Enterprise Management

Created On07/12/2023

Last Updated On03/10/2025

byYing Xu

DataMesh FactVerse provides a series of enterprise management functions to manage and configure users, roles, departments, and other related settings within the enterprise.

User permission management

User permission management is an important function in DataMesh FactVerse. It is associated with the user’s enterprise organizational structure, controlling different user operation permissions through setting permissions on the user’s department and position.

User permission management in DataMesh FactVerse includes two parts: license allocation and functional permissions of FactVerse.

License Allocation: Used to allocate the licenses to use the DataMesh FactVerse platform and DataMesh client applications. Administrators with management rights can configure licenses for users in Enterprise Management > User Management > User Details > License Assignment or configure in Enterprise Management > License Management.
FactVerse function permissions: The use of each functional module in DataMesh FactVerse requires enabling the corresponding use permissions. Administrators with management rights can enable the use permissions of the corresponding functional modules according to the position requirements. When adding a user, the position assigned to the user will determine the user’s functional permissions.

To provide users with the correct access and use permissions, when adding users for an enterprise, enterprise administrators or users with enterprise management rights need to set user permissions according to the following steps:

1. Create a new department. Refer to Enterprise Management > Department Management.

2. Create a new position. Refer to Enterprise Management > Role Management.

3. Add a user. Refer to Enterprise Management > User Management > Add a new user.

4. Assign License: Grant permissions to users, allowing them to access FactVerse and use DataMesh client products. Refer to Enterprise Management > User Management > Assign License.

User Management

You can choose Enterprise Management > User Management in the function module navigation bar to enter the User Management page.

The User Management page displays all users in the enterprise and supports viewing account details, creating, enabling, or disabling accounts, managing account permissions, filtering, searching for accounts, etc.

Add a new user: Click the New button to start to add a new user.
Search for an account: Search for user accounts in the search bar.
Disable an account: Click the disable button to disable an account.
Enable an account: Click the enable button to enable an account.

Notes:

- After reactivating the account, the administrator needs to ensure that a license is promptly reassigned to the account.
- During the period when the account is deactivated, any folders created by the account will be transferred to the administrator for management. When reactivating the account, the administrator can decide whether to return ownership of the folders to the original account user.
Delete an account: Users possessing user deletion permission can delete an account on the user management page.
View user details: Click the details button corresponding to the user to open that user’s details page.

Add a new user

The steps to add a user to the enterprise are as follows:

1. Click the New button on the User Management page to open the New window.

2. In the New window, enter the user’s account information.

i. If the account has not been registered on FactVerse, you need to set a password, name, and role for the newly added user.

ii. ii If the account has already been registered in FactVerse but has not yet been added to the current enterprise account, there is no need to set a password.

Assign License

Administrators can enable the use permissions of FactVerse and applications for users in the License Assignment column on the User Details page.

Note: The number of assignable users in the DataMesh FactVerse and client depends on the maximum number of FactVerse users in the enterprise’s current valid license and the number of client subscriptions.

License allocation rules:

FactVerse: All accounts. As FactVerse provides basic support, any available account needs to be allocated with the FactVerse License.

Reset password

The administrator can reset the user’s password by clicking the Password button in the Basic Information section of the User Details page.

Disable and enable accounts

Disable an account

1. Access the User Management page:

Select Enterprise Management > User Management from the functional module navigation bar to enter the user management page.

2. Select the account to deactivate:

Find the user account you want to deactivate in the user list. You can use the search function to quickly locate the user.

3. Click the disable button:

Click the “Disable” button next to the selected account. The system will display a confirmation window asking you to confirm the deactivation.

4. Confirm deactivation:

In the confirmation window, click the Yes button. The system will deactivate the user account, which will no longer be able to log in or access platform resources.

Notes:

During the deactivation period, any folders created by the account will be transferred to the administrator for management. When reactivating the account, the administrator can decide whether to return ownership of the folders to the original account user.

Enable an account

1. Access the User Management page:

Select Enterprise Management > User Management from the functional module navigation bar to enter the user management page.

2. Select the account to reactivate:

Find the user account you want to reactivate in the user list. You can use the search function to quickly locate the user.

3. Click the enable button:

After reactivating the account, the system will prompt you to decide whether to return ownership of the account’s folders.

4. Reassign the License：

Once the account is reactivated, the administrator needs to ensure that a license is promptly reassigned to the account.

Department Management

You can choose Enterprise Management > Department Management in the function navigation bar to enter the Department Management page. This page displays all departments within the enterprise, supporting operations such as creating and deleting departments.

On the Department Management page, you can click on the detail button of the department to open the Department Details page. You can modify department information, and add, or remove users from the department on this page.

Role Management

You can choose Enterprise Management > Role Management in the function module navigation bar to enter the Role Management page. This page displays all roles in the company, supporting operations such as viewing role details, creating, searching, and deleting roles.

