Login
    Contents x
    Managing Users
    • 11 Oct 2023
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Managing Users

    • Updated on 11 Oct 2023
    • 5 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Implement Axonius Role Based Access Control (RBAC) and compartmentalized access by assigning each Axonius user to a specific role and data scope. A role consists of a predefined set of permissions for working with Axonius pages and capabilities. This means that any changes to the role permissions will affect all the users to whom the role is assigned. Assign users a data scope to control the data each user can see.

    See Manage Roles for more information about managing roles.

    To manage Users:

    1. From the top right corner of any page, click image.png. The System Settings page opens.
    2. In the Categories/Subcategories pane of the System Settings page, expand User and Role Management, and select Users.

    The page displays the list of defined Axonius users, and each user's role and permissions.
    UsersPageNew.png

    Adding a New User

    1. From the Users page, click Add User. The New User drawer appears.

    NewUserDrawer.png

    1. In the New User drawer, specify the following user details:

      • User Name (required) - The user name of the user as it should appear in the Axonius system. This is a unique field and cannot be changed. Note that the user name is case sensitive.

      • Role (required) - Select a role from the predefined roles. Roles can be reassigned later per user or by using bulk operation. Axonius provides a few predefined roles. You can set more roles according to your own requirements.

      • Main Data Scope - Select the Data Scope this user has access to when they log in to Axonius. Data Scopes determine what data, dashboards, queries and other objects a user can see. See Data Scope Management for more information on Data Scopes. The Data Scope name appears in the Data Scope column on the Users page. Admin users are automatically assigned the Global Data Scope.

      • Authorized Data Scopes - Admin users can be authorize do to access other Data Scopes, in addition to the Main Data Scope selected above. Select one of the following:

        • All data scopes (default) - Select if this user is authorized to connect to all data scopes.
        • Specific data scopes - Select if this user is authorized to connect to specific data scopes only. Select the authorized data scopes from the list.
          ManageRoles-AuthorizedDataScopes.png
        NOTE
        Admin users with the Manage data scopes permission can assign data scopes to users.

      • Password (required) - Select one of the following:

        • Generate reset password link - This generates a reset password link URL which you can copied or send to the user, where they can set their own password.
        • Set password - The Password field will contain the password to associate with the user.

    2. Under Optional Details, enter these details for the user:

    • First Name and Last Name - The first and last name of the user.
    • Email - The email of the user. This is used to create or to reset a password.
    • Department - The department in which the user works.
    • Job Title - The job title of the user.
    1. Click Save.
    Note:
    If you are using an Identity Provider Login, for example SAML, any user logging in for the first time is added to the users list. The user is assigned to a role based on the configured role assignment rules. For details, see Identity Provider Settings .

    Editing an Existing User

    1. To update an existing user, from the Users page, click a user record.
      The User drawer appears.
      EditUers.png

    2. Update the user's configuration:

      • For internal users, you can change the user's: first name, last name, email, department, job title, role or password.
      • For external users (SAML/LDAP), you can update:
        • Role (required) - Change the user's role.
        • Add Ignore role assignment rules (required, default: False) - Select whether to enforce the current user's role regardless of the Role Assignment Settings configuration under the Identity Providers Settings.
          • If enabled, the user's assigned role will remain as is and will not be evaluated on future logins.
          • If disabled, the user's assigned role may be changed on future logins, depending on the Role Assignment Settings configuration under the Identity Providers Settings.

    3. Click Save.

    Notes
    • You can only edit internal users who were created in Axonius by an Admin or by any other authorized user.
    • Only Admin users can modify the system default Admin user. Allowed changes are limited to email and password.

    Reset a User Password

    1. To reset a password for an existing user, from the Users page, click a user record.
      The User drawer appears.

    EditUers.png

    1. You can choose to reset a password using one of the following methods:
      1. Setting a new password manually
        • Enter a new password in the Password field and then click Save.
      2. Creating a reset password link for the user to reset their own password.
        • Click the Reset Password icon in the title bar of the user drawer.
        • A new reset password link will be generated each time and will be visible in a dialog.
        • The reset password link is valid according to the expiration configured in the Password Reset Settings.
        • The reset password link also expires when the user sets a new password through the reset password link or when a new reset password link is generated for this user.
        • The reset password link can either be copied or sent by Email (If an Email server is configured in the Email Settings).

    ResetUserPasswordNew.png

    Deleting Single or Multiple Users

    To delete a user, from the Users page, click a user record, and then click Delete ( image.png ) in the title bar.

    EditUers

    You can also select multiple users, and from the Actions menu, select Delete Users.

    DeleteUsers.png

    Note:
    The system admin user cannot be deleted.

    Reassign Role to Single or to Multiple Users

    To reassign role to a single or to multiple users:

    1. From the Users page, select the relevant users, click the Actions menu, and select Assign Role.

    UsersAssignRole.png

    1. In the dialog, select the role to be assigned for the selected users and click Assign.
      Newrtoles.png

    Search and Filter the Users List

    Use the Search bar at the top of the page to find a specific user and to filter the list of users displayed.

    UsersSearchBar.png

    • Search - Enter a user name, first name, last name, email, department or job title to search by one of these parameters; the system returns all users whose details contain these values.
    • Role - Select a role, to filter the display by role. This includes both the system roles, and any custom roles that were added. All users with that role are displayed. Click Clear All to clear all selections.
    • Source - Use Source to filter the display users according to their Identity Providers Settings: Internal, LDAP or SAML. Click Clear All to clear all selections.
    • Date - Use the date picker to filter the display by users whose last login was on a certain date or in a certain date range.

    Click Reset to clear the search and filters.

    For general information about working with tables refer to Working with Tables.


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout