Sign In

If your organization has not enabled Single Sign On (SSO), you need a login username and password to log in to Manage. Ask your installer for your username and password and the Manage server IP address.  Manage runs in a web browser, such as Internet Explorer or Chrome. For example, if the address is 10.3.3.213, use https://10.3.3.213, or if the hostname is em_gates.bigstateu.edu, use https://em_gates.bigstateu.edu.

Since the URL uses the HTTPS protocol, your browser will warn you about security risk or that there is a problem with the server's certificate if the appropriate SSL certifications have not been attached to the server based on the server's assigned IP or hostname. Click through these warnings, or contact Enlighted support to start the process of generating and attaching the required SSL certifications.

Log in using your username, which is your email address, and password.

sign_in.png

Once signed in, you can sign out at any time by clicking Logout in the upper right-hand corner of the window.

log_out.png

To change your password, refer to the article Change Password.

Recommended articles:

 

Change Password

In order to change your password, you need to be signed in. Navigate to the Administration > Authentication Management drop-down menu. Enter your old and new password followed by confirm the password and click the Submit button.

For a secure password, follow these guidelines:

  • Passwords must have at least eight characters.
  • Passwords must use at least one from each of the following four available character types: lowercase letters, uppercase letters, numbers, and special characters.
  • Must not match your previous five passwords.

Change_pwd.png

A confirmation message is displayed after the password is updated.

Pwd_confirm.png

To generate or change your API key, see Generating the API Key.

Recommended articles:

Force Password Change

Force Password Change

Administrators and Facility admins can force users to change passwords every six months. Navigate to Administration > System Management. Select the Settings tab and scroll down to Security Settings. Select the Require users to change the password every six months checkbox and click Apply.

Chg_Pwd_6Months_Flag.png

TIP: A best practice is to sign in as user admin for setting up the system. Then after setup has been completed, each user should have a unique identity so that system usage can be traced back to a specific user.

 

Generate API Key

Users must be authenticated to send or receive API requests to and from Manage. The API calls include a timestamp of when the call was made to avoid replay attacks. For authentication, the user must send the following headers along with the REST API.

  • API key -- Unique identifier for the user (this is the user name, for example, Bob and the generated API key copied from the Manage system)
  • Timestamp -- Time, date, and day of the API call
  • Authorization -- SHA-1 authorization key (Calculated using the API key and timestamp).

Generate API Key 

To generate an API key for a user, navigate to Administration-> Authentication Management.

If the user has previously generated an API key, the last five characters of the key are shown in the API Key box to help the user identify the key in their ‘keyring’. If you need to generate a new API key, select the Generate new API Key checkbox to generate the API key. Click the Submit button.

You can leave the Change Password section fields blank. If you need to change your password, refer to the Change Password article.

Gen_APIKey.png

API_Key.png

Copy and save the new Enlighted API key that is displayed in a secure location as the key is not retrievable after the dialog window closes. Any previously associated key will be invalidated. 

Refer to the article User Authentication for APIs to authenticate the user with the API key.

Recommended articles:

Add Users and User Roles

This article explains the roles and facility access permissions assigned to users within Manage and the creation and management of user accounts.  As an Administrator or Facility admin, you can add new users, edit and delete users. Before you start adding new users, read the article describing the User Role Permissions.

User Roles:

Each user is assigned a role and status. There are four roles that each user can have, each with unique permissions. Each role determines the actions that the user can perform and the information they have access to.

  1. Administrator – This user performs and sets up the initial configuration, adds users, devices, configures profiles, and performs advanced functionality such as backups, firmware upgrades, and administration of all other users and facilities. 
  2. Facilities Admin – This user can perform functions relevant to the authorized facilities except for configuring LDAP Settings, Image Upgrade, Backup and Restore, and Upgrade.
  3. Auditor – This user can view energy consumption details and display reports for authorized facilities and oversee the organization's operations and reports for further analysis. 
  4. Employee – This user can view energy consumption and floor plan facilities screens for authorized facilities, control switches and manage fixture profile instances in the same profile template. 

