to Active Directory can be made.
"},{"location":"admin/initialSetup/#active-directory","title":"Active Directory","text":"This is the most important of first launch steps.
Server - This can be your domain name, but if that doesn't work pick a domain controller to connect to and use it's DNS name.
Port - The port to connect to.
Username - The account name excluding the domain. (eg:blazam) This account should have administrative permissions for whatever scope you intend to use the application for.
Password - The password for the domain account.
Use TLS - Whether to use TLS when connecting. For internal networks this is optional. It is highly recommended if you are communicating to your domain over the internet.
FQDN - The fully qualified domain name of your Active Directory domain.
Base DN - The base organizational unit distinguished name from where to begin scoping the application. Any OU's above this DN are not available to Blazam.
Info
At the bottom of the page is a connection status panel that will show you the state of the connection as you make changes.
"},{"location":"admin/initialSetup/#finalize-install","title":"Finalize Install","text":"After finalizing install you will be brought to the login page. Enter the admin username and the password you set during the initial setup.
Blazam offers a flexible notification system for both in-app and email notifications.
"},{"location":"admin/notifications/#requirements","title":"Requirements","text":"In order for email notifications to go out, email must be enabled in Configure -> Settings.
Notification settings, much like permissions, are applied to OU's and propagate down the OU tree unless a Block is placed at a lower level.
In-app and email notification types can be included/excluded together or independently.
"},{"location":"admin/notifications/#user-access","title":"User Access","text":"All users can manage their own notification settings via the User Button in the top right of Blazam.
Super-admins can manage all other users notifications via the Configure -> Notifications feature.
Permissions in Blazam differ from Active Directory in one major (and extremely helpful) way.
Feature Active Directory Blazam Reusable ACL's Each ACL is unique for each OU Create one type of access and reuse that list for any number of OU's ACL Naming ACL's are simply a list of properties in the security tab with no real grouping or de-granularization Named ACL's allow for quick identification of access and it's source as well as allowing the creation of role based ACL's ACL inheritance ACL's at higher level OU's propagate down except for overriding deny's Blazam behaves the same as Active Directory in this regardTLDR
Blazam adds a layer of abstraction to Active Directory permissions. By including an Access Level layer between the OU permissions and the group assigned, you can create a single ACL rule and reuse it for as many groups on as many OU's as you'd like.
The Access Level's you define can be reused or combined to create exactly the configuration you desire.
Example
A group HR could be given the Access Level Read Users (which allows only read access to usr demographics fields) and the Read Groups Access Level to the OU's Company/Marketing and Company/IT while also receiving Rename Users for the Company/Marketing OU as well as the Deny Group Read Access Level for the Company/IT OU.
This will result in a member of HR to be able to read user demographics in Company/Marketing and Company/IT while being able to read the groups a user is a member of, only if the group is under the Company/Marketing OU.
They will also be able to rename users under Company/Marketing
Note
Permissions that are applied inherit fully down the OU tree unless a Deny permission is set at a lower level.
The core element of the permission system in Blazam is the \"Delegate\".
A \"Delegate\" can be any group or user.
Any \"Delegate\" added will allow that user or members of that group to log into the application.
Nested group members are counted.
"},{"location":"admin/permissions/#access-levels","title":"Access Levels","text":"Access Levels improve upon the default permission system found in Active Directory.
"},{"location":"admin/permissions/#parameters","title":"Parameters","text":""},{"location":"admin/permissions/#name","title":"Name","text":"You can name your Access Levels however you'd like.
"},{"location":"admin/permissions/#object-permissions","title":"Object Permissions","text":"Permissions are split between different Active Directory object types. You can set different permissions for groups from users, computers, or OU's within the same OU, or any combination therein.
"},{"location":"admin/permissions/#field-permissions","title":"Field Permissions","text":"Under each object type allowed, you can choose which fields will be denied, readable, or editable.
"},{"location":"admin/permissions/#group-membership-access","title":"Group Membership Access","text":"Group membership control in Blazam is tied to the group and read permissions.
"},{"location":"admin/permissions/#assignunassing-action","title":"Assign/Unassing Action","text":"The delegate user must have Assign/Unassign action permissions provided to the parent group in order to assign users or groups to it.
"},{"location":"admin/permissions/#read-usersgroups","title":"Read Users/Groups","text":"The final permission that must be assigned to delegates is read access to users or groups to be able to add as a member of the parent group
"},{"location":"admin/permissions/#mappings","title":"Mappings","text":"Mapping permissions is similar to default Active Directory permissions, but utilizing the powereful Acces Level component to ease and enhance the delegation process.
As a super admin, you will be able to impersonate the application experience of other users. This is extremely helpful when setting up permissions to verify the access you intended.
"},{"location":"admin/templates/","title":"Templates","text":"Templates are used to define the data applied at user creation. They allow you to prefill or request entry of whatever user properties you want.
"},{"location":"admin/templates/#inheritance","title":"Inheritance","text":"One very useful and powerful feature is template inheritance. Create a base template that contains the common data for all your users, like Company or your Username or Password algorithms, all child templates will inherit the values and any changes made to the base template.
Defines a parent template from which to inherit values from.
"},{"location":"admin/templates/#template-name","title":"Template Name","text":"The name for the template as will be shown to users on the create user page.
"},{"location":"admin/templates/#template-category","title":"Template Category","text":"Organize your templates into categories for easy retrieval.
"},{"location":"admin/templates/#visibility","title":"Visibility","text":"Control whether the template is visible on Create User page. Useful for base templates that should not be used directly.
