Versions Compared

Old Version 10

changes.mady.by.user Dean Levinson

Saved on

compared with

New Version 11

changes.mady.by.user William Crane

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This chapter outlines how to manage users, including setting up default values and registration processes, manually creating users and updating their details, including regular users and guests.

This chapter also outlines how to modify authentication settings to use an external authentication source such as Active Directory.

...

Vivi provides its own internal authentication source, and also supports a number of different authentication types:

  • Active Directory
  • LDAP
  • SAML
  • Azure and Office 365
  • Google G Suite

Please note:

  • This is a complicated section of the overall setup. It is strongly recommended that it is handled by someone who has a solid understanding of the authentication service that is to be used.
  • Enabling a different authentication type will disable Vivi standard authentication.
  • If a group is provided for "IT Administrators" from a separate authentication source, all existing IT Administrator accounts will lose admin access, since the Vivi standard authentication IT Admin role settings will no longer be relevant.

The authentication type can be set in the Organisation settings. To view or edit the current setting:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.

...

By default, Vivi standard authentication is used. With this, users are created within Vivi and can be managed within the Users section of Vivi Central.

Users can download the Vivi App and sign up for an account directly through it. This method is common for smaller installations and evaluations as it requires minimal setup.

To prevent sign-ups with fake email accounts, you can enable email confirmation; the user will need to log in to their email and confirm their signup. This is only used for Vivi standard authentication.

To view or edit the current setting:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.
  • To change the settings, click "Edit".
  • Select "Vivi" as the Authentication Type.
  • You can also "Enable Email Confirmation" on this window.
  • Click on "Save Changes" to confirm the changes.

Image Removed
Vivi standard authentication settings

...

To prevent unauthorised sign-ups, registration of new users can be limited to only the domain names that belong to your organisation. Only users with an email address that matches your authorised emails can sign up for a Vivi account in your organisation. This setting is appropriate if all user email addresses belong to the same handful of domains.

To modify the allowed email domain setting:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Domains" link.
  • Click "Edit".
  • Add/update as many domain names as needed. The email domain must be correctly formatted, for example "vivihigh.edu.au". To add an email domain, click on the plus symbol and enter the new domain name. When a top-level domain is added, users can also register using any of the sub-domains.
  • Click on the minus sign to remove any domain names that are no longer required.
  • Click "Update" to save the changes.

Image Removed
Allowed email domain names setting

Presenter Code

When signing up, Presenters are required to add a secret code in order to gain access to be a Presenter. Presenters are given full access to all of the functionality in the Vivi App.

A presenter code is only required with standard Vivi authentication.

If your organisation uses Active Directory or another authentication source, the Presenter role is only available to members of the appropriate group.

To set a Presenter code:

  • Select the "Organisation" link in Vivi Central. This will take you to the "Details" screen.
  • Click "Edit".
  • Enter the code in the "Presenter Code" box. The code can include letters, numbers, spaces and symbols.
  • Click on "Save Changes".

Image Removed
Presenter code setting

...

LDAP authentication can be used to connect to Active Directory and other LDAP-compliant directory services.

Most Vivi installations use Active Directory. This creates efficiencies for both administrators and users. The User can log in to Vivi using their existing credentials (username and password). Administrators do not need to maintain a separate user management system for Vivi.

When the user logs in they will inherit the appropriate roles depending upon the groups they are assigned to in your organisation's AD.

Please note: Enabling LDAP authentication will disable Vivi standard authentication.

Preparation steps

Vivi Administrator

A Vivi Administrator user will need to be created in the LDAP directory. The Vivi Administrator will need permission to search users and access basic user attributes, including group membership.

The full distinguished name of the Vivi Administrator is required, for example "cn=ViviAdmin,ou=Users,dc=example,dc=com".

IP Address Whitelisting

The Vivi administration server needs to be able to access the LDAP directory server.

The IP addresses of our administration server is 13.55.174.24 and 13.55.155.119 - you need to whitelist these so we can access your server.

