User Manager

Overview

In some organizations, only one person is responsible for creating forms and working with the people using the forms. In many organizations, however, different roles are completed by different people with different skills and knowledge. The User Manager is the key tool through which ITAM allows you to create and manage users, assign them permissions, and archive or delete them when they no longer require access.

This section will discuss the User Manager, the different types of users available, and how to work with each type. We will also discuss portal entities and how to create and manage them.

Accessing the User Manager Interface

The User Manager interface can be accessed via the Manage Users button on the main menu.

The User Manager allows for managing three (3) types of users (Administrative, Examiner, and Portal) and the related Portal Entities. These options are available via the tabs at the top of the main User Manager screen. Switching between the tabs changes the type of user (or entity) being managed by the manager and displays different options pertinent to that type of user.

 

Managing Administrative Users

Administrative users are users who can access the ITAM tool's administrative capabilities. The Administrative Users interface consists of a main table that displays all users with access to your instance of the IT Audit Machine. On the top left of the table, there are options to filter users. At the top of each column, you can select the column description to sort the listed users based on that column.

At the far right of each column is an option to suspend or delete a user. This option is also available when viewing a specific entry.

Adding Administrative Users

You can add a new administrative user by clicking the Create Administrative User button on the top right corner. This will take you to the Users Manager > Add Administrative User interface. Adding an administrative user is a simple 3-step process:

1. Define the Profile

The first step involves adding the key information that distinguishes this user from the others. These two fields form the basis of their profile.

 

  • Full Name - Enter the full name of the new user.

  • Email Address—Enter the new user's unique email address. This will be used as the user's ITAM login username.

No two Administrative or Examiner users can have the same email address.

2. Set Privileges

Note: Privileges are advanced user functions that allow users to create new items or to administer the IT Audit Machine.

Three privileges can be assigned to Users:

  • Allow user to create new forms—The user can create new forms and is automatically granted full permission for any forms the user creates. The user can edit/delete the form and edit/view the form’s entries.

  • Allow users to create new themes—The user can create new themes and edit/delete any theme they create. Themes are available to the creator only.

  • Allow user to administer IT Audit MachineThe user has full control over the IT Audit Machine. The user can access all forms and entries, modify global settings, and add or delete users.

If a user does not require the ability to create new forms or themes or to administer IT Audit Machine, leave the privileges options blank.

3. Set Permissions

If the user is not a full administrator of the IT Audit Machine, then their access can be restricted on a form-by-form basis. The ability to access any of the existing forms is individually configured for each form. Three permissions can be assigned to the users of each form:

  • Edit Form — The user can add/delete the form’s fields and the form itself.

  • Edit Entries – The user can edit/delete/view the form’s entries.

  • View Entries – The user can view the form’s entries.

The Edit Entries permission and the View Entries permission are related. When assigning Edit Entries permission to a user, the user is automatically granted View Entries permission, thus exercising full read/write access to the entries. However, if you assign only View Entries permission to the user, the user can only view the form’s entries (read-only access).

When you assign custom permissions, users see custom menus for each form.

You can also change form permissions in bulk using Bulk Action to select or unselect certain permissions across all forms.

Note: Please submit the new user(s) by clicking the Add User button at the bottom of the page.

The new User will not be able to access the account until they respond to the email invitation and complete the registration process.

Editing an Administrative User

A user’s profile, privileges, and permissions may be modified anytime via the Users Manager.

Selecting a user from the user list in the Users Manager will display the user's current privileges and permissions. To edit the user settings, click on the Edit link in the control pane at the right of the user information, as seen below.

Some user profile data isn’t unavailable until the user is first created. When you click the Edit link, the additional profile fields will be available for editing.

The permissions and privileges fields are the same as when the user was created.

Warning: Not all permission/privileges will be applied instantly.

There are some things to understand about how quickly the changes are applied.

  • Editing Profiles & Permissions - Any changes to a user’s profile or permissions are applied instantly.

  • Editing Privileges - Any changes to a user's privileges are applied the next time the user logs into IT Audit Machine.

 

Two-Step Verification

You can enable Multi-Factor Authentication for users via the user edit screen at the bottom of the Edit Profile section.

Multi-factor authentication is an optional but highly recommended security feature for administrators that adds an extra layer of protection to an IT Audit Machine account. Once enabled, the IT Audit Machine will require a six-digit security code in addition to the standard password whenever a user signs in.