Status:

Each user is assigned a status:

  1. Active – Active users are those who sign in regularly to the system.
  2. Inactive – Users can be changed to inactive users by the administrator or facility admin when they have not logged in to the system for more than 90 days.

To start managing user permissions, select Administration > User Management to manage users.

Users_Add.png

Add a User

Click New User to add users to the organization. Use unique usernames to identify users and allow access. If your administrator has set up Single Sign-on (SSO) authentication for your organization, check the SSO User checkbox. When SSO is enabled for your organization, the username must be an email address to validate the user on the authentication site. Users will be allowed to log in once, and access Enlighted Manage in the Cloud (EMC).

The procedure to configure the SSO server is described in Single Single-on (SSO) authentication.

SSO_Enabled.png

After you enter the values and click the Save button, the user is added to the system, and the user details show up in the User Management window. Click on the Edit button to change the value of any field. Note that the username must be unique in the system.

Edit_User.png

Facility Access

In addition to the user role, each user is also assigned to a facility to which the user has access.  Administrators have access to all facilities in the Assign Facility to User window.

If a user logs in successfully via SSO without an admin creating an account for that user first, the system automatically creates a new user with the 'employee' role without any facility access. The administrator must then assign the user the desired role and grant them privileges to the desired facilities. Refer to the article Assign Facility to a User for assigning facility access permissions. 

 

Assign Facility to a User

When a user is added, an Admin or Facility Admin can grant them access to one or more facilities to sign in to the system. The new users will be able to create other users, modify profiles, generate reports, issue API calls for the assigned building. In this way, they can work and take actions relevant to their building or facility.

Use the Assign Facility button to grant the user access to a facility.  

Users_Add.png

In the Assign facility, check the facility access level (green checkmark) to assign to the user and click Save.

Assign_Facility.png

Note that all facilities are shown in the Assign Facility to User when logged in as an Administrator. When a Facility Admin is logged in, only the facilities assigned to that Facility Admin are shown. The Facility Admins can create new users and assign access to the facility relevant to them. 

For example, user Andy Helper is a Facility Admin with access to the Main building in Acme Headquarters. Andy can create other users, modify profiles, issue API calls, and generate reports only for the Main building assigned to him.

Recommended articles:

 

User Role Permissions

Manage users are assigned both a role and access to the facility tree. A user's role defines the user's permissions or types of actions the user can take, and the user's facility tree assignment defines the resources on which the user can act. Based on the facility tree assignment for a given user, they will either have full, partial, or no access to resources (campuses, buildings, floors, areas) within an organization. When an admin creates a user, they assign both users the role and facility access; these can be edited at any time by an admin.

You can view the facility tree when assigning a user to a facility. The facility tree displays the organization along with campuses, buildings, floors, and areas. An area is a grouping of devices such as sensors, gateways, switches, plug load Controllers, on a floor. 

The green icon before each name indicates the level of user access. 

  • Green checkmark  — full access.
  • Solid green — partial access and
  • Gray box — no access.

Assign_Org.png

Full Access:

Users with full access to a resource must have all full access to all children of that resource within the context of the user's role. For example, a user with full access to a building must have full access to all the floors and areas within that building.

Floors:

  • A user cannot have partial access to a floor if the floor does not have any areas. In this case, a user can only have either full or no access to the floor. For example, the second floor does not have any areas. Therefore, the user has full access to the second floor.

Devices:

  • Devices (sensors, gateways, PLCs) are associated with areas and floors. A user will have full access to the devices on the floor or in an area only if the user has full access to that area or floor. A user cannot have partial access to a device.

Groups:

  • Motion, switch, and daylight groups are associated with a floor. A user has full access to a switch group only if the user has full access to the switch groups' parent floor.  A user cannot have partial access to a switch group.

Full_Partial_Access.png

Partial Access:

Users with full access to a subset of buildings, but not all buildings, have partial access to the organization. For example, if a user has full access to one of the three areas on a floor, then the user has partial access to the area's parent floor, building, campus, and organization.

When a floor does not have any areas, the user can only have full or no access to the floor. Groups such as switch, motion, daylight are children of floors. A  user has full access to a switch group only if the user has full access to the switch groups' parent (the floor).  A user cannot have partial access to switch groups.

