Examiner: User Manager
Overview
In some organizations, only one person is responsible for creating forms and working with the people using the forms. In many organizations, however, different roles are completed by different people with different skills and knowledge. The User Manager is the key tool through which ITAM allows you to create and manage users, assign them permissions, and archive or delete them when they no longer require access.
In this section, we will discuss the User Manager, the type of user an Examiner can manage, and how to accomplish the various tasks of managing users.
Accessing the User Manager
The User Manager interface can be accessed via the Manage Users button on the main menu.
The User Manager allows for managing three (3) types of users (Administrative, Examiner, and Portal) and the related Portal Entities. These options are available via the tabs at the top of the main User Manager screen. Switching between the tabs changes the type of user (or entity) being managed by the manager and displays different options pertinent to that type of user.
Managing Administrative users
Administrative users are users who can access the ITAM tool's administrative capabilities. The Administrative Users interface consists of a main table that displays all users with access to your instance of the IT Audit Machine. On the top left of the table, there are options to filter users. At the top of each column, you can select the column description to sort the listed users based on that column.
At the far right of each column is an option to suspend or delete a user. This option is also available when viewing a specific entry.
Adding Administrative Users
You can add a new administrative user by clicking the Create Administrative User button on the top right corner. This will take you to the Users Manager > Add Administrative User interface. Adding an administrative user is a simple 3-step process:
-
Define a Profile
The first step involves adding the key information that distinguishes this user from the others. These two fields form the basis of their profile.
- Full Name - Enter the full name of the new user
- Email Address—Enter the new user's unique email address. This will be used as the user's ITAM login username.
2. Set Privileges
Note: Privileges are advanced user functions that allow users to create new items or to administer the IT Audit Machine.
Three privileges can be assigned to Users:
-
Allow user to create new forms—The user can create new forms and is automatically granted full permission for any forms the user creates. The user can edit/delete the form and edit/view the form’s entries.
-
Allow users to create new themes—The user can create new themes and edit/delete any theme they create. Themes are available to the creator only.
-
Allow user to administer IT Audit Machine—The user has full control over the IT Audit Machine. The user can access all forms and entries, modify global settings, and add or delete users.
If a user does not require the ability to create new forms or themes or to administer IT Audit Machine, leave the privileges options blank.
3. Set Permissions
If the user is not a full administrator of the IT Audit Machine, then their access can be restricted on a form-by-form basis. The ability to access any of the existing forms is individually configured for each form. Three permissions can be assigned to the users of each form:
- Edit Form—The user can add/delete the form’s fields and the form itself.
- Edit Entries – The user can edit/delete/view the form’s entries.
- View Entries – The user can view the form’s entries.
The Edit Entries permission and the View Entries permission are related. When assigning Edit Entries permission to a user, the user is automatically granted View Entries permission as well and thus exercises full read/write access to the entries. However, if you assign only View Entries permission to the user, the user can only view the form’s entries (read-only access).
When you assign custom permissions, users see custom menus for each form.
You can also change form permissions in bulk using Bulk Action to select or unselect certain permissions across all forms.
Note: Please submit the new user(s) by clicking the Add User button at the bottom of the page.
After submitting the options selected for the new user, you will be returned to the Users Manager screen, which shows the success notification.
The new User will not be able to access the account until they respond to the email invitation and complete the registration process.
Editing an Administrative User
A user’s profile, privileges, and permissions may be modified anytime via the Users Manager.
Selecting a user from the user list in the Users Manager will display the user's current privileges and permissions. To edit the user settings, click the Edit link in the control pane at the right of the user information, as seen below.
Some user profile data isn’t available until after the user is first created. When you click the Edit link the additional profile fields will be available for editing.
The permissions and privileges fields are the same as when the user was created.
There are some things to understand about how quickly the changes are applied.
-
Editing Profiles & Permissions - Any changes to a user’s profile or permissions are applied instantly.
-
Editing Privileges - Any changes to a user's privileges are applied the next time the user logs into IT Audit Machine.
2-Step Verification
You can enable Multi-Factor Authentication for users via the user edit screen at the bottom of the Edit Profile section.
Multi-factor authentication is an optional but highly recommended security feature for administrators that adds an extra layer of protection to an IT Audit Machine account. Once enabled, the IT Audit Machine will require a six-digit security code in addition to the standard password whenever a user signs in.
To enable the Multi-Factor Authentication feature for the selected user, check the selection box next to the feature label in the Edit Profile pane.
Note that the user will now be required to install and enable an authenticator application, which will provide them with a randomly generated security code to use when logging into ITAM. The instructions for selecting and setting up the authenticator are on the My Profile page.
Multi-factor authentication is mandatory for Portal Users.
Automated Suspensions
These features are accessed within the Administrative Portal under the users listed in the Portal Users table. Selecting a specific user will advance you to the administrative account management function.
- Automatically suspend account after date: An administrator may set an automatic expiration date for a User Portal account. Doing so will prevent the user from accessing the IT Audit Machine from the same account. This feature is very useful when you provision temporary access or have seasonal users you want to suspend temporarily.
- Automatically suspend account for inactivity after: An administrator may set an automatic suspension on a User Portal account if the user has not logged into the IT Audit Machine after a specified number of days. Doing so will prevent users from accessing the IT Audit Machine from the same account if they are not actively using it. This feature is part of a defense-in-depth security strategy to avoid having active but unused accounts sitting open on the system. Corporate IT access control policies generally specify the parameters to enter.
- Automatically delete account for inactivity after: An administrator may set an automatic deletion on a User Portal account if the user's account has already been suspended. The administrator will set the automatic account deletion for a defined number of days after the account has been automatically suspended. This feature is handy when you want to permanently delete Portal Users who are suspended in the IT Audit Machine. Corporate IT access control policies generally specify the parameters to enter.
