AstroCyte.ai

1. Introduction
2. About Data Gateway
3. Key Features
4. Glossary
5. System Requirements
6. Application Access
- 6.1 Authentication Process
- 6.2 Application Swagger UI
7. Roles
8. Dashboard Reports (Statistics)
9. Cloud Configurations
- 9.1 GCS Cloud Configurations
- 9.2 Amazon Web Services (AWS) Configuration
  - 9.2.1 IAM User Creation
  - 9.2.2 Steps to Configure AWS
- 9.3 Microsoft Azure Configuration
  - 9.3.1 Storage Account Creation
  - 9.3.2 Steps to Configure Azure
- 9.4 IBM Cloud Configuration
  - 9.4.1 Service Credential Creation
  - 9.4.2 Steps to Configure IBM Cloud
10. Access Management
- 10.1 Accessing the Access Management Module
- 10.2 Create User
- 10.3 Manage User
- 10.4 Create Group
- 10.5 Manage Group
11. Endpoint Management Module
- 11.1 Create Endpoint
- 11.2 Manage Endpoint
- 11.3 Protocols
- 11.4 GUID
12. File Management Module
- 12.1 Search
- 12.2 Error codes and Debug steps
- 12.3 Upload
- 12.4 Download
- 12.5 File Replay
13. Settings
- 13.1 Scheduler Configuration
- 13.2 PGP Manager
- 13.3 Application Configuration
  - 13.3.1 Log Level Configuration
  - 13.3.2 File Transfer Chunk Size Configuration
- 13.4 Queue Management
- 13.4.1 Queue Management – Field Descriptions
- 13.4.2 Operational Summary
- 13.4.3 Key Benefits
- 13.5 Priority Handling
- 13.5.1 Priority Handling – Field Descriptions
- 13.5.2 Operational Summary
- 13.5.3 Key Benefits
- 13.6 Adapter Configuration
- 13.6.1 Adapter Configurations – Field Descriptions
- 13.6.2 Operational Behavior Example
- 13.6.3 Key Benefits
- 13.7 License Module
- 13.7.1 License Management – Field Descriptions
- 13.7.2 Operational Workflow
- 13.7.3 Key Benefits
14. Data Gateway Components
- 14.1 Data Gateway API
- 14.2 Data Gateway Server
- 14.3 Data Gateway Proxy
- 14.4 Data Gateway UI
15. Connectivity and Authentication
- 15.1 Scenario: File Transfer through File Client, where Partner Connects to Your Server
- 15.2 Scenario: File Transfer through File Client, where You connect to Partner’s Remote Server
- 15.3 Push-Push Scenario
- 15.4 Scenario: File Transfer through AS2, push to partner and push to gateway
- 15.5 IP Allowlist & Rate Limiting
- 15.5.1 IP allowlisting
- 15.5.2 Rate Limiting
16. SAML Authentication and Authorization with Okta
- 16.1 What is SAML?
- 16.2 What is SAML Used For?
- 16.3 How SAML Works
- 16.4 Configuring SAML Authentication and Authorization in Okta
- 16.4.1 Prerequisites
- 16.4.2 Steps to Configure SAML in Okta
- 16.4.3 Download Identity Provider Metadata
- 16.4.4 Application Configuration (application.yml)
- 16.5 User Management for IDP Users
- 16.6 Common Troubleshooting Issues
17. Alert Management
- 17.1 File Not Received (FNR) Alert
- 17.2 File Not Received (FNR) Alert Timing Options
- 17.2.1 FNR Current Day Minutes
- 17.2.2 FNR Current Day Hours Scenario
- 17.2.3 FNR Daily Days Scenario
- 17.2.4 FNR Daily Weekdays Scenario
- 17.2.5 FNR Weekly Between Scenario
- 17.2.6 FNR Weekly Day of Week Scenario
- 17.2.7 FNR Monthly Specific Day Scenario
- 17.2.8 FNR Monthly On Scenario
- 17.2.9 FNR Monthly Interval Check Scenario
- 17.2.10 FNR Quarterly Scenario
- 17.2.11 FNR Yearly Every Scenario
- 17.2.12 FNR Yearly On The Scenario
- 17.3 File Load Alert (FLA Alert)
- 17.4 Manage Alerts
18. Cloud-Cloud File Transfer
- 18.1 Scenario: GCS-AWS_S3 Transfer
19. OAuth 2.0 Authentication
- 19.1 What is OAuth 2.0?
- 19.2 What is OAuth 2.0 Used For?
- 19.3 How OAuth 2.0 Works
- 19.4 Configuring OAuth 2.0 Authentication in Okta
- 19.4.1 Prerequisites
- 19.4.2 Steps to Configure OAuth 2.0 in Okta
- 19.5 Application Configuration (application.yml)
20. ICAP Integration
- 20.1 Configuration
- 20.2 Virus Scan Status Handling
- 20.3 Supported Upload Methods
- 20.4 Logging
21. Data Gateway APIs