User Roles

There are four roles that each user can have; each represents a unique collection of permissions. Each role determines the actions that the user can perform and the information to which they have access. The application user experience is, in some cases, different based on the user's role. For example, the Reports tab is not displayed in the Main menu for users with the employee role. Learn more about adding and assigning roles to users.

  1. Administrator – This user performs and sets up the initial configuration, adds users, devices, configures profiles, and performs advanced functionality such as backups, firmware upgrades, and administration of all other users and facilities. 
  2. Facilities Admin – This user can perform functions relevant to the authorized facilities except for configuring LDAP Settings, system upgrade, system backup and restore, and firmware upgrade.
  3. Auditor – This user can view energy consumption details and display reports for authorized facilities, and oversee the organization's operations and reports for further analysis. 
  4. Employee – This user can view energy consumption and floor plan facilities screens for authorized facilities, control switches and manage fixture profile instances in the same profile template. 

The table below outlines the five roles and what they can do. A check indicates that the individual permission is included. 

Permissions Admin Facilities Admin Auditor Employee
User Management
Add Users *
Edit or delete Users *
Device Management (Sensors, Gateways, PLCs, Switches)
Add, Discover, Commission Devices    
Light Profiles - Control Light level for task-based functions
View Profiles
Edit
Create, Delete Profiles    
Switch/Motion/Daylight Groups
Create Groups    
Edit, Delete Groups    
Daylight Harvesting
Dim lighting when daylight is available  
Energy Consumption
View energy savings
Reports
View Reports  
Edit, Delete Report    
BACnet
Manage BACnet configuration    
APIs
Issue API calls including Occupancy  
Administrative Functions
Image Upgrade    
Backup and Restore      
Schedule Demand Response, Holiday Overrides    



User Role Permissions for APIs

This article provides guidance on API access by API endpoint and Manage role-based permissions. Access affects both the objects that can be requested as well as the objects that are returned when making API requests. The API permissions follow the below guidelines:

  1. Users cannot get or post to object properties for objects to which the user has no access.

  2. Users can only get metadata and aggregate energy consumption data for objects to which the user has full or partial access. For a description of full or partial access, refer to User Role Permissions.

    1. Name

    2. Object ID

    3. Description, etc.

  3. Users can only post object properties for objects to which the user has full access.

  4. Users can get all object property data only for objects to which they have full access.

    1. Sensor Details

    2. Occupancy state

    3. Device location

    4. Energy (non-aggregate)

    5. Applied profile

    6. Scenes

    7. etc.

403 Access Denied Message:

Access Denied! The user doesn't have the required permissions to access this 'object'

The warning message is displayed if the user doesn't have access based on role or access to the referenced object.

The object is defined by the structure of the API and the ID entered in either the API URI or the body of the request, if applicable. For example, if a user sent a campus_Id to which the user had no access in the 'GET All Buildings' API request, the user would receive a '403 Error' as the response. This is because the user does not have the required permissions to access this campus.

If the user has the option of making a request against two or more object types (e.g. floor or organization), the 403 Error message will use the object type of the object passed in the request (e.g., The 'GET All Scenes' API allows a user to pass either an organization_Id or floor_Id in the request. The error message will use either 'organization' or 'floor' based on which object_Id type is used by the user).

Energy and Environment APIs

For a description of full or partial access, refer to User Role Permissions.

Object_IDs allowed for a given API reflects the access to that resources required by a user in order to avoid a 403 error or for data to be returned. For example, a user can make a request to 'Get All Areas' for a floor to which they only have partial access (access to some, but not all areas on a floor), and the API response will only contain areas to which the user has been granted full access.

