User Account

• A user account must be created for each person that needs to login to the system.

• Included in the process of creating a user, it is necessary to assign the access they are granted (i.e. what they can see and do), the security that is applied (e.g. multi-factor authentication) and even the date range for when they can login.

• The screenshot below shows a sample grid of users, which includes some key information.

  

  Grid information explained

  • User type: restricts the user roles available for selection.
  • Username: This is used to login with (the email below can also be used to login).
  • Name.
  • Email: This can also be used to login and is used for e.g. password reset communication.
  • Mobile number.
  • Access locked status: This will only be ticked if the user account has been locked or they have not yet been granted access permission via password reset.
  • Last login: This will show the UTC date and time for the last time the user logged in.
  • Failed tries: Shows the amount of times the user has failed to enter their password or username correctly (this can be reset).
  • MFA enabled: Identifies whether or not the multi-factor authentication login process has been successfully setup for the user.
  • MFA required: When ticked then multi-factor authentication has to be used. This can be defaulted for the environment within environment defaults.

---

In this section you can:

Import/export user accounts

• You can now export user accounts to excel for editing. After exporting and making the changes you can upload the excel file back to the system to populate the new user accounts.

• For information on performing an import/ export please see Export/ Import user accounts.

Find a user

• Type e.g. surname in search and it will find all users that contain that surname in the username, name, email can help you find a user.

• You can also toggle between RECENT,OPEN or SEARCH to help find users depending on your needs.

Tip

You can use advanced settings for these functions.

Edit a user

• Press Edit.

  

• A number of editable boxes in the user, contact and status boxes will turn white.

you can now change the information in these boxes.

• You can also change permissions, delegations, sessions, API keys, log and user groups.

• Press Save

Auto reset a users password

• Press AUTO RESET PASSWORD.

• Press SUBMIT.

Create a resource

• Press Create resource.

• Press the Resource tab.

• You can now edit the user resources.

• Press create.

Set a password for the user

• Press SET PASSWORD.

• Enter a new password then re-type it below.

Tip

Press Force password change to make the user set their own password when they sign in. Once they enter their own password, the old one (set by you) will no longer work.

• Press APPLY.

Block login access

• Press BLOCK LOGIN ACCESS5.

• Enter a reason for blocking the user.

• Press APPLY.

Reset password Tries

If the user has exceeded the limit of tries by entering the wrong login too many times, you can reset the tries and allow them to start again.

• To do so, press RESET TRY COUNT.

Lock a user account

• Press

• Press LOCK.

Tip

In order to unlock their account again, follow the same steps, however this time round Unlock will be presented instead of Lock.

Manage MFA

• Press

• Now you can press either REMOVE or DO NOT ENFORCE Multi-factor authentication.

Delete trusted devices

• Press

• Press DELETE TRUSTED DEVICES.

us

---

Create a new user

1. Press NEW.

   

2. Enter a new username, contact name and contact email.

   

3. Assign the accounts access license.

   

Grant user permissions

4. The next step is to grant Permissions to the user.

   

   Tip

   You can copy access from another user. To do so, select COPY FROM then choose another user and press APPLY. If you choose to copy access, please skip to step 7.

   Note

   Copying from another user will add their access permissions and can be done at any stage in addition to user access already granted.

5. Press SELECT under permissions and you will be presented with user roles to assign to the user.

   

6. Now, either select user roles individually OR Select user role groups.

   Tip

   We advise using groups for a more simplified setup.

Q: Would you like your new user to use MFA?

Tip

You can make multi-factor-authentication a requirement by ticking REQUIRED under status.

If you would like multi-factor authentication to be a default setting for users under your domain, go to environment defaults to set this preference.

Q: What does the status box show?

• Access locked: This will be ticked if the user does not have access to their account.

• Locked date: This will show the UTC date and time the account was locked.

• Locked Reason: This will display here why the account was locked.

• Force change password on next login: This will enforce the user to change their password upon login.

• Failed tries: Shows the amount of times the user has entered an incorrect password.

7. Press CREATE.

   

8. Press ALLOW LOGIN ACCESS.

• Following the creation of a user they still need to be granted login access.

  

  Tip

  Typically, the use of Allow login access is following a user account being locked out (e.g. failed password). Upon Set password, Unlock user account has the same effect as Allow login access.

  

9. Press Set password.

   

10. You will now be asked to set a new password.

    

    Q: Would you like to force the user to set their own password?

    Tip

    Tick force password change at next logon to force the new user to create their own password when they first login. When this has been done, the previous password (initially set by you) will no longer work.

    

    Tip

    Password policy is defined within environment defaults.

11. Press APPLY.

---

Explanation of the tabs

• Permissions
• Delegation
• Sessions
• Contact
• Log

• This tab will show the users roles and groups.

SSO Link wizard

• This option is used to quickly link users to the respective SSO provider(s).
  • There are separate options for Azure and also to link e.g. OneLogin users to Iplicit users.

1. Select SSO Link Wizard from the User account finder

Azure AD users

2. Click on LOGIN AzureAD to login to Azure
3. Select CONTINUE

• You will be presented with a list of users from Azure where a match will be attempted between the user email and the Azure email.

Note

• If the users are already linked, you can select "Remove Link" to remove the connection. 4. Tick the ADD LINK checkbox for each user you wish to link.

SSO users

1. Select SSO Link Wizard from the User account finder

2. Select "Import CSV"

3. Select the Provider

4. Select the CSV file of the SSO users

   Tip

   • The columns required on the file to be uploaded as per example below where the email must match the email on the user and the object_id is that provided by the SSO software (e.g. OneLogin)

     

5. Select Continue