10. Access Management

The Access Management module in Data Gateway is a powerful tool available to Super Admins and Admins, providing them with the necessary authority to manage users effectively. This module facilitates the creation, updating, and deletion of user accounts, along with the ability to modify the active or inactive status of users. Additionally, admins can assign trading partner buckets as needed, directly loaded from the Google Cloud Storage (GCS) console.

The features of the Access Management varies based on the deployed profiles. The below sections are applicable if the application is deployed on local authentication without SAML. In case of SAML based deployment, please refer here for details around the Access Management.

10.1 Accessing the Access Management Module

To access the Access Management Module, follow the steps illustrated below:

10.2 Create User

1. Select the Access Management Menu and click on Create User to create a new user.

2. Users can be created with role-based access, ensuring tailored and secure user management experience. 3. Please refer to 7. Roles for more information about each of the Roles. 4. In case of limited access roles, you will have the option to assign specific endpoints/directories to the user.

5. Once you select the Storage Type and the Service Account Name, you will be able to see the available Endpoints and you can pick and put them under the Directories for Upload and Download as per your business requirements.

6. For File Operator

You can view the assigned directories for both upload and download operations. Push-Pull:

Upload: Allow only drop directories.
Download: Allow only pickup directories.

Pull-Push:

Upload / Download: Do not allow any pull-push endpoints.

Push-Push:

Upload / Download: Do not allow push-to-partner directories.
Upload: Allow only push-to-gateway directories.

Cloud–Cloud:

Do not allow directories to be assigned for upload or download.

AS2:

Do not allow directories to be assigned for upload or download.

Search: In Upload Search, the file operator should be able to view all transfers, regardless of the endpoints assigned for upload or download. 7. For File Manager Endpoint Assignment:

The File Manager can assign any endpoints.

Push-Pull:

Upload: You can view only drop directories.
Download: You can view only pickup directories.

Pull-Push:

Upload / Download: Pull-push endpoints are not visible.

Push-Push:

Upload / Download: Push-to-partner directories are not visible.
Upload: You can view only push-to-gateway directories.

Cloud–Cloud:

You can view cloud–cloud directories in upload and download.

AS2:

You can view AS2 directories in upload and download.

Search:

The File Manager can view only the transfers related to the assigned endpoints in the search.

8. Ensure to provide valid email addresses, as the initial password and activation process happens through email. 9. After user creation, an email for setting the password is automatically sent to the user.

10. Upon clicking the link, the user is directed to the User Interface, where password can be set.

11. Password Security Measures: a. Users are recommended to change their password in the ‘Change Password’ module, conveniently located on the right side of the user profile. b. Clicking on the username reveals the ‘Change Password’ module, allowing users to update their password. c. After updating the password, it is essential to log out of the application and log back in using the newly updated credentials for enhanced security.

10.3 Manage User

1. In the ‘Manage User’ screen, users with Super Admin and Admin privileges gain the ability to: a. Activate/deactivate user accounts based on operational needs.

b. Edit and Update user accounts with modified information.

c. Delete user accounts that are no longer required.

2. Access to the ‘Manage User’ screen is enabled to Super Admins and Admins only, ensuring secure and controlled user management capabilities.

10.4 Create Group:

1. Groups can be created from User Management -> Create Group. 2. It can be created based on the Cloud Service Account Name of the Cloud Provider by assigning the group of partners to the Group. a. You can pick and place the required Partners from the Available to Assigned pane. 3. The Groups can also be assigned to User with File Manager Role, where the user can deal with the partners of the specified group.

10.5 Manage Group:

1. Groups can be managed through User Management -> Manage Group. 2. Users with Super Admin and Admin privileges gain the ability to: Update Groups with modified information. Delete Groups that are no longer required.