API Name                                          

Admin Auditor Employee Facilities Admin BACnet Object_ID Allowed (Request/Response)
Org campus Bldg Floor Area Sensor Plug load Switch group
Get Organization Details Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial/Partial              
Get Energy Manager Aggregate Energy Consumption Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial/Partial                
Get BACnet Health Yes_Access.gif     Yes_Access.gif   Full/Full              
Get All Campuses Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial  Partial            
Get All Buildings Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif   Partial Partial          
Get All Floors Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial     Partial        
Get Floor Plan Image Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial/Partial        
Get all Areas Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial  Full      
Get Area Energy Consumption Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full/Full      
GET Area Outage Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full/Full      
Get Gateway Details by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial/Partial        
Get Sensor Details Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif           Full/Full    
Get Sensor Details by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial   Full    
GET Fixture Dim Level by Floor
Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial   Full    
Get Sensor Location by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial    Full    
Get All Fixtures by Area Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif           Full  Full    
Get Sensor Profiles Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif           Full/Full    
Get Sensor Energy Consumption Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif           Full/Full    
Get Sensor Energy Consumption by Area Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full/Full      
Get Plugload Details Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif             Full/Full  
Get All Plugloads by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial      Full  
Get All Plugloads by Area Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full    Full  
Get Plugload Energy Consumption Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif             Full/Full  
Get Plugload Energy Consumption by Area Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full    Full  
Get Switch Groups Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial     Full        Full
Get Switch Scenes Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Full       Full/Full
Get Scene Light Levels for a Switch Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif               Full/Full
Get Sensor Energy Data by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial    Full    
Get Aggregate Sensor Energy Data by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial/Partial        
List Demand Response Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Partial/Partial              
Get all BLE Fixtures by Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Partial/Partial        
Set Emergency Yes_Access.gif       Yes_Access.gif Full              
Set Area Emergency Yes_Access.gif     Yes_Access.gif Yes_Access.gif         Full      
Assign Profile Yes_Access.gif     Yes_Access.gif             Full    
Set Plugload Status Yes_Access.gif   Yes_Access.gif Yes_Access.gif Yes_Access.gif             Full  
Apply Scene Yes_Access.gif   Yes_Access.gif Yes_Access.gif Yes_Access.gif               Full
Manual Override for Switch Group Yes_Access.gif   Yes_Access.gif Yes_Access.gif Yes_Access.gif       Full       Full
Auto Mode for a Fixture Yes_Access.gif     Yes_Access.gif             Full    
Set BLE Mode of Sensor Yes_Access.gif                   Full    
Manual Override for a Fixture Yes_Access.gif   Yes_Access.gif Yes_Access.gif Yes_Access.gif           Full    
Schedule Demand Response (DR) for Selected Facilities Yes_Access.gif     Yes_Access.gif Yes_Access.gif       Full        
Update Demand Response for Selected Facilities Yes_Access.gif     Yes_Access.gif Yes_Access.gif       Full        
Cancel Demand Response Yes_Access.gif       Yes_Access.gif Full              
Schedule Demand Response (DR) for all Facilities Yes_Access.gif       Yes_Access.gif  Full              
Update Demand Response for all Facilities Yes_Access.gif       Yes_Access.gif   Full              

Occupancy API

API Name                                          

Admin Auditor Employee Facilities Admin BACnet Org                Campus         Bldg     Floor               Area Sensor Plug load Switch Group
Get Area Occupancy Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Full/Full      
Get Area Occupancy for a Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif       Partial Full      
Get Real-time Desk Occupancy for a Floor Yes_Access.gif Yes_Access.gif Yes_Access.gif Yes_Access.gif         Partial   Full    

DALI Emergency Lighting API

API Name                                          

Admin Auditor Employee Facilities Admin BACnet Org                Campus         Bldg     Floor               Area Sensor Plug load Switch Group

Start the Functional or Duration Test for a Fixture

Driver Status to Normal (Stop Test)

Yes_Access.gif     Yes_Access.gif Yes_Access.gif           Full/Full    
Update Test Parameters for a Fixture Yes_Access.gif     Yes_Access.gif Yes_Access.gif           Full/Full    
Get the List of Emergency Fixtures by Floor Yes_Access.gif     Yes_Access.gif Yes_Access.gif           Full/Full    
Get Fixture Status by Fixture Yes_Access.gif     Yes_Access.gif Yes_Access.gif           Full/Full    
Get Driver Test Parameters by Fixture Yes_Access.gif     Yes_Access.gif Yes_Access.gif           Full/Full