Define the username and display name formats along with the new password for created users. An assortment of string variables are available to compute the value on creation.
In addition, you can pull the first X characters of a field or perform regex matches.
"},{"location":"admin/templates/#variables","title":"Variables","text":"{variable:modifier[argument]}, {variable:modifier}, {variable[argument]}, or just {variable}
Variables Expressions must be surrounded by curly braces eg: {fn}
Modifiers and Arguments are both optional
Variable Expressions can be chained together and anything outside of curly braces will be copied as is. eg: {fi}{ln}
Examples
Expression Description{fn} Returns the whole first name {fn[1]} or {fi} Returns the first initial {fn:l[2]} Returns the first two characters of the first name in lower case {ln:regex[^(.{3})(.*Jr)$]} A regex search on the last name pulling the first 3 characters and includes Jr if the last name ends in Jr"},{"location":"admin/templates/#account-options","title":"Account Options","text":""},{"location":"admin/templates/#allow-username-override","title":"Allow Username Override","text":"If enabled, users will be able to change the generated username.
Note
Super-admins are always able to override usernames
"},{"location":"admin/templates/#require-password-change","title":"Require Password Change","text":"If enabled, the associated checkbox in ADUC will be checked and users will be asked to change their password upon first domain login.
"},{"location":"admin/templates/#send-welcome-email","title":"Send Welcome Email","text":"If enabled, an email containing the username and password will be sent. If the email field is generated, static, or editable the email will go to that address. If no address is entered into the email field, the user will be asked for a destination.
"},{"location":"admin/templates/#ask-for-alternate-email","title":"Ask For Alternate Email","text":"If enabled, Blazam will always ask for a custom destination address for credential emails.
"},{"location":"admin/templates/#formula-sim","title":"Formula Sim","text":"The formula simulator allows you to more easily construct your generated variable expressions. Preview your changes on the fly while constructing your configuration.
"},{"location":"admin/templates/#fields","title":"Fields","text":"This section allows for the addition of any of the user attribute you want to define After adding a field, you can then define a value, allow the user to edit the value, or require the value on creation.
"},{"location":"admin/templates/#organizational-unit","title":"Organizational Unit","text":"Where the new user should be placed. Users must have \"Create User\" priviledges in this OU to use this template.
"},{"location":"admin/templates/#groups","title":"Groups","text":"The groups to assign the user to after creation. This can include inherited groups from parent templates.
"},{"location":"admin/settings/application/","title":"Application Settings","text":""},{"location":"admin/settings/application/#application-name","title":"Application Name","text":"Brand Blazam with your own personalized name.
"},{"location":"admin/settings/application/#homepage-message","title":"Homepage Message","text":"Messages entered here will be displayed to all user on their home page dashboard. The text has full HTML support for message customization.
"},{"location":"admin/settings/application/#force-https","title":"Force HTTPS","text":"Forces http connections to https.
"},{"location":"admin/settings/application/#user-helpdesk-url","title":"User Helpdesk URL","text":"Warning
Not currently implemented
This is your organizations tech support portal for help buttons within Blazam.
"},{"location":"admin/settings/application/#branding-icon","title":"Branding Icon","text":"Upload you organization's logo or other image to use within the app.
Note
The icons used in Blazam are sent to the browser in a method that tells the browser to cache the image for up to 24 hours. This reduces traffic between the web server and the database. Keep this in mind when changing the Branding Icon.
"},{"location":"admin/settings/application/#website-fqdn","title":"Website FQDN","text":"Note
Will be used for links within notification emails in an upcoming update
The fully qualified domain name of your Blazam instance for use in email notification links.
"},{"location":"admin/settings/application/#ssl-certificate","title":"SSL Certificate","text":"Info
Only available when running Blazam as a service. Use IIS Manager to control SSL when running under IIS.
Upload an SSL certificate with private key to use for encryption
"},{"location":"admin/settings/authentication/","title":"Authentication Settings","text":""},{"location":"admin/settings/authentication/#admin-password","title":"Admin Password","text":"Allows for changing the built-in admin account password
"},{"location":"admin/settings/authentication/#session-timeout","title":"Session Timeout","text":"The time in minutes that a web user should be authenticated for.
Note
Blazam uses a rolling expiration, which means that the session expiration time is reset on every page navigation.
"},{"location":"admin/settings/authentication/#duo-multi-factor-authentication","title":"DUO Multi-Factor Authentication","text":"Blazam currently only supports DUO Security for 2FA/MFA
"},{"location":"admin/settings/authentication/#setup","title":"Setup","text":"To enable DUO...
All web host application settings are set in the appsettings.json file in the root path of the application directory.
Note
If this is a manual installation you must create the appsettings.json file. A template is available (appsettings.example.json) that can be copied and renamed.
appsettings.json
{\n \"Logging\": {\n \"LogLevel\": {\n \"Default\": \"Information\",\n \"Microsoft.AspNetCore\": \"Information\",\n \"Microsoft.Hosting.Lifetime\": \"Information\",\n \"Microsoft.EntityFrameworkCore.Database.Command\": \"Warning\"\n }\n },\n \"EncryptionKey\": \"supersecretstring\",\n \"DebugMode\": \"false\",\n \"ListeningAddress\": \"*\",\n \"HTTPPort\": \"79\",\n \"HTTPSPort\": \"442\",\n \"AllowedHosts\": \"*\",\n \"DatabaseType\": \"SQLite\", //SQL,SQLite,or MySQL\n \"ConnectionStrings\": {\n\n \"DBConnectionString\": \"\"\n }\n\n}\nIt is recommended not to modify logging settings. They may be useful for issues that arise.