The steps to create a role are as follows:

1. Click the New button on the Role Management page to open the New window.

2. In the New window, select a department and fill in the role name.

3. Click the Next button, then select role permissions. You can set functional permissions based on the actual needs of the role. Users added to this role will inherit all the functional permissions of the role.

4. After completing the settings, click the Confirm button.

Teacher role

When the enterprise License includes the Learning Management module, the system will automatically create the Teacher role. This role comes with all the necessary permissions from the Learning Management module, as well as permissions for courseware editing and exam monitoring. This setup helps enterprise trainers efficiently organize and manage training activities.

Permissions for enterprise trainers:

Role Permissions:
- Teacher Role: As a teacher, the enterprise trainer has the following permissions:
  - Manage courseware
  - Manage training group
  - Manage scene role
  - View individual performance
  - View overall performance
Function module:
- Digital Assets
License assignment:
- FactVerse Platform: Access to the FactVerse platform
- DataMesh Studio: Edit scenario courseware
- FactVerse Designer: Edit scene courseware
- DataMesh One (Training mode): Perform exam monitoring tasks

Notes

Auto-Generated: The Teacher role is automatically generated by the system and will only be available if the enterprise License includes the Learning Management module. If this module is not part of the License, the Teacher role will not appear in the role list.
Non-editable: The Teacher role and its permissions are system defaults and cannot be deleted, modified, or changed.

License Management

Select Enterprise Management > License Management in the function module navigation bar to enter the License Management page. This page displays basic company information, current License information, company’s subscription records, and License assignment information.

Basic information

The Basic information card on the License Management page displays the current license information of the company. Users can view the current subscription content.

Long-term event:

For Licenses that have enabled long-term event permissions, events can be valid for a long time or 1-7 days.
For Licenses that have not enabled long-term event permissions, the events can be valid for 1-7 days.

Maximum online participants for an event: The maximum number of accounts that can participate in an event.

Concurrent devices: The number of devices a single account can be logged into simultaneously for the same DataMesh client application.

Custom features: Customized features for the account. For example, scene import and export functionality (used to configure permissions for FactVerse Designer’s import and export features).

Usage information

Usage information card displays all usage information of the current License subscription for the enterprise.

Maximum number of DataMesh Studio users: Refers to the maximum number of DataMesh Studio users that can be allocated under the current license.

Maximum number of DataMesh One users: Refers to the maximum number of DataMesh One users that can be allocated under the current license.

Maximum number of FactVerse users: Refers to the maximum number of FactVerse users that can be allocated under the current license.

Storage Space: Usage information of the enterprise storage space utilized by digital assets, AI knowledge base files, etc

Text Tokens: Information on the number of tokens consumed for uploading AI knowledge base files.

Conversation Tokens: Information on the number of tokens consumed for text input during interactions with the AI assistant.

License Assignment

After adding users, administrators need to assign permissions for them to use the FactVerse platform and DataMesh client applications. The License Management page within the Enterprise Management provides a centralized way to manage licenses for all users within the organization. Within the License Assignment card, you can click the switch button in the top right corner to switch between product view and list view:

Product View: Displays various products subscribed to by the organization and their current usage status. By selecting specific products, you can view users by role and department and perform batch license allocation.
List View: Provides a comprehensive view of all users and product subscriptions within the organization. You can use it to enable or disable product licenses for individual users.

Note: The number of Licenses that can be allocated is limited, that is, the limit set in the currently effective company License.

License allocation rules:

FactVerse: All accounts. As FactVerse provides basic support, any available account needs to be allocated with the FactVerse License.
Studio, One, Checklist, and other DataMesh client products: Allocated according to the actual requirement of the account.

License subscription records

The License Management page also supports viewing the current status of all subscriptions for the enterprise.

Example: Adding an administrator

Objective

Add user B and assign him/her management permissions to collaboratively manage the company with other staff.

Prerequisites

1. User A is an administrator who has Enterprise management permissions in DataMesh FactVerse, such as a company administrator. User A should have the following permissions:

FactVerse
User Management
License Management
Department Management
Role Management

2. User B does not register in the FactVerse platform.

3. Ensure that the “Technology Department” department and “Administrator” role do not exist in the enterprise.

User A conducts the following operations:

1. Create a new department.

i. Navigate to the Department Management page by selecting Enterprise Management > Department Management in the function navigation bar.

ii. On the Department Management page, locate and click the New button to open the New window.

iii. In the New window, enter “Technology Department” in the Department Name field.

iv. Once you have entered the department name, click the Confirm button to finalize the creation of the department.

