(Roles Required: Owner, Administrator, User Manager, Help Desk, Read Only)
Administrators are the one who can manage their company details. When a new company is created, by default a Owner gets added in Administrator.
Administrative Roles
All administrators have a role. That role defines their activities and view of the portal.
-
Roles – Owner, Administrator, Application Manager, User Manager, Help Desk, Read-Only
-
CRUD- Create, Read, Update and Delete
-
Create- The admin can add elements or components.
-
Read- The admin cannot add, edit and delete any components. They can just read.
-
Update- The admin can edit any components and cannot add or delete them.
-
Delete- The admin can delete any components and cannot add or edit them.
-
-
Below is a matrix with admin roles and their permissions on different links in portal.
Modules |
Owner |
Administrator |
Application Manager |
User Manager |
Help Desk |
Read Only |
---|---|---|---|---|---|---|
Dashboard |
R |
R |
R |
R |
R |
R |
Device Management |
RU |
RU |
RU |
– |
RU |
– |
Policies |
CRUD |
CRUD |
CRUD |
– |
R |
– |
Applications |
CRUD |
CRUD |
CRUD |
– |
R |
– |
Users |
CRUD |
CRUD |
– |
CRUD |
RU |
– |
Auth Devices |
CU |
CU |
– |
CU |
CU |
– |
Groups |
CRUD |
CRUD |
– |
CRUD |
RU |
– |
Administrator |
CRUD |
CRUD |
R |
R |
R |
R |
Reports |
R |
R |
– |
– |
R |
R |
Settings |
U |
U |
– |
– |
– |
– |
Owner
Owners are the ones who sign up for a company.
-
Owners have control over all the links of the portal.
-
Dashboard – Read-only.
-
Device Management
-
Mobile Devices – Update
-
Windows Management – Read-only
-
-
Policies – Add/manage policies.
-
Applications – Add/manage applications.
-
Users – Add/manage users.
-
Groups – Add/manage groups
-
Administrators – Add/manage administrators
-
Reports – Read-only
-
Settings – Edit Settings
-
-
Owners can Create, Read, Update and Delete in any of the Add/manage links.
-
Owner can create another owner who has the same permissions as the first owner.
-
A single account/company can have multiple owners.
-
Owner can edit his following details,
-
First Name
-
Last Name
-
Email Address
-
Phone number – Update & Delete
-
All authentication factors – Enroll & Deactivate
-
Administrator
-
Administrator and Owner role have same rights in the company
-
Administrators have control over all the links of the portal.
-
Dashboard – Read-only.
-
Device Management
-
Mobile Devices – Update
-
Windows Management – Read-only
-
-
Policies – Add/manage policies.
-
Applications – Add/manage applications.
-
Users – Add/manage users.
-
Groups – Add/manage groups
-
Administrators – Add/manage administrators
-
Reports – Read-only
-
Settings – Edit Settings
-
-
Administrator can Create, Read, Update and Delete in any of the Add/manage links.
-
Admin can edit his following details,
-
First Name
-
Last Name
-
Email Address
-
Phone number – Update & Delete
-
All authentication factors – Enroll & Deactivate
-
Application Manager
-
Application managers have control over the following links,
-
Dashboard – Read-Only
-
Device Management
-
Mobile Devices – Update
-
Windows Management – Read-only
-
-
Policies – CRUD
-
Applications – CRUD
-
Administrators – Read-Only
-
-
All the other links are not seen to the application manager.
-
In administrator link, application manager can only view his own page.
-
In Application manager’s own page, he can view his details like Name, Email, phone number, role and Phones.
-
The application manager can enroll and deactivate his biometrics.
User Manager
-
User Manager have control over the following links,
-
Dashboard – Read-Only
-
Users – CRUD
-
Auth Devices – CU
-
Groups – CRUD
-
Administrators – Read-Only
-
-
All the other links are not seen to the user manager.
-
In administrator link, user manager can only view his own page.
-
In user manager’s own page, he can view his details like Name, Email, phone number, role and Phones.
-
The user manager can enroll and deactivate his biometrics.