"},{"location":"install/config/#encryptionkey","title":"EncryptionKey","text":"Danger
Changing this value after installation will break decryption, thereby preventing any successful logons.
Note
For manual installations, be sure to change this value from it's default before launching the app. Make it whatever you want, as long as it's different
Backup the Encryption Key!It is highly recommended to backup the encryption key immediatly following the installation wizard for production environments.
Loss of the encryption key will result in the inabillity to log in as the application admin, and break communication with your Actvie Directory, effectivley locking you out without manual modifications to the database.
To backup the key from the app, go to the Settings page and click the System tab.
string Any string, this is the seed that generates the encryption key used by the database"},{"location":"install/config/#debugmode","title":"DebugMode","text":"Values Description true The application will provide additional debugging information to the browser (This may expose priviledged information to users, only enable for assisting development) false The application will operate in the normal mode"},{"location":"install/config/#httpport","title":"HTTPPort","text":"Info
This setting has no effect when running under IIS
Values DescriptionPortNumber If running as a service, the application will listen for HTTP connections on this port"},{"location":"install/config/#httpsport","title":"HTTPSPort","text":"Info
This setting has no effect when running under IIS
Values DescriptionPortNumber If running as a service, the application will listen for HTTPS connections on this port"},{"location":"install/config/#allowedhosts","title":"AllowedHosts","text":"Info
This setting has no effect when running under IIS
Values Description* Allows all IP addresses to communicate with Blazam subnet/mask Allows only IP's from the defined subnet to communicate with Blazam"},{"location":"install/config/#databasetype","title":"DatabaseType","text":"Values Description SQL The application will operate under SQL SQLite The application will operate under SQLite MySQL The application will operate under MySQL"},{"location":"install/config/#dbconnectionstring","title":"DBConnectionString","text":"Values Description string The connection string to connect to your database. If you need a generator try one of the following SQL, Sqlite, Mysql."},{"location":"install/firewall/","title":"Firewall","text":""},{"location":"install/firewall/#user-access","title":"User Access","text":"Blazam listens for HTTP and HTTPS connections on whatever ports you configure during installation.
Forward these ports on firewalls that should allow access.
"},{"location":"install/firewall/#system-communications","title":"System Communications","text":"If you have a firewall between Blazam and the Active Directory domain controllers forward the port configured in settings within the app.
"},{"location":"install/manual/","title":"Manual Installation","text":""},{"location":"install/manual/#pre-requisites","title":"Pre-Requisites","text":"DatabaseType.Feel free to deviate from the instructions to fit your desired deployment
Server Roles -> Web Server -> Application Developer -> Web Sockets.Server Roles -> Web Server -> Application Developer -> Application Initialization.Create new Site in IIS for Blazam
Set ApplicationPool to AlwaysRunning (Optional)
Advanced Settings. Always Running.Set IIS Site to Preload (Optional)
Manage Website -> Advanced Settings and set the Preload Enabled value to true.Continue with Configuration
C:\\Program Files\\BlazamBLAZAM.exe as a service.Blazam adheres to a strict delegation of elevated privileges. It is designed to run under an un-privileged user account.
Abstract
The developers of Blazam always keep security and privilege protection as a top priority.
All passwords are encrypted both at rest and in transit. All incoming/outgoing connections are TLS/SSL capable.
Having said that, we take no responsibillity for any damages incurred from your use of this software. You are encouraged to review the source code for yourself.
Danger
Running the web application under elevated privileges exposes your Web Server and Active Directory to unneccessary risk of framework exploits.
"},{"location":"install/security/#internet-facing","title":"Internet Facing","text":"Should you decide to publish Blazam to the internet, you should ensure that a valid SSL certificate is supplied and forcing of HTTPS is enabled either in-app or via IIS.
"},{"location":"install/security/#active-directory-user","title":"Active Directory User","text":"The application only has as much privilege as you supply it. It is possible to set up an advanced permission ACL within Active Directory for the user account provided for AD communication to limit the exposure of the application.
"},{"location":"install/security/#application-user","title":"Application User","text":"Danger
Do not run the IIS application pool or application service as an adminstrator or System account.
"},{"location":"install/security/#for-iis","title":"For IIS","text":"Use the default IIS_User account provided to the application pool.
"},{"location":"install/security/#for-service","title":"For Service","text":"Using the NetworkService account is recommended.
"},{"location":"install/security/#folder-permissions","title":"Folder Permissions","text":"For most deployments, no modifications to folder permissions are required.
The following conditions warrant changing application root directory permissions:
The application encrypts sensitive database data such as passwords. Blazam uses the EncryptionString from the appSettings.json configuration file
The encryption key you provide is not the actual key used for encryption. This provides security through obscurity for peace of mind that it alone is not a key to the kingdom.
Backup the Encryption Key
It is highly recommended to backup the encryption key immediatly following the installation wizard.
Loss of the encryption key will result in the inabillity to log in as the application admin, and break communication with your Actvie Directory, effectivley locking you out without manual modifications to the database.
To backup the key from the app, go to the Settings page and click the System tab. (Coming soon)
DatabaseType.The Web installer allows installing the application under IIS, or as a stand-alone service installed under Program Files.
It always installs the latest version.
Download Web Installer
"},{"location":"update/auto/","title":"Automatic Updates","text":""},{"location":"update/auto/#self-update-setup","title":"Self-Update Setup","text":"Some manual configuration is neccessary to perform self-updates for now.
