Adding users

This topic is not applicable when SCIM integration is enabled. Users are managed in your IdP.

To add a new user:

  1. Log in to the Secure Endpoint Console as a user with Manage permissions for Users.
  2. On the navigation bar, click > User management > Users.

  3. Click Actions > Invite User.

  4. On the Invite User page, enter the user's details as follows:

    1. Under Account information:
      1. Enter the user's email address in the Email address field. This is the user's username.
      2. Enter the user's First name and Last name.

    2. Under Role assignment:

      1. Open the Role list and select the appropriate role. The list contains only those roles that your role is authorized to manage.

      2. Open the Device Group list and do one of the following:

        • To allow the user to work with all devices, select the All active devices checkbox.

          If you assigned one of the default Administrator roles to the user in the previous step, All active devices is the only option available.

        • To allow the user to work with the devices in one or more device groups, open the Device Groups list and select each device group. Both static and smart groups are available for selection. You can select up to 25 device groups.

          Before assigning a smart group to a user, consider that smart group membership is constantly re-evaluated, and the group's device list may change frequently, depending on the group's defined filter criteria.

          By assigning a device group to a user, the group becomes a "permission group", and the Edit permission group permission is required to edit it. Learn more

  5. Click OK.

The new user shows on the User Management page with a status of Active. A User created event is logged to Event History.

When a new user first logs in to the Secure Endpoint Console, their user preferences are automatically set to the language, locale, and time zone set in their web browser. At any time, the user can update these user preferences in their user profile.

An invitation email is sent to the email address you entered in step 2 above. The invitation expires after 72 hours. If the user hasn't logged in to the Secure Endpoint Console before the invitation expires, you can re-invite this user.

Note that the content included in the invitation email depends on your IdP:

  • Absolute IdP (default authentication method)

    The invitation email enables the user to create a password for their newly created user account. The user opens the email and clicks Create Password. On the Create Password page, the user enters a password, enters it again, and clicks Create Password. The user can then log in to the Secure Endpoint Console using their new password.

    User passwords must be between 8 and 64 characters in length and must include at least 2 alphabetic characters and 1 special character. Passwords can contain any printable ASCII characters, including spaces and Unicode characters. Reuse of the user's last 5 passwords is not permitted.

  • Third party IdP (SSO)

    The invitation email informs the user that a user account has been created for them, and they can access the Secure Endpoint Console by logging in to their corporate network.