Skip to main content

Quick Start

This guide walks you through setting up a new department's organizational structure from scratch in the System Management module, assigning employee accounts, and granting core permissions — ultimately ensuring that department employees can access the designated applications and data securely and properly.

Prerequisites

  • Log in to the BK-Lite console with an account that has "Super Admin" or "Platform Admin" permissions.
  • Before distributing access to business departments, ensure you are clear about the maximum permission scope required for each department's system boundaries.

System Management Navigation Structure

After entering System Management, the top-level navigation includes four entry points:

Entry PointMain Purpose
User ManagementOrganization Structure, User Accounts, Authentication Sources, Security Policies
Application ManagementRoles, Data Permissions, Custom Menus
Notification ChannelsEmail/WeCom/DingTalk and other message channel configuration
Platform SettingsAPI Keys, Audit Logs, Error Logs

Step-by-Step Guide

1. Perfect Organization and User Architecture (User Management)

At the initial stage, you need to map the enterprise's actual personnel and structure to the platform.

  1. Navigate to "User Management" > "Organization Structure", click "Create" and build a tree-based organizational structure specific to your enterprise (e.g., R&D Department > Frontend Team).
  2. Go to "User List", click "Add User", fill in the employee's basic information (such as name, email, login name, etc.), and bind them to the organization you just created.

Tip: When creating or editing users, at least one real (non-virtual) organization must be selected, otherwise submission will be rejected.

2. Build Application Roles and Assign Permissions (Application Management)

With the organization and users in place, the next step is to define what they can "do" and what they can "see" on the platform.

  1. Navigate to "Application Management" > "Roles", select the application the employee needs to use (such as CMDB, monitoring, etc.), and create a "role" that represents this type of personnel (e.g., Read-Only User, Inventory Manager).
  2. Configure the menu settings and data permission bindings for this new role. This step determines which views and data scopes the role can access.
  3. Click the "Members & Organizations" tab for the role, and assign the organizations or specific users from Step 1 to the role. The system will automatically distribute and refresh the corresponding permission rules.

3. Strengthen System Security Gate (User Management - Security Policies)

Protecting the system must start at the login gate.

  1. Navigate to "User Management" > "Security Policies".
  2. To ensure enterprise-grade account security, configure and enable your password policy mechanisms (e.g., adjust minimum password length, configure account lockout after multiple failed password attempts). You can also optionally set up a unified authentication endpoint based on an enterprise identity source for consistency.
  3. For further login security enhancement, you can enable OTP two-factor verification in "User Management" > "Security Policies". Once enabled, users must complete OTP code confirmation after password validation during login, with built-in rate-limiting to prevent enumeration attacks.

4. Open System Notification Channels (Notification Channels)

If you need various business modules (such as the Alert Center) to push messages to internal personnel, you must first set up the delivery capability here.

  1. Go to "Notification Channels", click "Create".
  2. Based on your enterprise's actual communication tools, set the type (e.g., WeCom bot or Feishu bot) and enter the corresponding Webhook URL and secret key credential parameters.

5. Configure API Keys (Platform Settings - API Keys)

If you need to integrate external systems via API, you can generate API keys for specified users here.

Important: API keys are displayed in full only once in the success dialog. Please copy and save immediately. After closing the dialog, the list page only shows masked preview values, and the system no longer provides a second query path for the complete key.

Verification and Closure

After completing the basic "registration" process above:

  1. Use the new user account created in Step 1 to attempt logging into the system in a browser's incognito mode. The system should prompt the new user with enterprise password compliance policy requirements.
  2. After successful login, check the sidebar navigation: you should only be able to see the specific menu pages that were made accessible through the permissions assigned in Step 2 (thus completing the permission isolation verification loop).
  3. Return to the Super Admin's main account view and open "Platform Settings" > "Audit Logs". You should see the new employee's first login recorded in the "Operation Logs" tab, and the "Login Logs" tab will also record the login event, ensuring all application access is fully traceable.

Common User Status Handling

ScenarioSolution
Employee account is locked (multiple wrong password attempts)In "User Management" > "Organization Structure" user list, execute "Unlock" action on the user
Employee leaving and account needs to be disabledIn the user list, execute "Disable" action; for disabling multiple accounts in batch, check them and execute through the "Batch Operations" dropdown menu
Re-enable a disabled accountIn the user list, execute "Enable" action on the user
Password expiration requiring forced resetThe system sends reminder emails before expiration; after expiration, the next login will force password change (admin account triggers forced password change immediately upon login when expired)