User Manager
Contents
Overview
In some organizations, only one person will be responsible for creating forms and working with the people using the forms. In many organizations, however, different roles are completed by different people with different skills and knowledge. The User Manager is the key tool through which ITAM allows you to create and manage users, assign them permissions and archive or delete them when they no longer require access.
In this section we will discuss the User Manager, the different types of users available and how to work with each type. We will also discuss portal entities and how to create and manage them.
Accessing the User Manager
The User Manager interface can be accessed via the Manage Users button on the main menu.
The User Manager allows for the management of three (3) types of users (Administrative, Examiner, and Portal) and the related Portal Entities. These options are available via the tabs at the top of the main User Manager screen. Switching between the tabs changes the type of user (or entity) being managed by the manager and displays different options which are pertinent to the type of user being managed.
Managing Administrative Users
[Back To Top]
Administrative users are users which have the ability to access the administrative capabilities of the ITAM tool. The Administrative Users interface consists of a main table that displays all users with access to your instance of the IT Audit Machine. On the top left of the table, there are options to filter users. On the top of each column, you can select the column description to sort the listed users based on the column.
At the far right of each column is an option to suspend or delete a user. This option is also available when viewing a specific entry.
Adding Administrative Users
[Back To Top]
You can add a new administrative user by clicking the Create Administrative User button on the top right corner. This will take you to the Users Manager > Add Administrative User interface. Adding an administrative user is a simple 3-step process:
1. Define the Profile
The first step involves adding the key information which separates this user from the other users. These two fields form the basis of their profile.
Full Name - Enter the full name of the new user
Email Address - Enter the unique email address of the new user, this will be used as the user's ITAM login username.
No two Administrative or Examiner users can have the same email address.
2. Set Privileges
Note: Privileges are advanced user functions that allow users to create new items or to administer the IT Audit Machine.
Three privileges can be assigned to Users:
Allow user to create new forms – The user is able to create new forms and is automatically granted full permission for any forms the user creates. The user can edit/delete the form and edit/view the form’s entries.
Allow user to create new themes – The user is able to create new themes and can edit/delete any theme the user creates. Themes are available to the creator only.
Allow user to administer IT Audit Machine – The user has full control over the IT Audit Machine. The user is able to access all forms and entries, modify global settings, and add or delete users.
If a user does not require the ability to create new forms or themes or to administer IT Audit Machine, leave the privileges options blank.
3. Set Permissions
If the user is not a full administrator of the IT Audit Machine, then their access can be restricted on a form by form basis. The ability to access any of the existing forms is individually configured for each form. Three permissions can be assigned to the users of each form:
Edit Form – The user is able to add/delete the form’s fields and delete the form itself.
Edit Entries – The user is able to edit/delete/view the form’s entries.
View Entries – The user is able to view the form’s entries.
The Edit Entries permission and the View Entries permission are related. When assigning an Edit Entries permission to a user, the user automatically is granted the View Entries permission as well, and thus exercises full read/write access to the entries. However, if you assign only View Entries permission to the user, the user can only view the form’s entries (read-only access).
When you assign custom permissions, users see custom menus for each form.
You can also change form permissions in bulk using the Bulk Action to select or unselect certain permissions across all forms.
Note: Be sure to submit the new user(s) by clicking the Add User button at the bottom of the page.
After submitting the options selected for the new user, you will then be returned to the Users Manager screen showing the success notification.
Editing an Administrative User
[Back To Top]
A user’s profile, privileges, and permissions may be modified at any time via the Users Manager.
Selecting a user from the user list in the Users Manager will display the current privileges and permissions for the user. To edit the user settings, click on the Edit link in the control pane at the right of the user information as seen below.
Some user profile data isn’t available until after the user is first created. When you click the Edit link the additional profile fields will be available for editing.
The permissions and privileges fields are the same as when the user was created.
There are some things to understand about how quickly the changes are applied.
Editing Profiles & Permissions - Any changes to a user’s profile or permissions are applied instantly.
Editing Privileges - Any changes to a user's privileges are applied the next time the user logs into IT Audit Machine.
2-Step Verification
[Back To Top]
You can enable Multi-Factor Authentication for users via the user edit screen at the bottom of the Edit Profile section.
Multi-Factor Authentication is an optional but highly recommended security feature for administrators that adds an extra layer of protection to an IT Audit Machine account. Once enabled, the IT Audit Machine will require a six-digit security code in addition to the standard password whenever a user signs-in.
To enable the Multi-Factor Authentication feature for the selected user check the selection box next to the feature label in the Edit Profile pane.
Note that the user will now be required to install and enable an authenticator application which will provide them a randomly generated security code to be used when logging into ITAM. The instructions for selecting and setting up the authenticator are located on the My Profile page.
Multi-Factor Authentication is mandatory for Portal Users.
Automated Suspensions
These features are accessed within the Administrative Portal under the listed users within the Portal Users table. Selecting a specific user will advance you to the administrative account management function.
Automatically suspend account after date: - An administrator may set an automatic expiration on a User Portal account. Doing so will prevent the user from accessing the IT Audit Machine from the same account. This feature is very useful when you provision temporary access or have seasonal users that you want to temporarily suspend.
Automatically suspend account for inactivity after: - An administrator may set an automatic suspension on a User Portal account if the user has not logged into the IT Audit Machine after a specified number of days. Doing so will prevent the user from accessing the IT Audit Machine from the same account if they are not actively using the account. This feature is part of a defense-in-depth security strategy to avoid having active but unused accounts sitting open on the system. Corporate IT access control policies generally will specify the parameter to enter.
