Managing Users

Implement Axonius Role Based Access Control (RBAC) by assigning each Axonius user to a specific role. A role consists of a predefined set of permissions for working with Axonius pages and capabilities. This means that any changes to the role permissions will affect all the users to whom the role is assigned.

See Manage Roles for more information about managing roles.

To manage Users:

1. From the top right corner of any page, click . The System Settings page opens.
2. In the Categories/Subcategories pane of the System Settings page, expand User and Role Management, and select Users.
   
   

The page displays the list of defined Axonius users, and each user's role and permissions.

Adding a New User

1. From the Users page, click Add User.

   

2. In the user drawer, specify the following user details:

   1. User Name (required) - The user name of the user as it should appear in the Axonius system. This is a unique field and cannot be changed. Note that the user name is case sensitive.

   2. First Name and Last Name (optional) - The first and last name of the user.

   3. Email (optional) - The email of the user. This is used to create or to reset a password.

   4. Department (optional) - The department in which the user works.

   5. Job Title (optional) - The job title of the user.

   6. Role (required) - Select a role from the predefined roles. Roles can be reassigned later per user or by using bulk operation. Axonius provides a few predefined roles. You can set more roles according to your own requirements.

   7. Password mode (required) - Select one of the following:

      • Generate reset password link - This generates a reset password link URL which you can copied or send to the user, where they can set their own password.
      • Set password - The Password field will contain the password to associate with the user.

   8. Authorized Data Scopes (when data scopes are enabled)- Select one of the following:

      • All data scopes (default) - Select if this user is authorized to connect to all data scopes.
      • Specific data scopes - Select if this user is authorized to connect to specific data scopes only. Select the authorized data scopes from the list.
        
      NOTE

      Admin users with the Manage data scopes permission can assign data scopes to users.
      • Data Scope (optional) - Select a Data Scope. Data Scopes determine what data, Dashboards, queries and other objects a user can see. See Data Scope Management for more information on Data Scopes.

3. Click Save.

Editing an Existing User

1. To update an existing user, from the Users page, click a user record.
   The User drawer appears.
   

2. Update the user's configuration:

   • For internal users, you can change the user's: first name, last name, email, department, job title, role or password.
   • For external users (SAML/LDAP), you can update:
     • Role (required) - Change the user's role.
     • Add Ignore role assignment rules (required, default: False) - Select whether to enforce the current user's role regardless of the Role Assignment Settings configuration under the Identity Providers Settings.
       • If enabled, the user's assigned role will remain as is and will not be evaluated on future logins.
       • If disabled, the user's assigned role may be changed on future logins, depending on the Role Assignment Settings configuration under the Identity Providers Settings.

3. Click Save.

Reset a User Password

1. To reset a password for an existing user, from the Users page, click a user record.
   The User drawer appears.

2. You can choose to reset a password using one of the following methods:
   1. Setting a new password manually
      • Enter a new password in the Password field and then click Save.
   2. Creating a reset password link for the user to reset their own password.
      • Click the Reset Password icon.
      • A new reset password link will be generated each time and will be visible in a dialog.
      • The reset password link is valid according to the expiration configured in the Password Reset Settings.
      • The reset password link also expires when the user sets a new password through the reset password link or when a new reset password link is generated for this user.
      • The reset password link can either be copied or sent by Email (If an Email server is configured in the Email Settings).
        

Deleting Single or Multiple Users

To delete a user, from the Users page, click a user record, and then click Delete ( ).

You can also select multiple users, and from the Actions menu, select Delete Users.

Reassign Role to Single or to Multiple Users

To reassign role to a single or to multiple users:

1. From the Users page, select the relevant users, click the Actions menu, and select Assign Role.

2. In the dialog, select the role to be assigned for the selected users and click Assign.
   

Search and Filter of the User Display

Use the Search bar at the top of the page to find a specific user and to filter the list of users displayed.

• Search - Enter a user name, first name, last name, email, department or job title to search by one of these parameters; the system returns all users whose details contain these values.
• Role - Select a role, to filter the display by role. This includes both the system roles, and any custom roles that were added. All users with that role are displayed. Click Clear All to clear all selections.
• Source - Use Source to filter the display users according to their Identity Providers Settings: Internal, LDAP or SAML. Click Clear All to clear all selections.
• Date - Use the date picker to filter the display by users whose last login was on a certain date or in a certain date range.

Click Reset to clear the search and filters.