To enable the Multi-Factor Authentication feature for the selected user, check the selection box next to the feature label in the Edit Profile pane.

Note that the user will now be required to install and enable an authenticator application, which will provide them with a randomly generated security code to use when logging into ITAM. The instructions for selecting and setting up the authenticator are on the My Profile page.

Note: Multi-factor authentication is mandatory for Portal Users.

Automated Suspensions

These features are accessed within the Administrative Portal under the users listed in the Portal Users table. Selecting a specific user will advance you to the administrative account management function.

  • Automatically suspend account after date: An administrator may set an automatic expiration date for a User Portal account. Doing so will prevent the user from accessing the Audit Machine from the same account. This feature is very useful when you provision temporary access or have seasonal users that you want to temporarily suspend.
  • Automatically suspend an account for inactivity after: - An administrator may set an automatic suspension on a User Portal account if the user has not logged into the Audit Machine after a specified number of days. Doing so will prevent users from accessing the Audit Machine from the same account if they are not actively using it. This feature is part of a defense-in-depth security strategy to avoid having active but unused accounts sitting open on the system. Corporate IT access control policies generally specify the parameters to enter.
  • Automatically delete account for inactivity after: An administrator may set an automatic deletion on a User Portal account if the user's account has already been suspended. The administrator will set the automatic account deletion for a defined number of days after the account has been automatically suspended. This feature is very useful when you want to permanently delete Portal Users who are suspended in the IT Audit Machine.

Note: Suspending a user does not delete any forms, themes, or data entry associated with that user. The forms and themes created by the user will still be available to an administrator and all other users with permission to access them.

 

User Logs

At the bottom of the User Management screen are links to access the Audit Log, the Uploaded Files Document Log, and the User Session Log. Clicking any of those links will bring you to the appropriate log, where you can view the data and, if desired, export it to a file.

 

Managing Examiner Users

Examiner Users fill a gap between Portal Users and full Administrative Users. They are similar to Portal Users except that they can review the work done by other Portal Users in their entity. They can also update dashboards, but they lack the full administrative capabilities of the Administrative Users.

Adding Examiner Users

You add a new Examiner User by clicking the Create Examiner User button on the top right corner. This will take you to the Users Manager > Add User interface. Adding an examiner user is a simple 2-step process:

1. Enter User Information

  • Full Name - Enter the full name of the new user.
  • Email Address—Enter the new user's unique email address. This will be used as the user's ITAM login username.

No two Administrative or Examiner users can have the same email address.

2. Select Entity Permissions

Select one or more existing Entities to add this user to that Entity. If the related Entity does not exist, it must first be added before the user can be created. When done, click the Add Exminer button at the bottom of the interface to create the user.

After submitting the options selected for the new user, you will be returned to the Users Manager screen, which shows the success notification.

The new User will not be able to access the account until they respond to the email invitation and complete the registration process.

 

Editing an Examiner User

An examiner user’s profile and associated entities may be modified anytime via the User Manager.

Selecting a user from the user list in the Users Manager will display the entities associated with the Examiner User and the basic automation options and log links. To edit the user settings, click the Edit link in the control pane at the right of the user information, as seen below.

The Edit User screen has two main sections. In the first section, the user can edit their general profile information.

Note: Since the MFA is required for Portal Users, there is no option to Enable/Disable MFA.

The examiner user’s associated Entities can be edited in the second section.

Make sure to click on the Save Changes button to complete the edits.

Managing Portal Entities

Entities are logical groups of users and often represent organizations with which users and forms are associated. Depending on how your organization is using the IT Audit Machine, you may only see your organization represented by an entity, or you may have multiple entities in your portal. Some organizations use entities to represent different departments within their organization. If your organization is creating forms used by other entities, you will see them represented here and be able to manage them through this interface.

Entities are used to segregate some data, especially in reporting.

Adding Entities

Entities are added using the Create Entity button, which will display the Add Entity screen.

  • Name: The name by which the Entity will be known.

  • Description: A description of the Entity

When the information has been entered, click the Add Entity button to complete the addition of the Entity.

Edit Entity

Clicking an entity in the entity list will pull up the Edit Entity screen.

Like users, some information about the Entity is only editable after the Entity has been created.

Make any changes needed and click Save Changes to complete the edits.