Automatically delete account for inactivity after: - An administrator may set an automatic deletion on a User Portal account if the user's account has already been suspended. The administrator will set the automatic account deletion for a defined number of days after the account has been automatically suspended. This feature is very useful when you want to permanently delete Portal Users who are suspended in the IT Audit Machine. Corporate IT access control policies generally will specify the parameter to enter.
Note: Suspending a user does not delete any of the forms, themes, or data entry associated with that user. The forms and themes created by the user will still be available to an administrator and all other users who have permission to access them.
User Logs
At the bottom of the User Management screen are links to access the Audit Log, the Uploaded Files Document Log, and the User Session Log. Clicking any of those links will bring you to the appropriate log where you can view the data and, if desired, export it to a file.
Managing Examiner Users
[Back To Top]
Examiner Users fill a gap between Portal Users and full Administrative Users. They are similar to Portal Users except that they have the ability to review the work done by other Portal Users in their entity. They can also update dashboards, but they lack the full administrative capabilities of the Administrative Users.
Adding Examiner Users
[Back To Top]
You add a new Examiner User by clicking the Create Examiner User button on the top right corner. This will take you to the Users Manager > Add User interface. Adding an examiner user is a simple 2-step process:
1. Enter User Information
Full Name - Enter the full name of the new user
Email Address - Enter the unique email address of the new user, this will be used as the user's ITAM login username.
2. Select Entity Permissions
Select one or more existing Entities to add this user to that Entity. If the related Entity does not exist it will first need to be added before the user can be created. When done click the Add Exminer button at the bottom of the interface to create the user.
After submitting the options selected for the new user, you will then be returned to the Users Manager screen showing the success notification.
Editing an Examiner User
[Back To Top]
A examiner user’s profile and associated entities may be modified at any time via the User Manager.
Selecting a user from the user list in the Users Manager will display the entities associated with the Examiner User as well as the basic automation options and log links. To edit the user settings, click on the Edit link in the control pane at the right of the user information as seen below.
The Edit User screen has two main sections. In the first section, the user’s general profile information can be edited.
In the second section, the examiner user’s associated Entities can be edited.
Make sure to click on the Save Changes button to complete the edits.
Managing Portal Entities
[Back To Top]
Entities are logical groups of users and often represent organizations with which users and forms are associated. Depending on how your organization is using the IT Audit Machine you may only see your organization represented by an entity or you may have multiple entities in your portal. Some organizations use entities to represent different departments within their organization. If your organization is creating forms used by other entities, you will see them represented here and be able to manage them through this interface.
Adding Entities
[Back To Top]
Entities are added using the Create Entity button which will display the Add Entity screen.
Name: The name by which the Entity will be known.
Description: A description of the Entity
When the information has been entered click the Add Entity button to complete adding the Entity.
Edit Entity
[Back To Top]
Clicking on an entity in the entity list will pull up the Edit Entity screen.
Make any changes needed and click Save Changes to complete the edits.
Deleting an Entity
Deleting an entity is possible but should be approached with caution. Like the other records in the User Manager the delete button is part of the entity record.
A deleted entity will no longer have access to ITAM.
Managing Portal Users
[Back To Top]
Portal Users are users which will access and use forms associated with entities in ITAM.
Adding Portal Users
[Back To Top]
You add a new portal user by clicking the Create User button on the top right corner. This will take you to the Users Manager > Add Portal User interface. Adding a portal user is a simple 2-step process:
1. Enter User Information
Full Name - Enter the full name of the new user
Email Address - Enter the unique email address of the new user, this will be used as the user's ITAM login username.
2. Select Entity
Enter a full or partial name of an existing Entity to perform a search to add this user to that Entity.
Once the user information is entered or selected, click the Send User Invite button to invite the user into the portal as a Portal User.
Editing a Portal User
[Back To Top]
A user’s profile, privileges, and permissions may be modified at any time via the Users Manager.
Selecting a user from the user list in the Users Manager will display the entities associated with the Portal User as well as the basic automation options and log links. To edit the user settings, click on the Edit link in the control pane at the right of the user information as seen below.
The Edit User screen has two main sections. In the first section, the user’s general profile information can be edited.
In the second section, the user's Entity can be updated and they can be associated with additional Entities.
Make sure to click on the Save Changes button to complete the edits.
Delete/Suspend a User
All user types can be deleted or suspended as needed. The options are available when viewing the list of users or a single user in the User Manager.
Deleting a User - Deleting a user account prevents access by the user to the IT Audit Machine content. All of the affected user privileges, permissions, and their profile are deleted from the IT Audit Machine.
Suspending a User - Suspending a user account results in the user account being blocked from the IT Audit Machine panel. While the user account may still exist with the user's privileges and permissions data remaining in the system, the user is blocked from authenticating for log in access. Unblocking the user will restore the user's access to IT Audit Machine.
Unblock a User
After a user has been suspended, an option will available to Unblock the user.
Doing so will remove the suspension from the user’s account.
Change User Password
[Back To Top]
All users may have their password reset through the Manage User interface using the option presented in the menu on the right side of the screen.
Reset MFA
[Back To Top]
Selecting to reset a user's MFA will require the user to reconfigure their MFA settings. The instructions for selecting and setting up the authenticator are located on the My Profile page.
In this section we discussed the User Manager, the (3) types of users available in ITAM and how to use the tool to manage them. We also discussed Entities and how they were managed and used. In the next section we’ll discuss the Template Manager and how it enables you to create templates for exporting data in meaningful forms.
[Previous Topic → Theme Manager] | [Next Topic → Template Manager]