Depending on the setup of your environment, this could require both a network firewall change, as well as the IP addresses being granted access (within the Directory server itself) to connect.

Groups to support Vivi roles

The following groups will need to be created within the LDAP Directory:

  • Presenter Group – users who are allowed to have the Presenter role.
  • Student Group – users who are allowed to access Vivi. If left un-set, everyone in the LDAP Directory will gain access. Please consider whether access to all users is suitable or not for your organisation before leaving this setting un-set.
  • Emergency Authorised Group – users who are allowed to trigger emergencies. This can be set manually within Vivi Central if a group is not provided.
  • IT Admin group – users who can have admin access to Vivi Central. This can be set manually within Vivi Central if a group is not provided. If the group is set, existing IT Admins will lose their admin access since the Vivi Central role will no longer be relevant.
  • E-Learning Admin group – users who can access metrics in Vivi Central. This can be set manually within Vivi Central if a group is not provided.

If any of these categories are covered by existing groups, the existing groups can be used. It is also possible to include more than one group for each of the above settings. This allows members of any of the listed groups to gain access to the relevant role.

The full distinguished name of each group is required, for example: "cn=ViviPresenters,ou=Users,dc=example,dc=com".

Please note: Nested groups are supported for the Presenter and Student groups.

Server settings

The following server settings are required.

...

Setting

...

Description

...

LDAP Hostname

...

The IP address or Hostname for the LDAP Directory server.

...

LDAP Port

...

This is usually 389 for LDAP, or 636 for secure LDAP. Secure LDAP is recommended.

...

LDAP Security

...

The connection security type to use. This can be:

  • "None" where all transactions will occur via plain text. This is not recommended.
  • "LDAPS" where LDAP is tunnelled through TLS.
  • "StartTLS" where TLS is used within LDAP.

...

LDAP Tree Base

...

This is the base distinguished name for the LDAP Directory hierarchy, for example "dc=example,dc=com".

About distinguished names

Please note, the distinguished names (DN) shown above are illustrative only. Yours will be different. The best way in Active Directory to find the actual DN you need is to:

  • Find the object in Active Directory
  • Right click on the object and select "Properties"
  • Navigate to the Attribute Editor and look for "distinguishedName" in the attributes
  • Copy and paste the value.

Enabling LDAP authentication

To enable LDAP or Secure LDAP authentication:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.
  • Click "Edit".
  • Select "LDAP" as the Authentication Type.
  • Enter the server connection settings: LDAP hostname, LDAP port, type of connection, LDAP Tree Base domain name.
  • Enter the Vivi admin details: LDAP Admin DN, LDAP Admin Password
  • Enter the Vivi groups: LDAP Presenter Group, LDAP Student Group, LDAP Emergency Authorised Group, LDAP IT Admin, LDAP E-Learning Group. To enter multiple groups for any of these, use the | (pipe) character to separate the groups.
  • Click on "Save Changes" to confirm the changes.

LDAP authentication should now be ready to test. Open the Vivi App (or restart if already open) and attempt to sign in with the username and password of an account in one of the appropriate groups.

...

SAML authentication can be used to authenticate users against your organisation's Active Directory Federation Services (ADFS) identity provider, using the user credentials that are managed within the organisation's Active Directory.

Please note: Enabling SAML authentication will disable Vivi standard authentication.

This section outlines the process for configuring your Vivi environment to accept SAML authentication.

Once you have enabled SAML, Vivi creates the metadata URL which this can be used to automatically configure your relying party trust in ADFS. It will look something like this: https://api.vivi.io/api/v1/users/saml_metadata/xxxx-xxxx-xxxx Where xxxx is your organisation's unique ID.

Load metadata XML into ADFS

The metadata XML that is created by Vivi needs to be loaded into ADFS.

...

  • Open ADFS.
  • In the left menu, go to "Relying Party Trusts".
  • In the "Actions" on the right, select "Add Relying Party Trusts".
  • Skip past the welcome page of the wizard.
  • Select "Import data about the relying party published online or on a local network, and copy the URL into the relevant text box.
  • Go through to the end of the wizard and save the changes.