First decide the account to use. There are two approved options.
Finally, apply write permissions to the application installation directory for the chosen account.
"},{"location":"update/auto/#how","title":"How?","text":"To configure automatic updates, go to Configure -> Settings -> Update and enable auto updates.
You can then choose a time of day to perform the update. The default value is 2:00 AM local server time. Choose a time with minimal user activity to avoid disruptions.
When an update is released, Blazam will schedule a self update at the configured time.
"},{"location":"update/manual/","title":"Manual Update","text":"Info
Blazam can update itself, but some configuration is required. Check the self-update page for more info.
Manual updating is very easy with Blazam
All database updates are applied automatically when the application starts.
"},{"location":"update/self/","title":"Self-Update","text":"Blazam can update itself regardless of how it is installed.
"},{"location":"update/self/#self-update-setup","title":"Self-Update Setup","text":"Some manual configuration is necessary to perform self-updates for now.
First decide the account to use. There are two approved options.
Finally, apply write permissions to the application installation directory for the chosen account.
"},{"location":"update/self/#how","title":"How?","text":"To update go to Configure -> Settings -> Update, if an update is available, an update button and release notes will be available.
During a self update Blazam backs up the current installation to C:\\Windows\\temp\\Blazam\\backup\\ or wherever the running user's temporary folder is configured.
Blazam is a compatible PWA (Progressive Web Application). For easy access you can opt to \"install\" the webapp to your local device (desktop/laptop/mobile).
"},{"location":"user/#dashboard-widgets","title":"Dashboard Widgets","text":"The home page allows you to set up and organize an assortment of dashboard widgets.
You must be provided relevant read permissions somewhere in the directory to be able to add each widget.
The full set of widgets are: - New Users - New Groups - New Computers - New OU's - New Printers - Changed AD Entries - Changed Passwords - Locked Out Users - Favorites - Application Logons (Super-admins only)
"}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Blazam","text":"Main Site
Blazam is a powerful, free, web-based Active Directory management portal.
Enable you and your users to manage legacy Active Directory in a modern way.
"},{"location":"#environment-requirements","title":"Environment Requirements","text":"Sorry
This app is simply not designed for organizations that clump all their users into a select few OU's. Having a well defined OU structure is imperitive to the operation of this application.
Sure you can use it, but the granularity of your delegation control is proportional to the granularity of your OU tree.
Continuing
If you're looking for an app that delegates to groups instead of OU's, good luck. The technical reality of LDAP and Active Directory prohibit any tolerable experience delegating groups to groups.
"},{"location":"#open-source","title":"Open Source","text":"Blazam and it's documentation are open source. Contributions are encouraged.
"},{"location":"license/","title":"Blazam License Agreement","text":"Copyright (c) 2023 Blazam
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
This license is only applicable to versions of the Software that included this license in the installed software directory or source code. Future versions including a different license will not be subject to this agreement and will operate entirely under the included license of said future version of the Software.
THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"},{"location":"privacy/","title":"Privacy Policy for Blazam","text":"Last updated: March 15, 2023
"},{"location":"privacy/#introduction","title":"Introduction","text":"This Privacy Policy describes how Blazam (\"we\", \"us\", or \"our\") collects, uses, shares, and protects your personal information when you use our web app Blazam (\"the Software\").
By using the Software, you agree to the collection and use of your personal information in accordance with this Privacy Policy.
"},{"location":"privacy/#what-information-do-we-collect","title":"What information do we collect?","text":"We collect information that you provide to us when you use the Software, such as your name, email address, password, and any other information that you choose to provide.
We also collect information that is automatically generated when you use the Software, such as your IP address, browser type, device type, operating system, pages visited, time spent on the Software, and other statistical data.
We use Google Analytics 4 to help us analyze how users use the Software. Google Analytics 4 collects information such as how often users visit the Software, what pages they visit, and what other sites they used prior to coming to the Software. Google Analytics 4 does not collect your name or other identifying information. We do not combine the information collected by Google Analytics 4 with any personally identifiable information. You can learn more about how Google collects and processes data at https://policies.google.com/technologies/partner-sites.
"},{"location":"privacy/#how-do-we-use-your-information","title":"How do we use your information?","text":"We use your information for the following purposes:
We do not sell or rent your personal information to third parties. We may share your personal information with third parties in the following circumstances:
You have certain rights regarding your personal information that we collect and process. Depending on where you live, these rights may include:
To exercise any of these rights, please contact us at support@blazam.org. We will respond to your request within a reasonable timeframe.
"},{"location":"privacy/#how-do-we-protect-your-information","title":"How do we protect your information?","text":"We take reasonable measures to protect your personal information from unauthorized access,use, disclosure, alteration, or destruction. However, no method of transmission or storage is completely secure and we cannot guarantee the absolute security of your personal information.
We store your personal information for as long as it is necessary to provide the Software and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
"},{"location":"privacy/#how-do-we-use-cookies-and-other-tracking-technologies","title":"How do we use cookies and other tracking technologies?","text":"We use cookies and other tracking technologies to collect and store information about your preferences and activity on the Software. Cookies are small files that are placed on your device when you visit a website. They help us recognize you and remember your settings when you return to the Software. You can manage your cookie preferences in your browser settings, but please note that some features of the Software may not function properly if you disable or reject cookies.
We also use web beacons, pixels, tags, and scripts to collect and track information about how you interact with the Software and our email communications. These technologies help us measure the effectiveness of our marketing campaigns and improve our Software.
