Setting up the Guest Account for Archibus Workplace
Setting up the Guest Account for Archibus Workplace
By default, Guest account is enabled. This means that users and visitors can access Archibus Workplace by selecting the "Sign in as Guest" option on a lobby kiosk, conference room kiosk, or from the Workplace URL. To disable the Guest account:
- Delete the GUEST user in the afm_users table.
-
Set the
AbSystemAdministration-GuestAccountPermittedparameter to false. This hides the “Sign in as Guest” button on login forms.
Review the following table to understand the security implications of the Guest account.
| Option | Use case | System administration tasks | Security Implication |
|---|---|---|---|
| Visitors are not trusted | No access to the system by visitors whatsoever |
Set up SAML authentication. Delete the Guest user and set the parameter, as described above. Print and use QR codes, if desired. Do not use the kiosk mode for guests. |
No security implications. |
| Visitors are trusted |
Visitors can use kiosks in the lobby, as it is behind a security checkpoint. |
Enable the Guest account Do not print and use QR codes |
When they use the Employee Locator, the list of employees is accessible to those visitors who can physically access the kiosk. |
| Visitors can use kiosks outside conference rooms. |
Enable the Guest user. Do not print and use QR codes. |
When they use the Room Reservations feature to add attendees, the list of employees is accessible to those visitors who can physically access the kiosk. Visitors can use QR codes |
|
| Visitors can use of QR codes |
Enable the Guest user. Print and use QR codes |
When they use the Room Reservations feature to add attendees, the list of employees is accessible to those visitors who can scan the QR code. Visitors can create service request anonymously. Visitors can access the application when they are outside the facility |