Adding users

Contents

Adding users

Right after installation, the only user that exists in the system is the first and main central administrator or admin user. The admin user has unrestricted access to all data available in both the Portal and the Finder. Moreover, the admin user is able to create and modify all kinds of content in the system, including dashboards, investigations, categories, alerts and user accounts.

Incidentally, you may want to give other people the chance to log in to the system and use it without necessarily having all the capabilities of the admin user. The admin user can thus create accounts for other users, restrict their views on the data and limit their ability to alter content. In this section, learn how to add users to the system and control their access to the data recorded.

Defining user roles

The roles attributed to a user determine how the user interacts with the system. The tasks of the users of the system depend on their responsabilities. Roles let you group the elements that allow users to carry out the tasks that are assigned to them. Using roles, you can specify the modules that the users playing that role can see in the Portal, the reports that they receive, the investigations that they are able to run in the Finder and the alerts that they must be aware of.

To incorporate elements into a role, you need to create these elements in the Finder first. It is not essential to have all the elements ready before defining a role. You can start by creating the role and edit it later to add the missing elements.

To define a new role:

  1. Log in to the Portal as administrator.
  2. In the Administration module, select the Roles dashboard under the Central Management section.
  3. Click the plus sign at the top right hand side of the Roles Management widget to add a new role. The wizard to add a new role opens.

Step 1: Adding modules and reports

  1. Type in the name of the new role in the Name fied.
  2. Optional: Click Add module to add an existing module of the Portal to the role. A dialog to choose the module pops up.
    1. Select a module from the list labeled Module.
    2. Optional: Click yes under the Mandatory section to make the module a requirement for those users who have the current role assigned. By default, the selected modules are not mandatory, meaning that the user can remove them from the Portal.
    3. Click Add. The dialog closes and the selected module is added to the Modules list of the role.
  3. Repeat the previous step to add as many modules as the role needs.
  4. Optional: Click Add report to incorporate an existing periodic report to the role. A dialog to choose the report pops up.
    1. Select a report from the list labeled Select the report to add.
    2. Optional: Click yes under the Mandatory section to make the periodic report a requirement for those users who have the current role assigned. By default, the selected reports are not mandatory, meaning that the user can decide to stop receiving them.
    3. Click Add. The dialog closes and the selected report is added to the Reports list of the role.
  5. Repeat the previous step to add as many reports to the role as the role needs.
  6. Click Next to go on with the next step of the wizard.

Step 2: Adding investigations

  1. Optional: Click Add investigation to include an investigation in the role. A dialog to specify the investigation pops up.
    1. Export an investigation or a folder of investigations from the Finder to the clipboard.
    2. Paste the contents of the clipboard on the dialog of the wizard.
    3. Click Add. The dialog to paste the investigation closes and the investigation is added to the Investigations list of the role.
  2. Repeat the previous step to add as many investigations as the role needs.

Step 3: Adding one-click investigations

  1. Optional: Export a pack with all the one-click investigations that you want to add to the role from the Finder.
    1. Paste the pack of one-click investigations on the dialog of the wizard.
  2. Click Next.

Step 4: Adding alerts

  1. Optional: Click Add alert to include a new alert to the role. A dialog to specify the alert pops up.
    1. Export an alert or a folder of alerts from the Finder to the clipboard.
    2. Paste the contents of the clipboard on the dialog of the wizard.
    3. Click Add. The dialog to paste the alert closes and the alert is added to the Alerts list of the role.
      • The syslog notification mechanism of global alerts is local to the Engine where the global alert was created and, therefore, not propagated to other Engines via roles. If you add a global alert with syslog notification enabled to a role, only the email notification mechanism is propagated to the users with that role.
  2. Repeat the previous step to add as many alerts as the role needs.
  3. Click Finish to end the wizard. The new role is added to the list of the Role Management widget.

Defining user profiles

The profile of a user defines the type of user, the access rights of the user to the different domains of a hierarchy (both as a viewer and as administrator, if applicable) and to the functions of the Finder. Moreover, you can associate one or multiple roles to a profile. Thus, users are able to play any of the roles associated to their profile, along with any other possible role that you may additionally assign to them.

Profile types

There are three main types of profiles:

Reader
This profile is intended for users that only have the right to view the information; both in the Portal and, optionally, in the Finder. They are able to see only the data that belongs to their view domain in a hierarchy (a subset of the hierarchy), possibly limited by privacy settings as well.
Administrator
In addition to viewing information, users with an Administrator profile can create Gallery content and manage Portal components. The view domains and administrative domains of an Administrator may be different for each hierarchy. Optionally, Administrators can have the right to create other user accounts.
Central administrator
This profile defines a special kind of Administrator who has access to all hierarchies and the right to create and modify profiles and hierarchies. Only a central administrator can configure the license and the connections to the Engines.

For more details, see the page Detailed privileges by profile.