"},{"location":"privacy/#do-we-link-to-other-websites","title":"Do we link to other websites?","text":"The Software may contain links to other websites that are not operated by us. We are not responsible for the content or privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites that you visit.
"},{"location":"privacy/#how-do-we-update-this-privacy-policy","title":"How do we update this Privacy Policy?","text":"We may update this Privacy Policy from time to time to reflect changes in our data practices or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on the Software or by sending you an email notification. Your continued use of the Software after we post the updated Privacy Policy constitutes your acceptance of the new Privacy Policy.
"},{"location":"privacy/#how-can-you-contact-us","title":"How can you contact us?","text":"If you have any questions or comments about this Privacy Policy or our data practices, please contact us at:
Jacobsen Productions USA Email: support@blazam.org
"},{"location":"admin/fields/","title":"Fields","text":"The fields configuration section allows for the definition of custom schema attributes in your Active Directory environment.
Once a field is defined it will become available for delegation in Permissions.
"},{"location":"admin/fields/#display-name","title":"Display Name","text":"This is the label that will be shown for this attribute in Blazam. It can be in your localized language for your convenience.
"},{"location":"admin/fields/#field-name","title":"Field Name","text":"This is the name of the attribute as shown on the attributes tab of the object in Active Directory.
Remember you need to enable Advanced View in ADUC to see the attributes tab.
This should be set based on the type of data the the attribute stores. Check the attribute values to determine the best match. If the value does not show in Blazam try a different type.
"},{"location":"admin/fields/#object-types","title":"Object Types","text":"The final section of defining a field is the selection of object types. Check whichever types the attribute is used on.
"},{"location":"admin/initialSetup/","title":"Initial Setup","text":"After installing Blazam, open a browser to your published website.
Upon first launch, the application will enter an installation wizard to guide you in completing the initial configuration.
"},{"location":"admin/initialSetup/#setup-wizard","title":"Setup Wizard","text":""},{"location":"admin/initialSetup/#database","title":"Database","text":""},{"location":"admin/initialSetup/#pre-requisites-excluding-sqlite","title":"Pre-requisites (Excluding Sqlite)","text":"Tip
The web installer ensures the prerequisites are fulfilled before allowing installation.
The database page confirms that the settings you configured in appSettings.json (or as performed by the web installer) are correct and a connection to the database is successful.
You can then \"install\" the database, which will set up all the necessary tables and seed data.
"},{"location":"admin/initialSetup/#authentication","title":"Authentication","text":"The authentication install page allows you to set up your built-in admin password.
This account is provided to allow login even when no connection to Active Directory can be made.
"},{"location":"admin/initialSetup/#active-directory","title":"Active Directory","text":"This is the most important of first launch steps.
Server - This can be your domain name, but if that doesn't work pick a domain controller to connect to and use it's DNS name.
Port - The port to connect to.
Username - The account name excluding the domain. (eg:blazam) This account should have administrative permissions for whatever scope you intend to use the application for.
Password - The password for the domain account.
Use TLS - Whether to use TLS when connecting. For internal networks this is optional. It is highly recommended if you are communicating to your domain over the internet.
FQDN - The fully qualified domain name of your Active Directory domain.
Base DN - The base organizational unit distinguished name from where to begin scoping the application. Any OU's above this DN are not available to Blazam.
Info
At the bottom of the page is a connection status panel that will show you the state of the connection as you make changes.
"},{"location":"admin/initialSetup/#finalize-install","title":"Finalize Install","text":"After finalizing install you will be brought to the login page. Enter the admin username and the password you set during the initial setup.
Blazam offers a flexible notification system for both in-app and email notifications.
"},{"location":"admin/notifications/#requirements","title":"Requirements","text":"In order for email notifications to go out, email must be enabled in Configure -> Settings.
Notification settings, much like permissions, are applied to OU's and propagate down the OU tree unless a Block is placed at a lower level.
In-app and email notification types can be included/excluded together or independently.
"},{"location":"admin/notifications/#user-access","title":"User Access","text":"All users can manage their own notification settings via the User Button in the top right of Blazam.
Super-admins can manage all other users notifications via the Configure -> Notifications feature.
Permissions in Blazam differ from Active Directory in one major (and extremely helpful) way.
Feature Active Directory Blazam Reusable ACL's Each ACL is unique for each OU Create one type of access and reuse that list for any number of OU's ACL Naming ACL's are simply a list of properties in the security tab with no real grouping or de-granularization Named ACL's allow for quick identification of access and it's source as well as allowing the creation of role based ACL's ACL inheritance ACL's at higher level OU's propagate down except for overriding deny's Blazam behaves the same as Active Directory in this regardTLDR
Blazam adds a layer of abstraction to Active Directory permissions. By including an Access Level layer between the OU permissions and the group assigned, you can create a single ACL rule and reuse it for as many groups on as many OU's as you'd like.
The Access Level's you define can be reused or combined to create exactly the configuration you desire.
Example
A group HR could be given the Access Level Read Users (which allows only read access to usr demographics fields) and the Read Groups Access Level to the OU's Company/Marketing and Company/IT while also receiving Rename Users for the Company/Marketing OU as well as the Deny Group Read Access Level for the Company/IT OU.
This will result in a member of HR to be able to read user demographics in Company/Marketing and Company/IT while being able to read the groups a user is a member of, only if the group is under the Company/Marketing OU.
They will also be able to rename users under Company/Marketing
Note
Permissions that are applied inherit fully down the OU tree unless a Deny permission is set at a lower level.