Note: Suspending a user does not delete any forms, themes, or data entries associated with that user. The forms and themes created by the user will still be available to an administrator and all other users with permission to access them.
User Logs
At the bottom of the User Management screen are links to access the Audit Log, the Uploaded Files Document Log, and the User Session Log. Clicking any of those links will bring you to the appropriate log, where you can view the data and, if desired, export it to a file.
Managing Examiner Users
Examiner Users fill a gap between Portal Users and full Administrative Users. They are similar to Portal Users except that they can review the work done by other Portal Users in their entity. They can also update dashboards, but they lack the full administrative capabilities of the Administrative Users.
Adding Examiner Users
You add a new Examiner User by clicking the Create Examiner User button on the top right corner. This will take you to the Users Manager > Add User interface. Adding an examiner user is a simple 2-step process:
-
Enter user information
- Full Name - Enter the full name of the new user.
- Email Address—Enter the new user's unique email address; this will be used as the user's ITAM login username.
Warning: No two Administrative or Examiner users can have the same email address.
2. Select Entity Permissions
Select one or more existing Entities to add this user to that Entity. If the related Entity does not exist, it will first need to be added before the user can be created. When done, click the Add Examiner button at the bottom of the interface to create the user.
After submitting the options selected for the new user, you will be returned to the Users Manager screen, which shows the success notification.
Note: The new User will not be able to access the account until they respond to the invitation via email and complete the registration process.
Editing an Examiner User
An examiner user’s profile and associated entities may be modified anytime via the User Manager.
Selecting a user from the user list in the Users Manager will display the entities associated with the Examiner User, the basic automation options, and log links. To edit the user settings, click the Edit link in the control pane at the right of the user information, as seen below.
The Edit User screen has two main sections. The first section allows users to edit their general profile information.
In the second section, the examiner user’s associated Entities can be edited.
Make sure to click on the Save Changes button to complete the edits.
Managing Portal Entities
Portal Users are users who will access and use forms associated with entities in ITAM.
Adding Portal Users
You add a new portal user by clicking the Create User button on the top right corner. This will take you to the Users Manager > Add Portal User interface. Adding a portal user is a simple 2-step process:
1. Enter User Information
-
Full Name - Enter the full name of the new user.
-
Email Address—Enter the new user's unique email address. This will be used as the user's ITAM login username.
2. Select Entry
Enter a full or partial name of an existing Entity to perform a search to add this user to that Entity.
Once the user information is entered or selected, click the Send User Invite button to invite the user into the portal as a Portal User.
Editing a Portal User
A user’s profile, privileges, and permissions may be modified anytime via the Users Manager.
Selecting a user from the user list in the Users Manager will display the entities associated with the Portal User, the basic automation options, and log links. To edit the user settings, click the Edit link in the control pane at the right of the user information, as seen below.
The Edit User screen has two main sections. The user’s general profile information can be edited in the first section.
In the second section, the user's Entity can be updated, and they can be associated with additional Entities.
Make sure to click on the Save Changes button to complete the edits.
Automated Suspensions
These features are accessed within the Administrative Portal under the users listed in the Portal Users table. Selecting a specific user will advance you to the administrative account management function.
-
Automatically suspend account after date: An administrator may set an automatic expiration date for a User Portal account. Doing so will prevent the user from accessing the IT Audit Machine from the same account. This feature is very useful when you provision temporary access or have seasonal users you want to suspend temporarily.
-
Automatically suspend account for inactivity after: - An administrator may set an automatic suspension on a User Portal account if the user has not logged into the IT Audit Machine after a specified number of days. Doing so will prevent users from accessing the IT Audit Machine from the same account if they are not actively using it. This feature is part of a defense-in-depth security strategy to avoid having active but unused accounts sitting open on the system. Corporate IT access control policies generally specify the parameters to enter.
-
Automatically delete account for inactivity after: - An administrator may set an automatic deletion on a User Portal account if the user's account has already been suspended. The administrator will set the automatic account deletion for a defined number of days after the account has been automatically suspended. This feature is very useful when you want to permanently delete Portal Users who are suspended in the IT Audit Machine. Corporate IT access control policies generally specify the parameters to enter.
Note: Suspending a user does not delete any forms, themes, or data entries associated with that user. The forms and themes created by the user will still be available to an administrator and all other users with permission to access them.
User Logs
At the bottom of the User Management screen are links to access the Audit Log, the Uploaded Files Document Log, and the User Session Log. Clicking any of those links will bring you to the appropriate log, where you can view the data and, if desired, export it to a file.
Delete/Suspend a User
All user types can be deleted or suspended as needed. The options are available when viewing the list of users or a single user in the User Manager.
-
Deleting a User - Deleting a user account prevents the user from accessing the IT Audit Machine content. The affected user privileges, permissions, and their profile are deleted from the IT Audit Machine.
-
Suspending a User - Suspending a user account results in the user account being blocked from the IT Audit Machine panel. While the user account may still exist with the user's privileges and permissions data remaining in the system, the user is blocked from authenticating for login access. Unblocking the user will restore the user's access to the IT Audit Machine.
Unblock a User
After a user has been suspended, an option will be available to Unblock the user.
Doing so will remove the suspension from the user’s account.
If you unblock an account, the User must log into the system that day. If they don't log into the system on the same day, their account will be suspended again the next day.
Change User Password
All users may have their password reset through the Manage User interface using the option in the menu on the right side of the screen.
Reset MFA
Selecting to reset a user's MFA will require the user to reconfigure their MFA settings. The My Profile page has instructions for selecting and setting up the authenticator.