Image Removed
ADFS Add Relying Party Trust Wizard

Set Up Identity Provider Claims

Identity provider claims need to be set up to support the Vivi solution.

You will need to log in to your ADFS instance and configure an LDAP claim that provides username, display name, and email.

Image Removed

The Vivi solution needs information about group membership in order to assign permissions.

Set up six "Send Group Membership as a Claim" claims as in the screenshot, one for each of the Vivi roles listed below. A suggestion for the "outgoing claim values" for each role is provided. If required, multiple claims can be used to determine the access for a single role.

...

Vivi Role

...

Suggested claim value

...

IT Admin

...

itadmins

...

E-Learning Admin

...

elearning

...

Emergency Authorised

...

emergency

...

Presenter

...

presenters

...

Signage Admin

...

signageadmin

...

Student

...

students

...

To enable SAML authentication:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.
  • Click "Edit".
  • Enter the settings outlined below and click "Save Changes".

...

Setting

...

Description

...

Authentication Type

...

SAML

...

Require Inheritance Code

...

This can be used to restrict users to signing in to particular organisations. If this is disabled, then users can log into any managed organisation that exists within the same ADFS service.

...

SAML Default Email Domain

...

A default email domain to use in case a user has no email address, e.g. "myschool.com.au", then emails will be "username@myschool.com.au".

...

SAML SSO URL

...

Full URL to your ADFS identity provider single sign-on endpoint, e.g. "https://dc.example.com/adfs/ls/".

...

SAML SLO URL

...

Full URL to your ADFS identity provider single logout endpoint. This can be left blank if this is the same as the single sign-on endpoint.

...

SAML Token-Signing Certificate

...

Exported Token-Signing Certificate from your ADFS identify provider, in PEM format.

...

SAML Name Attribute

...

Name used by your ADFS identity provider for the claim mapping a user's display name, for example: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.

...

SAML Email Attribute

...

Name used by your ADFS identity for the claim mapping a user's email address, for example: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress".

...

SAML Group Attribute

...

SAML Group Attribute: Name used by your ADFS identity provider for the claim mapping a user's group membership, for example: "http://schemas.xmlsoap.org/claims/Group".

...

SAML Inheritance Code Attribute

...

Name used by your ADFS identify provider for the claim mapping a user's inheritance code. Only needed if Require Inheritance Code is enabled.

...

The following SAML group settings are also required. These aren't the actual group names or DNs, they're special values returned by the relevant SAML claim.

Multiple groups can be separated with | (pipe). When multiple groups are specified, then a user may be a member of any to receive the relevant role.

...

Setting

...

Description

...

SAML Presenter Group

...

Group of users who will be given the presenter role. Leave blank to include everyone (not recommended).

...

SAML Student Group

...

Group of other users allowed to access Vivi. Leave blank to include everyone (not recommended).

...

SAML Emergency Authorised Group

...

Group of users allowed to trigger emergencies. Leave blank to assign manually in Vivi Central.

...

SAML IT Admin Group

...

Group of users provided with admin access to Vivi Central. Leave blank to assign manually in Vivi Central. If the group is set, existing IT Admins will lose their admin access since the Vivi Central role will no longer be relevant.

...

SAML E-Learning Admin Group

...

Group of users allowed access to metrics. Leave blank to assign manually in Vivi Central.

...

SAML with WIA (Windows Integrated Authentication)

Organisations which use Windows Integrated Authentication (WIA) will require some extra steps to get Vivi working for all users. If your organisation is Windows only, there should be no further configuration required – however if you need to support other devices, such as Mac, iOS and Android you will need to modify your SAML instance.

Steps Required:

1.Edit the global settings in your SAML Management Console

Image Removed

2. In the Global Authentication Policy pop-up tick Forms Authentication in the Intranet pane.

Image Removed

3. In Vivi Central, select the "Organisation" link.

4. Select the "Authentication" link in the menu at the top of the screen.

5. Click "Edit".

6. Scroll down until you find the "SAML Force Method" setting, and set it to "Forms".

7. Click "Save Changes".

Image Removed
SAML Force Method setting

When you have completed these steps, the system will use Forms Authentication as a fallback if WIA is not available – for example when connecting an iPad.

SAML Manual Configuration

In most cases, it should be possible to use the metadata XML provided by Vivi Central to auto-configure SAML authentication. If there are any problems with importing the metadata XML into Active Directory Federation Services, try these manual configuration steps.

These steps refer to information that is provided in the metadata XML that is generated when SAML authentication is enabled in Vivi Central. To get a copy of the file:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen. This will display the current SAML authentication settings, including the SAML Metadata URL.
  • Click on the URL to see the contents. The contents will look like the image below.

Image Removed

On the ADFS Windows server, run the ADFS "Add Relying Party Trust" wizard and work through the following steps:

Welcome Click "Start".

Select Data Source Select "Enter data about the relying party manually" and click "Next".

Specify Display Name Enter "Vivi" or whatever you'd like for the "Display name", then click "Next".

Choose Profile Leave "ADFS profile" selected and click "Next".

Configure Certificate Leave as default and click "Next".

Configure URL Leave as default (we'll fill these in later) and click "Next".

Configure Identifiers Add the metadata XML URL as the identifier, should be https://api.vivi.io/api/v1/saml_metadata/<organisation_id> (also labelled as 1 in the diagram above), make sure to click "Add" then "Next".

Configure Multi-factor Authentication Now? Configure as desired, but leave as default if in doubt, then click "Next".

Choose Issuance Authorization Rules Configure as desired, but leave as default if in doubt, then click "Next".

Ready to Add Trust Just click "Next".

Finish Untick the box to avoid editing claims straight away, then click "Close".

Now go back in by right clicking the new Relying Party Trust and selecting "Properties".

Go to Signature and "Add.." the signing certificate from the metadata XML. This is labelled as 2 in the diagram above, the easiest way is to copy and paste the data into a file with extension cer.

Go to Endpoints and "Add SAML.." two endpoints:

  1. Endpoint type: SAML Assertion Consumer, Binding: POST, Default: yes, Trusted URL: should be https://api.vivi.io/api/v1/users/saml labelled as 3 in the diagram above.
  2. Endpoint type: SAML Lagout, Binding: POST, Trusted URL: should be https://api.vivi.io/api/v1/saml_logout/<organisation_id> labelled as 4 in the diagram above, Response URL: same as Trusted URL.

You can then click "OK" to save the settings.

Now you can follow the regular steps of configuring the claims and Vivi.

Azure

Vivi can integrate with Azure and by extension Microsoft Office 365. A Premium P1 Azure Active Directory Licence is required to set up this integration.

Once set up, when users log in to the Vivi App, Vivi authenticates against your organisation's Azure instance.

Please note: Enabling Azure authentication will disable Vivi standard authentication.

Set the authentication type to SAML in Vivi Central

To enable Azure authentication:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.
  • Click "Edit".
  • Select "SAML" as the Authentication Type and click "Save Changes".

This will generate a SAML Metadata URL which needs to be added to the Azure configuration.

...

Example SAML Metadata URL

Enable authentication in Azure

One you have set Authentication to SAML and have your SAML metadata URL follow these steps to configure the authentication. These steps take place in both the Azure Portal, and in Vivi Central.