The core element of the permission system in Blazam is the \"Delegate\".
A \"Delegate\" can be any group or user.
Any \"Delegate\" added will allow that user or members of that group to log into the application.
Nested group members are counted.
"},{"location":"admin/permissions/#access-levels","title":"Access Levels","text":"Access Levels improve upon the default permission system found in Active Directory.
"},{"location":"admin/permissions/#parameters","title":"Parameters","text":""},{"location":"admin/permissions/#name","title":"Name","text":"You can name your Access Levels however you'd like.
"},{"location":"admin/permissions/#object-permissions","title":"Object Permissions","text":"Permissions are split between different Active Directory object types. You can set different permissions for groups from users, computers, or OU's within the same OU, or any combination therein.
"},{"location":"admin/permissions/#field-permissions","title":"Field Permissions","text":"Under each object type allowed, you can choose which fields will be denied, readable, or editable.
"},{"location":"admin/permissions/#group-membership-access","title":"Group Membership Access","text":"Group membership control in Blazam is tied to the group and read permissions.
"},{"location":"admin/permissions/#assignunassing-action","title":"Assign/Unassing Action","text":"The delegate user must have Assign/Unassign action permissions provided to the parent group in order to assign users or groups to it.
"},{"location":"admin/permissions/#read-usersgroups","title":"Read Users/Groups","text":"The final permission that must be assigned to delegates is read access to users or groups to be able to add as a member of the parent group
"},{"location":"admin/permissions/#mappings","title":"Mappings","text":"Mapping permissions is similar to default Active Directory permissions, but utilizing the powereful Acces Level component to ease and enhance the delegation process.
As a super admin, you will be able to impersonate the application experience of other users. This is extremely helpful when setting up permissions to verify the access you intended.
"},{"location":"admin/templates/","title":"Templates","text":"Templates are used to define the data applied at user creation. They allow you to prefill or request entry of whatever user properties you want.
"},{"location":"admin/templates/#inheritance","title":"Inheritance","text":"One very useful and powerful feature is template inheritance. Create a base template that contains the common data for all your users, like Company or your Username or Password algorithms, all child templates will inherit the values and any changes made to the base template.
Defines a parent template from which to inherit values from.
"},{"location":"admin/templates/#template-name","title":"Template Name","text":"The name for the template as will be shown to users on the create user page.
"},{"location":"admin/templates/#template-category","title":"Template Category","text":"Organize your templates into categories for easy retrieval.
"},{"location":"admin/templates/#visibility","title":"Visibility","text":"Control whether the template is visible on Create User page. Useful for base templates that should not be used directly.
Define the username and display name formats along with the new password for created users. An assortment of string variables are available to compute the value on creation.
In addition, you can pull the first X characters of a field or perform regex matches.
"},{"location":"admin/templates/#variables","title":"Variables","text":"{variable:modifier[argument]}, {variable:modifier}, {variable[argument]}, or just {variable}
Variables Expressions must be surrounded by curly braces eg: {fn}
Modifiers and Arguments are both optional
Variable Expressions can be chained together and anything outside of curly braces will be copied as is. eg: {fi}{ln}
Examples
Expression Description{fn} Returns the whole first name {fn[1]} or {fi} Returns the first initial {fn:l[2]} Returns the first two characters of the first name in lower case {ln:regex[^(.{3})(.*Jr)$]} A regex search on the last name pulling the first 3 characters and includes Jr if the last name ends in Jr"},{"location":"admin/templates/#account-options","title":"Account Options","text":""},{"location":"admin/templates/#allow-username-override","title":"Allow Username Override","text":"If enabled, users will be able to change the generated username.
Note
Super-admins are always able to override usernames
"},{"location":"admin/templates/#require-password-change","title":"Require Password Change","text":"If enabled, the associated checkbox in ADUC will be checked and users will be asked to change their password upon first domain login.
"},{"location":"admin/templates/#send-welcome-email","title":"Send Welcome Email","text":"If enabled, an email containing the username and password will be sent. If the email field is generated, static, or editable the email will go to that address. If no address is entered into the email field, the user will be asked for a destination.
"},{"location":"admin/templates/#ask-for-alternate-email","title":"Ask For Alternate Email","text":"If enabled, Blazam will always ask for a custom destination address for credential emails.
"},{"location":"admin/templates/#formula-sim","title":"Formula Sim","text":"The formula simulator allows you to more easily construct your generated variable expressions. Preview your changes on the fly while constructing your configuration.
"},{"location":"admin/templates/#fields","title":"Fields","text":"This section allows for the addition of any of the user attribute you want to define After adding a field, you can then define a value, allow the user to edit the value, or require the value on creation.
"},{"location":"admin/templates/#organizational-unit","title":"Organizational Unit","text":"Where the new user should be placed. Users must have \"Create User\" priviledges in this OU to use this template.
"},{"location":"admin/templates/#groups","title":"Groups","text":"The groups to assign the user to after creation. This can include inherited groups from parent templates.
"},{"location":"admin/settings/application/","title":"Application Settings","text":""},{"location":"admin/settings/application/#application-name","title":"Application Name","text":"Brand Blazam with your own personalized name.
"},{"location":"admin/settings/application/#homepage-message","title":"Homepage Message","text":"Messages entered here will be displayed to all user on their home page dashboard. The text has full HTML support for message customization.
"},{"location":"admin/settings/application/#force-https","title":"Force HTTPS","text":"Forces http connections to https.
"},{"location":"admin/settings/application/#user-helpdesk-url","title":"User Helpdesk URL","text":"Warning
Not currently implemented
This is your organizations tech support portal for help buttons within Blazam.