2. Create a new role for the administrator.

i. Navigate to the Role Management page by selecting Enterprise Management > Role Management in the function navigation bar.

ii. On the Role Management page, locate and click the New button to open the New window.

iii. In the New window, select the department as “Technology Department” from the department dropdown menu, and enter “Administrator” in the Role Name field.

iv. Click Next to proceed to select the desired position permissions for the administrator. In this case, select User Management, Department Management, Role Management, and License Management permissions under Enterprise Management.

v. Once you have selected the appropriate permissions, click Confirm to finalize the addition of the administrator role.

3. Add a new account “UserB@dcs.com” and set the account as the administrator of the technology department.

i. Navigate to the User Management page by selecting Business Management > User Management in the function navigation bar.

ii. On the User Management page, locate and click the New button to open the New window.

iii. In the New window, enter the relevant account information. Specify the department as “Technology Department” and assign the role of “Administrator” to the user.

iv. Click the Confirm button to complete the addition of User B.

4. Assign licenses to User B.

i. Navigate to the User Management page by selecting Business Management > User Management in the function navigation bar.

ii. On the User Management page, click the detail button of User B to open the User Details page.

iii. In the License Assignment section of the User Details page, enable FactVerse permissions for “UserB@dcs.com”.

Tag Management

Tags are used to categorize resources, events, and scenes.

You can select Enterprise Management > Tag Management in the function navigation bar to enter the Tag Management page.

The Tag Management page includes the following tag information:

Name
Number of References: The number of times resources, activities, scenes, etc. use tags.
Creator

The page supports the following operations:

Create new tags
Rename: Click to rename the tag.
Delete: Click to delete the tag.
Search for tags

Acceleration Service Settings

The acceleration service for uploading resource files (scenarios and models) is supported by the Unity Accelerator. Accelerated files (usually 3D models) have faster loading speeds and fewer nodes without changing the model structure, etc. Unaccelerated files can still be used, but the loading speed depends on the complexity of the model, potentially resulting in slow loading and lag during use.

The steps to set up the acceleration service are as follows:

1. Click on Enterprise Management > Acceleration Service Settings in the function navigation bar to open the Acceleration Service Settings page.

2Check the acceleration platform and click the Apply button to complete the setup of the acceleration platform.

Enterprise Settings

Storage configuration

Click the Add button to open the Storage Configuration window.

Two types of storage configuration:

Developer Configuration

The developer configuration feature supports managing Access Key for accessing the enterprise. Developers can use the Access Key to call the login API and access this enterprise.

Collaboration Service Configuration

Collaboration Service Configuration supports configuring the MQTT message server responsible for receiving collaborative events messages.

Click the Enable switch, then set the collaboration server address, port, and protocol.

IP Whitelist

You can control access to the FactVerse service by setting up a whitelist. This allows only certain IP addresses, a group of IP addresses, or IP addresses within a specified range using subnet masks to access the service.

BIM 360 Configuration

The FactVerse platform supports importing files from Autodesk BIM 360. Enterprise administrators can follow these steps:

1. The enterprise administrator sends a developer invitation email to DataMesh.

2. DataMesh completes the Forge Client ID, App Name, App Logo, and App Description to obtain access to users’ Autodesk BIM 360 accounts.

3. The enterprise administrator logs into the FactVerse platform and fills in the Account ID and Account key in the BIM360 configuration section on the Enterprise Settings page.

For specific instructions on obtaining Autodesk BIM 360 account access, please refer to: Manage API Access to BIM 360 Docs | BIM 360 API | Autodesk Platform Services

AI assistant model selection

On the FactVerse platform, users can choose between two different AI assistant content generation models: Azure OpenAI and OpenAI.

Each model has its advantages:

Azure OpenAI: Easier integration with Azure cloud services, suitable for users already within the Azure ecosystem.
OpenAI: Faster response times, ideal for users with higher performance requirements.

Login security

Enterprise administrators can configure the security authentication method for user logins. There are two following two options:

Password Verification: Use FactVerse account credentials for regular login.
Account, Password, and SMS Code Verification: If this option is enabled, when enterprise users log into the FactVerse platform and its client applications must enter their username and password correctly, obtain a verification code sent to their mobile phone, and complete online authentication to log in.

Configure SSO login

SSO (Single Sign-On) login is an authentication service that allows you to log in to the FactVerse platform and related applications, such as DataMesh One, using a single set of enterprise credentials (username and password).

SSO Protocols Supported by FactVerse

SAML 2.0 (Security Assertion Markup Language) 2.0: An XML-based standard used for authentication. It enables the exchange of authentication and authorization data between the Identity Provider (IdP) and the Service Provider (SP).