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. In the left navigation panel, click on "Azure Active Directory" and navigate to "Enterprise applications".
  3. Click "New application", then click "All" and then click "Non-gallery application".
  4. Enter "Vivi" for the name and click "Add" and wait until you end up at "Quick start".
  5. Click "Configure single sign-on".
  6. For "Single Sign-On Mode" select "SAML-based Sign-on".
  7. For "Identifier" enter the SAML metadata URL that was generated by Vivi Central. The format will be something like: "https://api.vivi.io/api/v1/users/saml_metadata/<your organisation id>"
  8. For "Reply URL" enter https://api.vivi.io/api/v1/users/saml.
  9. Download the "SAML Signing Certificate" as "Certificate (Base64)".
  10. Back in Vivi Central,
    1. Select the "Organisation" link in Vivi Central.
    2. Select the "Authentication" link in the menu at the top of the screen.
    3. Click "Edit".
    4. Copy the contents of the "SAML Signing Certificate" file into the "SAML Token-Signing Certificate" configuration item.
    5. Back in Azure, press "Configure Vivi".
    6. Copy the "SAML Single Sign-On Service URL" value into "SAML SSO URL" configuration item in Vivi Central. It should something like: "https://login.microsoftonline.com/<your application id>/saml2"
    7. Ignore the rest of the values, especially the "Sign-Out URL". Leave "SAML SLO URL" blank on Vivi Central.
    8. Click "Save Changes".
  11. In Azure, go back to "Azure Active Directory" and then to "App registrations".
  12. Find the "Vivi" application and select it.
  13. Click "Manifest" to view the JSON configuration.
  14. Find "groupMembershipClaims" and change the value from null to "SecurityGroup" (with quotes).
  15. Click "Save".
  16. Still in Azure, go back to the application and click "Settings" and then "Properties".
  17. For "Logout URL" enter https://api.vivi.io/api/v1/users/saml_logout/<your organisation id>.
  18. Click "Save".
  19. Go back to "Enterprise applications" -> "Vivi" -> "Users and Groups".
  20. Only users and groups explicitly added here will be able to sign in to the Vivi App. You will need an "Object ID" to match each of the Vivi roles.
  21. Nested groups can't be assigned yet according to Microsoft: https://feedback.azure.com/forums/169401-azure-active-directory/suggestio ns/15718164-add-support-for-nested-groups-in-azure-ad-app-acc
  22. Alternatively, you can disable "User assignment required?" in "Vivi" -> "Properties" to allow all users to sign in.
  23. Back in Vivi Central:
    1. Select the "Organisation" link in Vivi Central.
    2. Select the "Authentication" link in the menu at the top of the screen.
    3. Click "Edit".
    4. For "SAML Name Attribute" enter "http://schemas.microsoft.com/identity/claims/displayname"
    5. For "SAML Email Attribute" enter "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    6. For "SAML Group Attribute" enter "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
    7. For "SAML Presenter Group", "SAML Student Group", "SAML Emergency Authorised Group", "SAML IT Admin Group", SAML E-Learning Admin Group" use the "Object ID" found on the groups you want to use
    8. Please note: If the "SAML IT Admin Group" is set, existing IT Admins will lose their admin access since the Vivi Central role will no longer be relevant.

Azure authentication should now be ready to test. Open the Vivi App (or restart if already open) and attempt to sign in with the username and password of an account in one of the appropriate groups.

...

Vivi can integrate with Google G Suite.

Once set up, when users log in to the Vivi App, Vivi authenticates against your organisation's Google G Suite environment.

Please note: Enabling Google authentication will disable Vivi standard authentication.

To use G Suite with Vivi you will need:

  • A G Suite domain
  • Be able to sign into the Domain Admin user account for the G Suite domain
  • Users need to be assigned to groups to support Vivi. See the group settings below.

To set up G Suite authentication Vivi Central:

  • Select the "Organisation" link in Vivi Central.
  • Select the "Authentication" link in the menu at the top of the screen.
  • Click "Edit".
  • Set the Authentication Type as "Google" and save the changes. Do not start filling out the remaining fields
  • The screen will now show the Authentication Type as "Google". The next field is "Google Linked Admin". A link has now been created. Click on the link.
  • This will take you to a Google login screen. Log in in with your Domain Admin user account.
  • Google will note that the "This app isn't verified". To pass this screen you will need to click "advanced" then "Go to vivi.io (unsafe)".
  • A permission page will be shown. To proceed you will need to click "Allow". You will then be returned to the Organisation Authentication settings screen in Vivi Central.
  • Click "Edit" and fill out the required fields below.