"},{"location":"admin/settings/application/#branding-icon","title":"Branding Icon","text":"Upload you organization's logo or other image to use within the app.
Note
The icons used in Blazam are sent to the browser in a method that tells the browser to cache the image for up to 24 hours. This reduces traffic between the web server and the database. Keep this in mind when changing the Branding Icon.
"},{"location":"admin/settings/application/#website-fqdn","title":"Website FQDN","text":"Note
Will be used for links within notification emails in an upcoming update
The fully qualified domain name of your Blazam instance for use in email notification links.
"},{"location":"admin/settings/application/#ssl-certificate","title":"SSL Certificate","text":"Info
Only available when running Blazam as a service. Use IIS Manager to control SSL when running under IIS.
Upload an SSL certificate with private key to use for encryption
"},{"location":"admin/settings/authentication/","title":"Authentication Settings","text":""},{"location":"admin/settings/authentication/#admin-password","title":"Admin Password","text":"Allows for changing the built-in admin account password
"},{"location":"admin/settings/authentication/#session-timeout","title":"Session Timeout","text":"The time in minutes that a web user should be authenticated for.
Note
Blazam uses a rolling expiration, which means that the session expiration time is reset on every page navigation.
"},{"location":"admin/settings/authentication/#duo-multi-factor-authentication","title":"DUO Multi-Factor Authentication","text":"Blazam currently only supports DUO Security for 2FA/MFA
"},{"location":"admin/settings/authentication/#setup","title":"Setup","text":"To enable DUO...
All web host application settings are set in the appsettings.json file in the root path of the application directory.
Note
If this is a manual installation you must create the appsettings.json file. A template is available (appsettings.example.json) that can be copied and renamed.
appsettings.json
{\n \"Logging\": {\n \"LogLevel\": {\n \"Default\": \"Information\",\n \"Microsoft.AspNetCore\": \"Information\",\n \"Microsoft.Hosting.Lifetime\": \"Information\",\n \"Microsoft.EntityFrameworkCore.Database.Command\": \"Warning\"\n }\n },\n \"EncryptionKey\": \"supersecretstring\",\n \"DebugMode\": \"false\",\n \"ListeningAddress\": \"*\",\n \"HTTPPort\": \"79\",\n \"HTTPSPort\": \"442\",\n \"AllowedHosts\": \"*\",\n \"DatabaseType\": \"SQLite\", //SQL,SQLite,or MySQL\n \"ConnectionStrings\": {\n\n \"DBConnectionString\": \"\"\n }\n\n}\nIt is recommended not to modify logging settings. They may be useful for issues that arise.
"},{"location":"install/config/#encryptionkey","title":"EncryptionKey","text":"Danger
Changing this value after installation will break decryption, thereby preventing any successful logons.
Note
For manual installations, be sure to change this value from it's default before launching the app. Make it whatever you want, as long as it's different
Backup the Encryption Key!It is highly recommended to backup the encryption key immediatly following the installation wizard for production environments.
Loss of the encryption key will result in the inabillity to log in as the application admin, and break communication with your Actvie Directory, effectivley locking you out without manual modifications to the database.
To backup the key from the app, go to the Settings page and click the System tab.
string Any string, this is the seed that generates the encryption key used by the database"},{"location":"install/config/#debugmode","title":"DebugMode","text":"Values Description true The application will provide additional debugging information to the browser (This may expose priviledged information to users, only enable for assisting development) false The application will operate in the normal mode"},{"location":"install/config/#httpport","title":"HTTPPort","text":"Info
This setting has no effect when running under IIS
Values DescriptionPortNumber If running as a service, the application will listen for HTTP connections on this port"},{"location":"install/config/#httpsport","title":"HTTPSPort","text":"Info
This setting has no effect when running under IIS
Values DescriptionPortNumber If running as a service, the application will listen for HTTPS connections on this port"},{"location":"install/config/#allowedhosts","title":"AllowedHosts","text":"Info
This setting has no effect when running under IIS
Values Description* Allows all IP addresses to communicate with Blazam subnet/mask Allows only IP's from the defined subnet to communicate with Blazam"},{"location":"install/config/#databasetype","title":"DatabaseType","text":"Values Description SQL The application will operate under SQL SQLite The application will operate under SQLite MySQL The application will operate under MySQL"},{"location":"install/config/#dbconnectionstring","title":"DBConnectionString","text":"Values Description string The connection string to connect to your database. If you need a generator try one of the following SQL, Sqlite, Mysql."},{"location":"install/firewall/","title":"Firewall","text":""},{"location":"install/firewall/#user-access","title":"User Access","text":"Blazam listens for HTTP and HTTPS connections on whatever ports you configure during installation.
Forward these ports on firewalls that should allow access.
"},{"location":"install/firewall/#system-communications","title":"System Communications","text":"If you have a firewall between Blazam and the Active Directory domain controllers forward the port configured in settings within the app.
"},{"location":"install/manual/","title":"Manual Installation","text":""},{"location":"install/manual/#pre-requisites","title":"Pre-Requisites","text":"DatabaseType.Feel free to deviate from the instructions to fit your desired deployment
Server Roles -> Web Server -> Application Developer -> Web Sockets.Server Roles -> Web Server -> Application Developer -> Application Initialization.Create new Site in IIS for Blazam
Set ApplicationPool to AlwaysRunning (Optional)
Advanced Settings. Always Running.Set IIS Site to Preload (Optional)
Manage Website -> Advanced Settings and set the Preload Enabled value to true.Continue with Configuration
C:\\Program Files\\BlazamBLAZAM.exe as a service.Blazam adheres to a strict delegation of elevated privileges. It is designed to run under an un-privileged user account.
