.. Reminder for header structure:
Niveau 1: ====================
Niveau 2: --------------------
Niveau 3: ++++++++++++++++++++
Niveau 4: """"""""""""""""""""
Niveau 5: ^^^^^^^^^^^^^^^^^^^^
.. meta::
:description: Using WAPT SelfService
:keywords: WAPT, selfservice, documentation
.. |pinguin| image:: ../icons/emoji/pinguin.png
:scale: 20%
:alt: Pinguin emoji
.. |enterprise_feature| image:: ../icons/wapt_enterprise_feature_only.png
:scale: 100%
:alt: WAPT Enterprise feature only
.. _wapt-selfservice:
Using WAPT SelfService
======================
|enterprise_feature|
.. versionadded:: 1.7 Enterprise
Presentation
------------
With WAPT 1.7 **Enterprise** you can now filter the list
of self-service packages available for your users.
Your users will be able to install a selection of WAPT packages
without having to be a :term:`Local Administrator` on their desktop.
The :term:`Users` gain in autonomy while deploying software and configurations
that are trusted and authorized by the :term:`Organization`.
This is a time saving feature for the Organization's IT support Helpdesk.
How does it work?
-----------------
With WAPT 1.7 **Enterprise**, a new type of WAPT package exists beside *base*,
*group*, *host*, *profile* and *unit* packages:
they are **selfservice** packages.
.. figure:: wapt_console-selfservice.png
:align: center
:alt: Create a *selfservice* package
Create a *selfservice* package
A *selfservice* package may now be deployed on hosts to list the different
self-service rules that apply to the host.
How to use the **selfservice** feature?
---------------------------------------
.. hint::
The **selfservice** feature is only available with WAPT **Enterprise**.
In the **Community** version, only Local Administrators and members
of the *waptselfservice* group can access self-service on the agent.
In the **Community** version, it is not possible to filter
the packages made accessible to the user.
In the console go to the tab :guilabel:`Self-service` rules.
You can now create your first *selfservice* rule package.
* give a name to your new *selfservice* package;
* click on :guilabel:`Add` to add an Active Directory group (at the bottom left);
* name the *selfservice* group (with :kbd:`F2` or type directly into the cell);
* drag the allowed software and configuration packages
for this *selfservice* group into the central column;
* add as many groups as you want in the package;
* save the package and deploy the package on your selection of hosts;
* once the package is deployed, only allowed packages listed
in the *selfservice* group(s) of which the :term:`User` is a member
will be shown to the logged in :term:`User`;
.. note::
* if a group appears in multiple *selfservice* packages,
then the rules are merged;
* the authentication used is system authentication, local users and groups,
but if the machine is in a domain then authentication and groups
will also work with users and groups in the domain;
How to use the self-service on the user station?
------------------------------------------------
The self-service is accessible to users in the start menu under the name
:guilabel:`Self-Service software WAPT`.
It is also available directly in :file:`\\waptself.exe`.
The login and password to enter when launching the self-service
are the User's credentials (local or Active Directory credentials).
The self-service then displays a list of packages available for installation.
.. figure:: waptself.png
:align: center
:alt: Self Service
* the user can have more details on each package with the :guilabel:`+` icon;
* different filters are available for the user on the left side panel;
* the :guilabel:`Update Catalog` button is used to force a
:command:`wapt-get update` on the WAPT agent;
* the list of package categories is displayed to the user.
To add a category to the list, you must specify the category
in the *categories* section of the :file:`control` file
of the relevant package;
* the current task list of the WAPT agent is available
with the :guilabel:`task bar` button;
* it is possible to change the language of the interface
with the :guilabel:`configuration` button at the bottom left.
Customizing the Self Service interface
++++++++++++++++++++++++++++++++++++++
Adding the Logo of your Organisation
""""""""""""""""""""""""""""""""""""
In the **Enterprise version only of WAPT**, it is possible to change the logo
that appears in the self-service interface and therefore improve the acceptation
of the Self Service feature by your users.
To do this, simply place the logo you want in
:file:`\\templates\\waptself-logo.png`
.. note::
It is highly recommended to use a :mimetype:`.png` file with a *200 x 150px*
resolution.
Managing package categories
"""""""""""""""""""""""""""
Default categories are:
* Internet;
* Utilities;
* Messaging;
* Security;
* System and network;
* Storage;
* Media;
* Development;
* Office;
You can create your own categories easily by filling the :file:`control`
file's ``categories`` section of any WAPT package and write a new category
of your choice, WAPT will automatically show the package in the new category.
WAPT Agent Settings for WAPT Self-Service
-----------------------------------------
WAPT Agent can be configured to force WAPT SelfService packages
filtering to Local Administrators :ref:`waptself_ini_file`.
Configuring a different authentication method for the selfservice
-----------------------------------------------------------------
As mentioned above, authentication on WAPT service is configured
by default in system mode.
This means that the WAPT service transmits the authentication directly
to the operating system; it also recovers the groups by directly interrogating
the operating system.
This behavior is defined with the value of ``service_auth_type``
in :file:`wapt-get.ini`. The default value is *system*.
In this mode we assume that Local Administrators can see all the packages.
To change this behavior, modify the value of ``waptservice_admin_filter``
in :file:`wapt-get.ini`.
You may be interested in looking up this article describing the :ref:`settings
for WAPT Self-Service and Waptservice Authentification `
for more options.
Two additional modes are available starting with version 1.8.2:
* ``waptserver-ldap``: this mode allows authentication to the WAPT server.
The WAPT server will make a LDAP request to verify authentication and groups.
**Warning** ! For this to work, you must have configured LDAP authentication
on the WAPT server, (the configuration of the admin group will be ignored)
See :ref:`this article on configuring authentication
against Active Directory ` for more information.
* ``waptagent-ldap``, This mode allows authentication with an LDAP server
identified in :file:`wapt-get.ini`. The WAPT agent will make a LDAP request
to verify authentication and groups.
You may be interested in looking up this article describing the :ref:`settings
for WAPT Self-Service and Waptservice Authentification `
for more options.
.. note::
For the system authentication under |pinguin| to work correctly,
be sure to correctly configure your pam authentication
and your :file:`nsswitch.conf`. The :command:`id username` command
must return the list of the groups the user is member of.
Video demonstration
-------------------
.. raw:: html