5. Using WAPT Self-Service¶
5.1. Presentation¶
With WAPT your users can have a selfservice for software installation.
It’s different in the Discovery and Enterprise versions.
Functionality |
Discovery |
Enterprise |
|---|---|---|
Access to self-service |
|
|
Deploying self-service packages |
|
|
Filtering self-service packages |
|
|
Management tab |
|
|
5.2. Working principle¶
The Users gain in autonomy while deploying software and configurations that are trusted and authorized by the Organization. This is a time saving feature for the Organization’s IT support Helpdesk.
5.2.1. Discovery¶
Only Local Administrators and members of the waptselfservice group can access self-service on the hosts.
Attention
These users have acces to all packages in your repository.
5.2.2. Enterprise¶
You can filter the list of self-service packages available for your users.
A self-service package may be deployed on hosts to list the different self-service rules that apply to the host.
The self-service packages are based on user groups.
Your users will be able to install a selection of WAPT packages without having to be a Local Administrator.
5.3. Using the self-service feature¶
5.3.1. Configuration Discovery Mode¶
On Discovery create a waptselfservice security group on your Active Directory and add your users.
Note
ALL users in the waptselfservice security group and ALL Local Administrators will have access to ALL WAPT packages in the repository.
It is not possible to filter the WAPT packages made accessible to the users in Discovery mode.
5.3.2. Configuration Enterprise Mode¶
In the WAPT Console go to the WAPT Packages tab and select the Self-service rules menu item.
You can now create your self-service rules package.
Give a name to the self-service package.
Give a Description.
Click on the Add button to add the group (at the bottom left).
Name the self-service group (with F2 or type directly into the cell).
Select Maturity self-service package
Select the target OS for which the self-service package is designed.
Drag and drop the allowed software and configuration packages for this self-service group into the central panel.
Add as many groups as needed to be included to the WAPT self-service package.
Save the WAPT package and deploy on the selected hosts.
Note
The name of the self-service package MUST be the same as the name of the Active Directory user security group to which the self-service rules will apply..
If a group appears in multiple self-service packages, then the rules are merged.
The authentication used is system authentication by default, it is possible to authenticate with Active Directory.
Once the self-service package is deployed, only allowed WAPT packages listed in the self-service group(s) of which the User is a member will be shown to the logged in User.
5.4. Using WAPT Self-Service¶
WAPT Self-service is accessible in the Windows start menu under the name Self-Service software WAPT.
It is also available directly in the WAPT directory <base>\waptself.exe.
Note
The login and password to enter when launching the self-service are the User’s credentials (local or Active Directory credentials).
The WAPT Self-service then displays a list of packages available for installation.
Main window of the WAPT Self-service¶
The user can have more details on each WAPT package by clicking the + button.
Different filters are available for the user on the left side panel.
The Update Catalog button is used to force a wapt-get update on the WAPT Agent;
The current task list of the WAPT Agent is available by clicking the task bar button;
It is possible to change the language of the interface with the ⚙ button at the bottom left.
5.4.1. Default package categories available¶
By default, WAPT manage these categories of packages:
Internet;
Utilities;
Messaging;
Security;
System and network;
Storage;
Media;
Development;
Office;
Education.
It is possible to add other categories to the WAPT packages that you design.
5.5. WAPT Agent settings for WAPT Self-Service¶
WAPT Agent can be configured to allow WAPT self-service.
5.5.1. Configuring a different authentication method for the self-service¶
By default, authentication on WAPT service is configured in system mode.
This behavior is defined with the value of service_auth_type in wapt-get.ini:
Value |
Description |
|---|---|
|
WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system. |
|
This mode allows authentication to the WAPT Server. The WAPT Server will make a LDAP request to verify authentication and groups. For this to work, you MUST have configured LDAP authentication on the WAPT Server. |
|
This mode allows authentication with an LDAP server identified in |
You may be interested in looking up this article describing the settings for WAPT Self-Service and the WAPT service Authentification for more options.
Note
For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your nsswitch.conf.
The id username command MUST return the list of the groups the user is member of.
Warning
In system mode we assume that Local Administrators can see all the WAPT packages.
To change this behavior see the next point.
5.5.2. Configuring the authentification for Administrator¶
By default WAPT Self-Service uses the system authentification.
In this mode, the Local Administrators can see all the packages of WAPT Server repository.
If you do not want this behavior there are 2 possibilities:
Block the view of all packages for Local Administrators.
All packages are only visible for a specific user group.
5.5.2.1. Block Local Administrator on self-service¶
To block all packages from being displayed to Local Administrators you have to add the parameter waptservice_admin_filter in wapt-get.ini.
Value |
True |
False |
|---|---|---|
|
Enable selfservice package view filtering for Local Administrators. |
Disable selfservice package view filtering for Local Administrators. |
5.5.2.2. User group self-service Administrator¶
It is possible to use a special user group to define a list of administrators in the Self-Service.
Create a user security group named waptselfservice and add members.
All members of this group can view all packages on the WAPT Self-Service.
With waptservice_admin_filter parameter, you have secured the administrator acces of WAPT Self-Service.