Abstract
The developers of Blazam always keep security and privilege protection as a top priority.
All passwords are encrypted both at rest and in transit. All incoming/outgoing connections are TLS/SSL capable.
Having said that, we take no responsibillity for any damages incurred from your use of this software. You are encouraged to review the source code for yourself.
Danger
Running the web application under elevated privileges exposes your Web Server and Active Directory to unneccessary risk of framework exploits.
"},{"location":"install/security/#internet-facing","title":"Internet Facing","text":"Should you decide to publish Blazam to the internet, you should ensure that a valid SSL certificate is supplied and forcing of HTTPS is enabled either in-app or via IIS.
"},{"location":"install/security/#active-directory-user","title":"Active Directory User","text":"The application only has as much privilege as you supply it. It is possible to set up an advanced permission ACL within Active Directory for the user account provided for AD communication to limit the exposure of the application.
"},{"location":"install/security/#application-user","title":"Application User","text":"Danger
Do not run the IIS application pool or application service as an adminstrator or System account.
"},{"location":"install/security/#for-iis","title":"For IIS","text":"Use the default IIS_User account provided to the application pool.
"},{"location":"install/security/#for-service","title":"For Service","text":"Using the NetworkService account is recommended.
"},{"location":"install/security/#folder-permissions","title":"Folder Permissions","text":"For most deployments, no modifications to folder permissions are required.
The following conditions warrant changing application root directory permissions:
In addition to folder permissions, the account used for updating, whether a domain admin or custom account, must be provided permissinos to be able to manage IIS sites or services on the web host.
"},{"location":"install/security/#encryption","title":"Encryption","text":"The application encrypts sensitive database data such as passwords. Blazam uses the EncryptionString from the appSettings.json configuration file
The encryption key you provide is not the actual key used for encryption. This provides security through obscurity for peace of mind that it alone is not a key to the kingdom.
Backup the Encryption Key
It is highly recommended to backup the encryption key immediatly following the installation wizard.
Loss of the encryption key will result in the inabillity to log in as the application admin, and break communication with your Actvie Directory, effectivley locking you out without manual modifications to the database.
To backup the key from the app, go to the Settings page and click the System tab. (Coming soon)
DatabaseType.The Web installer allows installing the application under IIS, or as a stand-alone service installed under Program Files.
It always installs the latest version.
Download Web Installer
"},{"location":"update/auto/","title":"Automatic Updates","text":""},{"location":"update/auto/#self-update-setup","title":"Self-Update Setup","text":"Some manual configuration is neccessary to perform self-updates for now.
First decide the account to use. There are two approved options.
Finally, apply write permissions to the application installation directory for the chosen account.
"},{"location":"update/auto/#how","title":"How?","text":"To configure automatic updates, go to Configure -> Settings -> Update and enable auto updates.
You can then choose a time of day to perform the update. The default value is 2:00 AM local server time. Choose a time with minimal user activity to avoid disruptions.
When an update is released, Blazam will schedule a self update at the configured time.
"},{"location":"update/manual/","title":"Manual Update","text":"Info
Blazam can update itself, but some configuration is required. Check the self-update page for more info.
Manual updating is very easy with Blazam
All database updates are applied automatically when the application starts.
"},{"location":"update/self/","title":"Self-Update","text":"Blazam can update itself regardless of how it is installed.
"},{"location":"update/self/#self-update-setup","title":"Self-Update Setup","text":"Some manual configuration is necessary to perform self-updates for now.
First decide the account to use. There are two approved options.
Finally, apply write permissions to the application installation directory for the chosen account.
"},{"location":"update/self/#how","title":"How?","text":"To update go to Configure -> Settings -> Update, if an update is available, an update button and release notes will be available.
During a self update Blazam backs up the current installation to C:\\Windows\\temp\\Blazam\\backup\\ or wherever the running user's temporary folder is configured.
Blazam is a compatible PWA (Progressive Web Application). For easy access you can opt to \"install\" the webapp to your local device (desktop/laptop/mobile).
"},{"location":"user/#dashboard-widgets","title":"Dashboard Widgets","text":"The home page allows you to set up and organize an assortment of dashboard widgets.
You must be provided relevant read permissions somewhere in the directory to be able to add each widget.
The full set of widgets are: - New Users - New Groups - New Computers - New OU's - New Printers - Changed AD Entries - Changed Passwords - Locked Out Users - Favorites - Application Logons (Super-admins only)
"}]} \ No newline at end of file diff --git a/docs/sitemap.xml.gz b/docs/sitemap.xml.gz index 2c7bc6d..dd8fa1e 100644 Binary files a/docs/sitemap.xml.gz and b/docs/sitemap.xml.gz differ diff --git a/docsource/install/security.md b/docsource/install/security.md index d31becf..c8f7bdd 100644 --- a/docsource/install/security.md +++ b/docsource/install/security.md @@ -42,6 +42,10 @@ The following conditions warrant changing application root directory permissions * You want to configure a separate account to run self-updates under, if that account is not a local administrator. +### Application Permissions +In addition to folder permissions, the account used for updating, whether a domain admin or custom account, +must be provided permissinos to be able to manage IIS sites or services on the web host. + ## Encryption The application encrypts sensitive database data such as passwords. Blazam uses the `EncryptionString` from the