Deleting an Entity

Deleting an entity is possible but should be approached with caution. Like the other records in the User Manager, the delete button is part of the entity record.

A deleted entity will no longer have access to ITAM.

Managing Portal Users

Portal Users are users who will access and use forms associated with entities in ITAM.

Adding Portal Users

You add a new portal user by clicking the Create User button on the top right corner. This will take you to the Users Manager > Add Portal User interface. Adding a portal user is a simple 2-step process:

Enter User Information

  • Full Name - Enter the full name of the new user

  • Email Address - Enter the unique email address of the new user; this will be used as the user's ITAM login username.

2. Select Entity

Enter a full or partial name of an existing Entity to perform a search to add this user to that Entity.

Warning: If the related Entity does not exist, it must be added before the user can be created. To do this, click the Add New Entity link at the top of the page.

Once the user information is entered or selected, click the Send User Invite button to invite the user into the portal as a Portal User.

Editing a Portal User

A user’s profile, privileges, and permissions may be modified anytime via the Users Manager.

Selecting a user from the user list in the Users Manager will display the entities associated with the Portal User, the basic automation options, and log links. To edit the user settings, click on the Edit link in the control pane at the right of the user information, as seen below.

The Edit User screen has two main sections. In the first section, the user can edit their general profile information.

Note: Since the MFA is required for Portal Users, there is no option to Enable/Disable MFA.

In the second section, the user's Entity can be updated, and they can be associated with additional Entities.

Make sure to click on the Save Changes button to complete the edits.

Automated Suspensions

These features are accessed within the Administrative Portal under the users listed in the Portal Users table. Selecting a specific user will advance you to the administrative account management function.

  • Automatically suspend account after a specified date: An administrator can set an automatic expiration date for a User Portal account. Doing so will prevent the user from accessing the IT Audit Machine from the same account. This feature is handy when you provision temporary access or have seasonal users you want to suspend temporarily.
  • Automatically suspend account for inactivity after: An administrator may set an automatic suspension on a User Portal account if the user has not logged into the IT Audit Machine after a specified number of days. Doing so will prevent the user from accessing the IT Audit Machine from the same account if they are not actively using the account. This feature is part of a defense-in-depth security strategy to prevent active but unused accounts from remaining open on the system. Corporate IT access control policies generally specify the parameters to enter.
  • Automatically delete account for inactivity after: - An administrator may set an automatic deletion on a User Portal account if the user's account has already been suspended. The administrator will set the automatic account deletion to occur after a defined number of days following the account's automatic suspension. This feature is handy when you want to permanently delete Portal Users who are suspended in the Audit Machine. Corporate IT access control policies generally specify the parameters to enter.

Note: Suspending a user does not delete any forms, themes, or data entries associated with that user. The forms and themes created by the user will remain available to administrators and all other users with permission to access them.

 

User Logs

At the bottom of the User Management screen, you will find links to access the Audit Log, the Uploaded Files Document Log, and the User Session Log. Clicking any of these links will direct you to the corresponding log, where you can view the data and, if desired, export it to a file.

 

Delete or Suspend a User

All user types can be deleted or suspended as needed. The options are available when viewing the list of users or a single user in the User Manager.

 

  • Deleting a User: Deleting a user account prevents the user from accessing the IT Audit Machine content. The affected user privileges, permissions, and their profile are deleted from the IT Audit Machine.

  • Suspending a User: Suspending a user account results in the user account being blocked from the IT Audit Machine panel. While the user account may still exist with the user's privileges and permissions data remaining in the system, the user is blocked from authenticating for log in access. Unblocking the user will restore the user's access to IT Audit Machine.

Note: Suspending a user does not delete any forms, themes, or data entry associated with that user. The forms and themes created by the user will still be available to an administrator and all other users with permission to access them.

Unblock a User

After a user has been suspended, an option will be available to Unblock the user.

Doing so will remove the suspension from the user’s account.

Warning: If you unblock an account, the User must log into the system on that day. If they don't log into the system on the same day, their account will be suspended again the next day.

 

Change User Password

All users may have their password reset through the Manage User interface using the option in the menu on the right side of the screen.

Reset MFA

Selecting to reset a user's MFA will require the user to reconfigure their MFA settings. The instructions for selecting and setting up the authenticator are on the My Profile page.

Previous: Theme Manager | Next: Template Manager