To add a new user, do the following:
1. Log in to the Management Tool as a user with the administrative User Management permission.
2. Click the User Management navigation link to the left.
3. On the User Management page, click the Add User button in the top left.
4. On the Adding New User page that opens, on the User Type tab, select the type of the user to be added:
• Click the Add an Internal User button to create an internal application user.
• Click the Add an Active Directory User / User Group button to add an existing Windows user / user group.
NOTE: If an Active Directory user has already been added to two or more Active Directory user groups, this user cannot add themselves as an independent user of the Management Tool. Only other users with appropriate permissions can add them.
• Click the Add Application Account button to add an application account user.
5. On the User Details tab, do the following, and then click Next:
• For an internal user, define the user credentials and additional information about the user. Also, for internal users to receive an automatically generated one-time password, enter the user’s email address to which the one-time password will be sent.
NOTE: A user login name and password are required. The user login name must be unique. In Multi-Tenant mode, users of different tenants can have the same user login name. The password must be between 8 and 100 characters long, and contain at least one lowercase letter, one uppercase letter, one special character, and one digit. The password must contain no more than 3 identical characters in a row. The maximum length of the first name, last name, and description is 200 characters.
• For an Active Directory user / user group, search for and then select the required user / user group from any domain in the User / User group field.
NOTE: Active Directory users / user groups cannot be added if an LDAP target has not been added for the required domain on the Configuration page, or if there is no connection with the domain (the domain is unavailable).
• For an application account user, define the user credentials and additional information about the user.
6. On the User Groups tab, select the user groups that the user will belong to, and then click the Next button.
NOTE: To find a specific user group, enter its name or part of its name in the Contains search field at the top of the page, and then click the Apply Filters button on the right of it.
NOTE: The user is automatically added to the default All Users user group and cannot be removed from it.
7. On the Administrative Permissions tab, select the administrative permissions that will be granted to the user, and then click Next.
NOTE: If the user has inherited any permissions from user groups, you can only add new permissions. To remove permissions inherited from user groups, you need to remove the user from these groups.
8. On the Client Access tab, for each Client / Client group for which the permissions are to be defined, do the following, and then click Next:
• Find the required Client / Client group.
NOTE: To find a specific Client, enter its name in the Contains search field at the top of the page, and then click the Apply Filters button on the right of it.
• Click Edit Permissions on the right of the required Client / Client group, and in the the Client Permissions window that opens, select the Client permissions that will be granted to the user for the corresponding Client / Client group.
• Click Save to close the Client Permissions window.
9. On the User Access tab, the (Management Tool) user being added can be restricted so that they are only able to view the monitoring results (i.e. sessions) of specific users on Client computers (i.e. specific endpoint users).
So if you do not want the monitoring results of all endpoint users to be accessible to the Management Tool user, for each endpoint user / user group that the Management Tool user will be able to view the sessions of, do the following:
• Click the Add User button.
• Enter and then select the Domain / (local) Computer Name of the required endpoint user / user group in the drop-down list that appears.
NOTE: A asterisk can be used as a wildcard to specify multiple domains / local computers.
NOTE: Domains and computers are only displayed in the drop-down list if they have already been used to monitor Client computers previously, but new domains and computers can also be entered simply by entering their names and then selecting them.
• Enter and then select the required endpoint User / User Group in the drop-down list that appears.
NOTE: A asterisk can be used as a wildcard to specify multiple users / user groups.
NOTE: Users and user groups are only displayed in the drop-down list if they have already been used to monitor Client computers previously, but new users and user groups can also be entered simply by entering their names and then selecting them.
• Click theicon on the right of the endpoint user / user group, to complete adding it, and the settings will take effect immediately.
The rows of in the grid can be sorted by clicking the required column header, as well as edited or deleted by clicking the corresponding icon next to any row.
NOTE: If no users / user groups are added on this tab, by default, the Management Tool user will be able to view all the monitored sessions of all endpoint users in all domains.
NOTE: The Management Tool user will be able to view all the sessions of the endpoint users / user groups added – both previously recorded monitoring results and future ones.
10. Click the Finish button in the bottom right of the page.
11. The Management Tool user is then added and displayed on the User Management page.
NOTE: For Active Directory users, the first name and last name properties will be automatically filled after the user’s first login to the system.