Authentication and User Management¶
Users will be asked to authenticate when accessing server content from within web pages and applications. Upon authentication a connection token is stored locally on the device that accessed the server. Tokens keep the need to re-authenticate to a minimum. If server content has not been accessed for some time on a device the token expires and the user will need to re-authenticate to refresh the token.
This topic is relevant if you decide to share your server.
Click the “User Management” toggle to access user accounts and groups.
Select a user in the list (#1) to manage the account in the details panel (#2).
The easiest way to add users to your server is to share it and provide them with a link to the server.
Once users can access your server they can join by clicking the “Create Account” button.
Create Account & Invite User¶
An administrator can create accounts and invite users to join a server:
Make sure the server is shared.
Activate the “User Management” mode.
Right-click in the users listing and choose “Create User” from the context menu.
Once the user is created click the “Invite user” button in the details panel. A link to a registration page will be copied to the clipboard. Anyone with the link can access the registration page so send the link in a private message to the user.
The link will take the user to a login page where a password can be set.
Assigning a user to groups prior to inviting the user enables the administrator to control how the user is able to access content upon joining the server. With this version of Nucleus there is a known issue with that approach:
If an administrator creates a new user and assigns this user to a group before the user has authenticated once, the administrator will also have to manually assign this user to the “users” group. Failing to do so will result in the user not seeing any contents on your shared server.
To work around the issue:
Navigate to User Management.
Select the “Users” item.
In the list of users - select the user you created.
In the pane on the right displaying the user details, locate the “Assigned Groups” section.
Enter “users” in the “Add group” field and click the plus sign.
This will allow the user to see contents on the server.
This problem can easily be avoided by creating the user and allowing them to log in prior to adding them to additional groups.
Admins can generate invite and file URLs for other users to open. There is a known issue with this:
Invite/file URLs generated in localhost:34080 cannot be opened by non-local users. If they try to open these URLs from their own machines, they will not work.
To workaround the issue:
In a web browser, admin connects to <server IP address>:34080 instead of localhost:34080
Generate the URL; “Copy URL” for files and folders, or “Invite User” from within User Management
This will generate a link that non-local users can open.
If a user forgets the password (or just wants to change it) an administrator can generate a link by using the “Reset password” button. This works the same as the invitation process: the user will be taken to a page where a new password can be set and then access the server again.
Anyone with the link can access the password reset page so send the link in a private message to the user.
Grant Admin Access¶
Having admin access means having full access to all content and being able to access User Management features.
Use the “Grant admin access” button in the account details panel to grant or revoke this level of access. This
When account should no longer have access it can be disabled. File metadata will still indicate the user as the creator or most recent user to have modified a file where applicable.
Should the account need to be accessed again it can be re-enabled.
Select the user in the “Users” listing.
Toggle the enabled state with the “Disable”/”Enable” button.
Many users can be combined into groups. This is especially helpful when managing permissions.
The GM Group “General Management” is the group all users with Administrator level permissions are added.
This group is created automatically, and these users will have the ability to
Add and remove users from Nucleus
Create, Delete, and Modify User Groups on Nucleus
Modify ACLs on any path on Nucleus
Delete, Rename or Move any path on Nucleus
Create root level directories or files on Nucleus
Right click on “Groups” and select “Add Group” in the context menu. Provide a name.
Modify Group Membership¶
New groups are empty. Select the group and start typing the name of a user in the Add User field in the detail panel. A list will appear. Select a user and click the plus/add button in the field.
Remove a user by clicking the delete icon next to the username in the “Assigned Users” list.
Use these options if the administrator of a workstation server loose access by forgetting the password.
Ask Other Admin for Help¶
One admin can reset the password for another admin. This is by far the easiest way to restore access: Reset Password
Use a System Account¶
Locate the Nucleus installation directory. If Nucleus was installed via the Omniverse Launcher then look at the Launcher’s “Settings” window and the “Library” path.
Once in the installation directory, browse for “collaboration/nucleus-workstation [version]/Auth/configs/users.default.json”.
Open this file in a text editor and look at the list of credentials. Try using the credentials to gain access and then reset the “admin” account password in the browser.
Deleting Auth Database¶
Warning: Using this method could result in data loss. Use this only as a last resort. Make sure all other options have been exhausted first.
See Auth Database Management first to be familiar with the database.
Use the System Monitor to stop the “Nucleus” and “Auth” service.
Locate the Launcher data folder. This is available in the Launcher’s “Settings” window.
- Once in the data folder, locate the file
Make a backup.
Delete the original file.
- Once in the data folder, locate the file
Use the System Monitor to start the
At this point the
adminaccount should be have its default
Verify that other accounts are able to access the server as before.
Locate, back up (if desired), and delete the database.
At this point the
omniverseaccount should have its default password as provided during the installation process.
Auth Database Management¶
The database with all the user accounts is managed by Nucleus Authentication Service. It contains all accounts and credentials.
Groups memberships are managed and stored by Nucleus Core.
Depending on the type of installation, the files will be located in:
For Workstation installs, in the
Authsubdir under the data directory
For Enterprise installs, in the
local-accounts-dbsubdir of the data directory