Definition

Identity Provider (IdP): The organization responsible for verifying the user’s identity and granting access permissions.
Service Provider (SP): The system that receives the authentication information from the IdP and grants the user access to the application.
Entity ID: A unique identifier used to recognize a specific entity in the SAML authentication and authorization protocol. Typically in the form of a URL or URI, it is used to identify entities in SAML messages and metadata. It can also support advanced scenarios such as SSO or Federated Identity Management.
SSO Login (Single Sign-On): SSO allows users to access multiple applications or systems with a single login. This means you only need to log in once, without having to enter your username and password for each application. It simplifies the login process, improves security, and reduces the complexity of managing multiple passwords.

Enable SSO Login

Prerequisites

Before configuring SSO login, make sure you meet the following requirements:

Your enterprise has subscribed to the SSO login feature.
You have enterprise administrator permissions on the FactVerse platform.
You have the necessary configuration details for your enterprise’s IdP.

Configuration steps

1. Log in to FactVerse: Log in to the FactVerse platform as an enterprise administrator.

2. Go to the enterprise configuration page: Navigate to Enterprise Management > Enterprise Settings.

3. Select the SSO protocol: In the SSO Configuration section, click the plus icon and choose SAML 2.0.

4. Enter SSO Configuration Information.

Entity ID (Required): The Entity ID of your IdP, which uniquely identifies your specific tenant or organization within the IdP.
Login URL (Required): The URL users will use to log in to the FactVerse platform and related applications.
Logout URL (Required): The URL users will use to log out of the FactVerse platform and applications.
Key and Certificate Configuration: These are used to decrypt communication between the Service Provider (SP) and Identity Provider (IdP).
- Certificate Public Key (Required):
- Signature Algorithm: The default algorithm is rsa-sha256.

Example (Microsoft Entra Tenant):

Entity ID: https://sts.windows.net/<tenantId> (Replace <TenantId> with your tenant ID)
Login URL: https://login.microsoftonline.com/<tenantId>/saml2 (Replace <TenantId> with your tenant ID)
Logout URL: https://login.microsoftonline.com/<tenantId>/saml2 (Replace <TenantId> with your tenant ID)

5. Attribute Mapping

Attribute mapping links the user data from your enterprise’s Identity Provider (IdP) to the corresponding user fields in the FactVerse platform. Mapping these attributes correctly ensures that FactVerse can identify users and assign the appropriate permissions.

Account (Required): Map the user’s account in the enterprise system (usually their email address). FactVerse will use this field as the user’s login name.
Email (Required): Map the user’s email address.
Name (Required): Map the user’s display name.
Avatar (Optional): Map the user’s avatar URL to display their profile picture in the FactVerse platform.
User Unique Identifier (Required): Map the user’s unique identifier in the enterprise system. This is typically a unique ID that ensures FactVerse can properly identify the user, different from their email or name.

Example (Microsoft Entra Tenant):

Account: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Name: http://schemas.microsoft.com/identity/claims/displayname
User Unique Identifier: http://schemas.microsoft.com/identity/claims/objectidentifier

6. Save configuration: Click the Save button to save all the configurations.

Example: Configuring SSO Login with Microsoft Entra ID

If your organization uses Microsoft Entra ID (formerly Azure Active Directory) as the Identity Provider (IdP) for SSO login to the FactVerse platform, follow these steps. It is recommended to test these steps in a test environment first.

Configuration Steps in Microsoft Entra ID

1. Log in to the Microsoft Entra ID Admin Portal: Go to the Microsoft Entra Admin Center and log in with an account that has administrator privileges.

2. Create a new enterprise application:

a) In the left-hand navigation bar, select Enterprise Applications.
b) Click + New Application, then select Create your own application.
c) In the pop-up dialog, enter a name for the application (e.g., “FactVerse SSO”), and select Integrate any other application (Non-gallery) if your app is not listed in the gallery.

3. Configure SAML settings

a) On the application’s overview page, click Set up single sign-on, then choose SAML as the SSO method.
b) In the SAML configuration page, fill in the required details for FactVerse:

i. Identifier (Entity ID): https://sts.windows.net/ (Replace with your tenant ID)
ii. Reply URL (Assertion Consumer Service URL): The SAML Assertion Consumer URL provided by FactVerse, usually like: https:///saml/acs
iii. Login URL: https://login.microsoftonline.com//saml2 (Replace with your tenant ID. This URL is used for users to log in via SAML.)
iv. Logout URL: https://login.microsoftonline.com//saml2 (Replace with your tenant ID. This URL handles SAML logout requests.)
v. User Identifier: user.mail or user.principalname (Typically, this is the user’s email address.)

4. Download the certificate: In the SAML Certificate section, click Download Certificate to download the SAML signing certificate, and save it for later use.

5. Assign owners to the enterprise application: Click Users and Groups in the left panel, then click Add User/Group to assign users or groups to this application.

Enabling SSO Login on the FactVerse Platform

Make sure your enterprise has subscribed to the SSO login feature.