...

Setting

...

Description

...

Authentication Type

...

Google

...

Google Hosted Domain

...

The default email domain in the case the user does not enter the full email address.

...

The following Google group settings are also required.

These values can be the email address, a group alias, or the unique group ID.

Multiple groups can be separated with | (pipe), then a user may be a member of any to receive the role.

...

Google Presenter Group

...

The group email address of the users who are to have full presenter rights

...

Google Student Group

...

The group email of the users who are to have student level access.

...

Google Emergency Authorised Group

...

The group email of the users who are allowed to trigger emergencies.

...

Google IT Admin Group

...

The group email of the users who have IT administrator privileges in Vivi Central. If the group is set, existing IT Admins will lose their admin access since the Vivi Central role will no longer be relevant.

...

Google E-Learning Admin Group

...

The group email of the users who have access to metrics in Vivi Central.

  • Once all of the settings have been added, click "Save Changes".

Google authentication should now be ready to test. Open the Vivi App (or restart if already open) and attempt to sign in with the username and password of an account in one of the appropriate groups.

...

The user management page allows users and their settings to be managed, including regular users and guests.

To view existing users at your organisation, select the "Organisation" link in Vivi Central and then select the "User" link.

A list of users will be displayed.

Image Removed
The user list

To view the settings for an individual use, click on their name in the list. This will show the "Details" for the user, and show the user management menu.

Image Removed
User details screen

...

All authentication methods create a corresponding user in Vivi Central once a user logs in.

To create a user manually via Vivi Central:

  • Select the "Users" link in Vivi Central. A list of existing users will be displayed.
  • Click "Create User".
  • Set the following details for the user: name, email address and password.
  • Set the required roles for the user. See the Roles section for a description of what each role is for. To create a student account, do not select any roles.
  • Click "Create" to save the details.

...

User details can be modified via Vivi Central.

Please note: If your organisation is using an external authentication source, details are automatically synchronised to Vivi Central when a user logs in.

Role details are automatically set by the external authentication source if the relevant role group has been specified in the organisation authentication settings. If a role group has not been specified, roles can be modified in Vivi Central.

To modify the details for a user:

  • Select the "Users" link in Vivi Central. A list of existing users will be displayed.
  • Find the user in the link and click on the user's name. The user's details will be displayed.
  • Click "Edit".
  • Update the details as required. See the Roles section for a description of what each role is for.
  • If the "IT Admin" role is selected, an option is made available to "Enable Inactive Device Emails". See details below.
  • If the "IT Admin" or "E-Learning Admin" roles are selected, an option is made available to "Enable Dashboard Emails". See details below.
  • Click "Save Changes".
  • If an error message says that the email domain is not allowed, check the organisation domain setting.

Daily Inactive Device Emails

Some IT administrators like to receive a daily summary of the any offline Vivi Boxes. If enabled, this email is delivered at 1am weekdays (based on the user's local time) and is useful for identifying problems. In many cases, the device has simply become unplugged or requires a reboot.

Weekly Dashboard Emails

IT Administrators and E-Learning Administrators can opt to receive a weekly summary of the Vivi Central metrics.

Changing a Password

This option is only relevant for organisations that are using Vivi authentication.

To change a user's password:

  • Select the "Users" link in Vivi Central. A list of existing users will be displayed.
  • Find the user in the link and click on the user's name. The user's details will be displayed.
  • Click on the "Authentication" link in the user management menu at the top of the screen.
  • Click "Edit".
  • Enter the new password and "Save Changes"

Image Removed
Password change screen

...

To delete a user:

  • Select the "Users" link in Vivi Central. A list of existing users will be displayed.
  • Find the user to be deleted, and click the "Delete" button next to the corresponding user.
  • Confirm that the user is to be deleted.

