Create your first user

This page describes the steps that are required to make your M-Pin SSO instance fully operational and manageable by users with administrative privileges. It assumes that you have created and accessed your initial-setup account with M-Pin SSO.

Note that until you create your first admin User for the system, you can only access the initial-setup account using the device-browser combination and credentials with which you accessed it for the first time.

As M-Pin SSO does not have its own SMTP server, you must have an external SMTP. This can be your own SMTP server or a third-party SMTP service. Check its SMTP settings and have them handy when you start the configuration procedure.

To create and configure your first admin User:

Use your browser to access the M-Pin SSO sign-in page of the instance at http://HOST where HOST is the Public DNS or Public IP address of your M-Pin SSO instance.

The page will then display the M-Pin PIN-Pad with the initial-setup account pre-selected.

Sign in with your PIN. You will be taken to the web-based management interface.

​​You can sign in to the initial-setup account more than once, but only from the device and the browser which you used to access it for the first time. If this device or browser becomes unavailable for some reason, you will have to re-create the initial-setup account, as explained in Re-Gaining Administrative Control Over M-Pin SSO.

You must configure your SMTP settings to send emails and validate the email addresses that the users sign up with. This is a pre-requisite for creating your first admin user.

Click Administration > Global Settings > Server settings to access the Server Settings screen.

Now configure the SMTP-related options in the Server Settings screen:​

M-Pin SSO does not have its own SMTP server. This can be your own SMTP server or a third-party service such as gmail (note that you will need to have 2-factor authentication and an application-specific password setup in your gmail account in order for your gmail acccount to accept the SMTP requests)

After you enter the settings, click 'Check Settings' to verify them. If they are correct you will be presented with the following screen:

Once they are verified, click Save to commit.

Log out of the initial-setup account by clicking on 'initial-setup' User at the top-right and select LOG OUT.

As a new user, you have to provide a valid email address and create a PIN after email verification. This can be either you and your own email address or another person in your organization, as long as the email verification is done, in order to proceed to the next stage.

Now when you access the M-Pin SSO sign-in page in your browser, use the Add new identity functionality of the PIN-Pad by clicking on the 'Sign in as' option at the top of the PIN pad:

Click Add new identity to add a new user:

Now add the email address and a name for your device e.g. 'myLaptop' or 'workDesktop':

You will then receive an email address validation mail. Click on the link to validate then return to the SSO sign-in page and 'confirm and activate':

Access the sign-in page again and click 'I confirmed my email'

Now create another PIN for the new user. Then click 'Sign-in now':

Once your PIN is created, your login details will be stored in the M-Pin SSO’s web-based management interface in Administration > M-Pin SSO Settings > Users
You will not be able to access this part of the interface while logged in as the new User because this new User does not have any administrative privileges yet.

Log out of your new user account, then log back in to the initial-setup account. Use the menu icon at the top-right of the PIN-Pad to display available identities and double-click the initial-setup identity to select it:

Be sure to login using the first PIN you created.

Go to Administration > M-Pin SSO Settings > Users to view the Users list:

Note the orange minus signs in the above screenshot, which indicate that the User has no administrator privileges (default for new Users).

To grant full permissions to the user, click on their username to open up the Change User window. In the 'Permissions' section all you need to do is tick the 'Staff Status' and 'Super User' boxes:

When editing a User, do not change the Username! The Username must be the email address of the user and must be unique or your M-Pin SSO system will not operate properly.

Note that the 'Active' box must remain checked.

Save your changes.

Now the User has administrator privileges:

Once you have one or more users with administrative privileges, you can safely delete the initial-setup account.

Log out as 'Initial-setup' and log back in as your new user with admin rights.

Now go to Administration > Users

Select the initial-setup identity, then scroll to the bottom of the page and select Delete followed by Yes, I’m sure.

This will delete the initial-setup User.

You will also notice that the initial-setup user account is still in the PIN pad.

To remove it, select the menu icon at the top right to access the account management page of the PIN-pad.

Then select the pencil icon next to the initial-setup User:

Then click 'Remove Identity' and 'Yes, Remove it'.

Now that you have an admin User, it would be a good idea to set up your LDAP listing as soon as possible. Otherwise anyone with a valid email address would be able to set up an account for themselves and log in to your M-Pin SSO System (unless their access to the machine has been restricted in some other way). For instructions, see Configuring LDAP in the 'Configuration' section of the menu.