Help Desk
-
Help Desk have control over the following links,
-
Dashboard – Read-Only
-
Device Management – RU
-
Policies – Read-Only
-
Applications – Read-Only
-
Users – Read and Update
-
Auth Devices – CU
-
Groups – Read and Update
-
Administrators – Read-Only
-
Reports – Read-Only
-
Users Grid Page
-
Help Desk cannot add users, hence the Add User button is removed for this page.
User’s Edit Page
-
Help Desk cannot deactivate a user.
-
Help Desk cannot delete the phone for a user.
-
Help Desk can just edit name and add username aliases for the user and save that change.
Group Grid Page
-
Help Desk cannot add groups; therefore, the Add Group button is removed for this page.
Group Edit Page
-
Help Desk cannot change the status of a group therefore it has been removed from this page.
-
Help Desk can only edit group name and description and save the changes.
-
Help Desk cannot add any users to the groups.
-
Help Desk can view the users in the groups.
Read-Only
-
Read-Only have control over the following links,
-
Dashboard- Read-Only
-
Administrators – Read-Only
-
Reports- Read-Only
-
Settings- Read-Only
-
All the other links are not seen to Read-Only.
-
In Settings page, all the fields are static and cannot be edited.
-
Administrator Grid
(Role Required: Owner, Administrator)
-
The grid displays all the administrators. Their name, email address, Role and their Last Login.
-
Any logged in admin user can update their details.
-
The owner/admin can click on other administrators name to update or modify their information.
Add Administrator
(Role Required: Owner, Administrator)
-
The owner can add administrators by clicking on the Add Administrator button.
-
Once the owner enters Name, Email and Phone number
-
The owner can assign a role to the user from the Role drop-down.
-
When the Add Administrator button is clicked, a mail is sent to the user with the activation email
Edit Administrator
(Role Required: Owner, Administrator)
The owner can edit any administrators profile. The owner can change the admin’s name, email address and role
-
The owner can delete administrator’s phone numbers. (Please refer to Delete phone number workflow for reasons to delete the phone and the workflow of the process).
-
The owner will have a similar edit page, where he can enroll and deactivate his bio-metrics.
-
Logged in admin user, can update his details.
How to Enroll Auth Factors
Fingerprint Authentication
-
Click Add fingerprint on computer
-
Choose any finger and enroll it
-
Then click Finish to save the enrolled finger’s
Face Authentication
-
You can enroll your face on computer and AuthX mobile app
-
Click Add face on computer
-
Look at the camera & keep your face within the grid to enroll successfully
-
Click Continue to enroll the face
-
Click Add face on mobile
-
A notification will be received. Approve it
-
Keep the face within the grid to enroll successfully
RFID Authentication
-
Connect your RFID reader
-
Click Add RFID
-
Place your card on the reader
-
Card enrolled successfully
Pin Authentication
-
Click Add Pin
-
Input 6 digit pin to use it
-
Options
-
Change Pin – Update to new pin
-
Activate & Deactivate – Current pin will be active / inactive
-
Hardware Token Authentication
-
Go to Authentication Devices and add an Hardware token
-
Now come back to Users & click Add Hardware Token
-
Select your device & provide the OTP value
-
Token added successfully
Administrator Phone Deletion
(Role Required: Owner, Administrator)
-
Only Owners can delete a phone for an administrator.
-
Reasons for deleting Phone:
-
Admin changed his phone (Device)
-
Admin changed his phone number
-
Admin deleted his app
-
Admin lost his phone and wants to disable the phone from being used.
-
-
Option to delete should be in edit admin page.
A confirmation pop up asks the admin- “Are you sure you want to delete the phone?” Yes or No
-
Once the admin deletes the phone, phone number deleted email is sent out to that Admin.
-
The action column in the phone grid changes. The delete button changes to a Actions icon. On selection, it has 2 options – ”Activate Phone Now, Send Enrollment Email and Send Enrollment Message” and the status changes to “Inactive”.
Activate Phone Now
-
Redirects to a popup for Phone number activation either by QR code scan or Generate OTP method.
-
After scanning the QR code, a green tick mark displays & popup is hidden
-
Now the Phone status is set to Active.
In case if the user did not activate the Phone, the status will be in Pending.
-