Please note (for non-Vivi authentication only): If a deleted user logs into the Vivi App again, they will be automatically re-created in Vivi Central.

...

Users can be assigned to one of the following roles:

...

Role

...

Description

...

IT Admin

...

IT Admins get full access to Vivi Central for their organisation.

...

E-Learning Admin

...

E-Learning Admins have restricted access to view Metrics in Vivi Central. E-Learning Admins are also given read-only access view organisation information.

...

Emergency Authorised

...

If "All Presenters Can Trigger Emergencies" is set to false, this role will grant this user the ability to trigger emergencies.

...

Presenter

...

Presenters have the ability to access Displays through the Vivi App and can allow provide access to others in the room.

...

Signage Admin

...

Signage Admin have access to manage Digital Signage.

...

Student

...

Students have restricted access. They can be permitted to share their screen by a Presenter. If no roles are assigned to a user, they are given student access.

...

  • Creating a relevant access control group in an external authentication source, or
  • Editing users and adding the roles.

If an external authentication source is being used, but a relevant access control group hasn't been specified, roles can be manually granted to users via Vivi Central. Refer to the Authentication section for more information about setting up external authentication.

...

Guests can be granted access to allow temporary presenters to use the Vivi system at your school. Guest presenters are granted teacher privileges and are therefore not advised to be used for students.

Guest codes can be created from the Vivi App and from Vivi Central. Codes created in the Vivi App are tied to the room that the teacher is in when the guest code is created and can be initially allocated for between 1-24 hours (although they can be extended in Vivi Central to an arbitrary end date).

Guests can also be created via Vivi Central.

Intended usage:

  • Guest code created via the Vivi App – guests coming in to deliver a presentation, etc.
  • Guest code created via Vivi Central – relief teachers staying for a short time e.g. a couple of days.

...

To create a guest code via Vivi Central:

  • Expand the "Users" menu in Vivi Central and click the "Guests" link. A list of all existing guest accounts will be shown.
  • Click "Create Guest".
  • Select the Organisation that the guest belongs to, and the Room that they need access to.
  • Enter a name for the guest.
  • Set the start and end date for the guest to have access. When you click on the date, it will bring up a calendar. Within the calendar there are also options to quickly give guests access for one day, one week, 30 days or one year.
  • Click "Create".

Image Removed
Create guest example

Once the guest is created, Vivi Central will automatically create a 4-digit guest code that the guest can use to log in to the Vivi App. This is shown on the next screen.

...

Once guest accounts have expired, they can be edited to extend the end date of the account.

To via the list of guest accounts, expand the "Users" menu in Vivi Central and click the "Guests" link. A list of all existing guest accounts will be shown.

The "Is Valid" field shows whether or not the guest Code has expired.

An option is also provided to "Delete" each account.

To extend the end date for a guest:

  • Click on the guest's name. The guest details screen will be shown.
  • Click "Edit".
  • Modify the "End Time".
  • Click "Save Changes".

Please note: Guests cannot be moved to other rooms. Create a new guest account in the alternate room instead.

Guest USB

The Vivi App must be installed for a user device to connect to Vivi. When guests are using Vivi, it is possible for the Vivi App to run from a USB, so that they do not need to install it on their machine.

To set up a guest USB

  • Download the Vivi USB image from http://api.vivi.io/usb.
  • Extract the zip file, then using your burning tool of choice, burn the .img file to a USB flash drive.

Please note: The guest version of the Vivi App will not work with the /wiki/spaces/SHUB/pages/174684, or meeting links created by the Vivi Outlook Add-In.

To use a guest USB, plug in the USB and choose the folder with your corresponding operating system (Mac or Windows). Once in the folder, simply launch the Vivi App.

...

Vivi keeps a log of all user interactions. To review user activities:

  • Select the "Users" link in Vivi Central.
  • In the list of users, click on the name of the user to view.
  • Click on the "Activity" link in the user management menu at the top of the screen.
  • The user's activity will now be displayed.

...