Authentication
Authentication is required to access system settings and manage HMI device service configuration.
The 'admin' user is a preconfigured account with full administrative privileges on the HMI device. Upon initial login or after a system reset, you will be prompted to set a new password.
The first time the HMI device is turned on it is necessary to enter with the user "admin" and password "admin" to proceed with the definition of the passwords.
Password for admin user can modified even from the context menu of theJMobile HMI Runtime (see "Context menu options" for details) and from the update package (see "Update package"for details).
Password policy
It is possible to define a custom policy for the required password format.
By default, passwords must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number, and one special character.
Users and Roles
The 'admin' user can create additional users and define their roles, assigning specific access permissions.
It is possible to create a maximum of 50 users and 30 roles.
Upon clicking the "EDIT" button, it becomes possible to add or remove roles and accounts.
Clicking 'Reset Roles' will delete all existing roles. Please ensure that no roles are currently assigned to any users.
Clicking 'Reset Accounts' will delete all existing accounts.
Roles
Click the "EDIT" button to add or remove a role, or click the role (">") to open the role definition.
For each feature, it is possible to define whether it is enabled and if it will be modifiable or read-only (disabled features will not be visible).
Users
Click the "EDIT" button to manage users.
| Parameter | Description |
|---|---|
| Enabled | Button to keep user account enabled or disabled. |
| Role | Specify the user's permissions level. |
| New Password | Set a temporary password that the user will be forced to change on their first login. |
| Password validity | Duration in days for which the password remains valid, after which the user is required to change it. |
In order to make changes to a user's settings, you will need to input the specific values you wish to alter and then click on the "Update" button. A pop-up window will appear, requesting that you verify your identity by entering your password.
Session
The following parameters are useful for strengthening the defense against potential cyber threats, such as brute-force attacks aimed at guessing account passwords.
| Parameter | Description |
|---|---|
| Inactivity Timeout (minutes) | Amount of time a user can be inactive before the session expires and closes. |
| Session Timeout (minutes) | Maximum allowed duration for a work session, after which the user will be prompted to re-authenticate. |
| Max user login attempts | The maximum number of failed login attempts from a single user within a one-minute, one-hour, or one-day window. Upon exceeding this limit, the user will be locked out.. |
| Max host login attempts | The maximum number of failed login attempts from multiple users within a one-minute, one-hour, or one-day window. Upon exceeding this limit, the user will be locked out. |
A blocked account will be unlocked:
- Upon expiration of the time limit
- Upon device reset
x.509 Certificate
HMI Device use a self-certificate to encrypt the Internet communication trough the HTTPS protocol. You can personalize the certificate with the data of your Company and ask to a Certificate Authority to firm it.
The procedure to personalize and firm your certificate is:
- Enter in edit mode and fill the necessary parameters, then push GENERATE button to generate a self-signed certificate with your data.
- Export the “Certificate Signed Request”
- Sent the “Certificate Signed Request” to a Certificate Authority to firm it (general this is a paid service)
- Import the signed certificate into the HMI device
Certificate's parameters
| Parameter | Description |
|---|---|
| Device Name | The name of your device |
| Organization | The legal name of your organization |
| Unit | The division of your organization handling the certificate |
| State | The state/region where your organization is located |
| Location | The city where your organization is located |
| Country | The two-letter ISO code for the country where your organization is location |
| Valid (days) | Validity of the certificate |
| Key Length | Number of bits of the key used from the cryptographic algorithm |
Managed certificates are base64 encoding.
Forgot password
In the event that all administrators have forgotten their passwords, access to the device configuration will be irrevocably lost. To restore functionality, a factory reset must be performed. This process will result in the complete erasure of the device's memory, including any prior project downloads. Upon completion of the factory reset, the administrator password will be automatically reset to its original default value of "admin".
TAP TAP option
The procedure is available only if it has not been explicitly disabled through the "Enable device restore via TAP TAP option" available in the device system settings (Ref.: "System Settings")
Steps to reset the admin password:
- Power off the HMI device.
- Power on the HMI device and when the logo appears start to "tap tap" the touch panel (Ref.: "System Settings access via TAP TAP procedure ")."System Settings access via TAP TAP procedure "
- When "TAP TAP" is detected select "System Settings" on the first menu, "Default mode" on the second menu, and finally "Device restore" on the third menu.
USB option
The procedure is available only if it has not been explicitly disabled through the "Enable device restore via USB option" available in the device system settings (Ref.: "System Settings")
Steps to reset the admin password:
-
Placing a file named “device-factory-restore“ into a USB stick and plugging it into the device.
-
The device restore process starts automatically. The buzzer is played once at the beginning and 3 times at the end if the operation is successful.
-
The “device-factory-restore“ is deleted from the USB stick and the device rebooted.