Step 1: Creating a new profile

  1. Log in to the Portal as administrator.
  2. In the Administration module, select the Profiles dashboard under the section Central Management.
  3. Click the plus sign at the top right hand side of the Profiles Management widget to add a new profile. The wizard to add a new profile opens.

Step 2: Choosing the type of account

  1. Type in a name for the new profile in the field labeled Profile name.
  2. Select one of the three types of accounts from the choice Account type.
    • Select Reader if the profile is intended for users without administrative tasks.
      • Optional: Check the box Gallery access for the user to be able to get Portal content from the Gallery. By default, Gallery access is checked, sjo you do not need to click the box to activate the option.
    • Select Administrator if the profile is intended for users with administrative tasks.
      • Optional: Check the box Accounts creation to allow the administrative user to create new accounts. By default, Accounts creation is checked, so you do not need to click the box to activate the option.
    • Select Central administrator to create users that can administer the whole system in the same way as the admin user. In fact, the admin user belongs to the group of central administrators. Contrary to the admin user, however, you can restrict some of the views of other central administrators.
  3. Click Next to go on with the next step of the wizard.

Step 3 (Administrator profile only) : Select administration domain

If you selected to create a profile of the type Administrator in the previous step, set now its administration rights. If you chose to create a profile of the type Central administrator instead, this step is skipped, since the administration rigths of central administrators are not limited.

  1. In the field Administration domain, select a hierarchy in the first field, a level in the second and a node in the third. The profile will have administrative rights over the selected node and all the nodes below it in the hierarchy.
  2. Optional: If you checked the option Accounts creation in the previous step, select now the profiles that an Administrator with this profile can assign to the user accounts that he creates. Use the Ctrl key while clicking the names of the profiles in the list Profiles available for accounts creation. If no profile is selected, the Administrator will not be able to create user accounts.
  3. Click Next.

Step 4: Set privacy settings, roles and view domain

This is step 3 if you chose a reader profile.

  1. Select the privacy settings for the profile:
    • anonymous user & devices: user accounts with this profile cannot see the names of users or devices.
    • anonymous users: user accounts with this profile cannot see the names of users.
    • none (full access): user accounts with this profile have full access to the collected data.
  2. Select the roles of the profile by clicking their name in the Role(s) list. Use the Ctrl key to select several roles at the same time. The investigations, alerts, modules, etc attributed to the selected roles are inherited by the profile.
  3. Specify the view domain of the profile for each defined hierarchy. Users with the current profile can only view the objects grouped in the specified domain:
    1. In the from field, select the highest level in the hierarchy that belongs to the view domain.
    2. In the Node field, specify the node of the highest level that defines the top object of the view domain. This node and all nodes below it belong to the view domain down to the level specified next.
    3. In the to field, select the lowest level in the hierarchy that belongs to the view domain.
  4. Click Next.

Step 5: Set Finder access

This is step 4 if you chose a reader profile. If you want the users with the current profile to be able to access the Finder:

  1. Check the box Finder access.
  2. Select the time zone of the user.
  3. Optional: Check the box Allow edition of application and object tags if you want the users with the current profile to be able to manually modify the tags of objects in the Finder.
  4. Optional: Check the box Allow edition of categories, services and global alerts if you want the users with the current profile to be able to edit these elements in the Finder. Even You can only select this option if you gave full access to the profile in the privacy settings of the previous step.
  5. Optional: If you have purchased the Web & Cloud module, set the of the users with the current profile to restricted or full in the list under Web & Cloud visibility.
  6. Click Finish to end the creation of the profile. The profile is added to the list of profiles of the widget Profiles Management.

Creating a user

After creating roles and profiles for users, finally create user accounts that make use of them:

To create a user account:

  1. Log in to the Portal as administrator with account creation rights.
  2. In the Administration module, select the Accounts dashboard under the section Central Management.
  3. Click the plus sign in the top right corner of the widget Accounts Management. The wizard to create a new user account shows up.

Step 1: Setting personal data and profile

Nexthink supports user authentication both internally or through Active Directory.

  1. Type in the name of the user:
    • To use internal authentication, type in the desired account (login) name of the user in the field Username.
    • To authenticate users through Active Directory, type in the User Principal Name (for instance [email protected]) in the field Username. Note that this field is case sensitive. Therefore, the name of the Nexthink account must exactly match the UPN in Active Directory.
  2. Type in the complete name of the user in the field Full name.
  3. Configure the email address for sending notifications to the user in the field Email address.
  4. Type in a password for the user in the field Password and retype it in Password confirmation.
  5. Select the profile of the user. The user gets all the permissions, default content and roles associated to the profile.
  6. Click Next.


Step 2: Setting additional roles

  1. Optional: If you want the user account to inherit content from one or more roles that do not belong to its assigned profile, select the desired roles from the list Additional roles. Use the Ctrl key to select more than one.
  2. Click Ok to end the creation of the user account. The account is added to the list of accounts of the widget Accounts management.