AuthX Portal Guide

Administrators

(Roles Required: Owner, Administrator, User Manager, Help Desk, Read Only)

Administrators are the one who can manage their company details. When a new company is created, by default a Owner gets added in Administrator.

Administrative Roles

All administrators have a role. That role defines their activities and view of the portal.

  1. Roles – Owner, Administrator, Application Manager, User Manager, Help Desk, Read-Only

  2. CRUD- Create, Read, Update and Delete

    1. Create- The admin can add elements or components.

    2. Read- The admin cannot add, edit and delete any components. They can just read.

    3. Update- The admin can edit any components and cannot add or delete them.

    4. Delete- The admin can delete any components and cannot add or edit them.

  3. Below is a matrix with admin roles and their permissions on different links in portal.

Modules

Owner

Administrator

Application Manager

User Manager

Help Desk

Read Only

Dashboard

R

R

R

R

R

R

Device Management

RU

RU

RU

RU

Policies

CRUD

CRUD

CRUD

R

Applications

CRUD

CRUD

CRUD

R

Users

CRUD

CRUD

CRUD

RU

Auth Devices

CU

CU

CU

CU

Groups

CRUD

CRUD

CRUD

RU

Administrator

CRUD

CRUD

R

R

R

R

Reports

R

R

R

R

Settings

U

U

Owner

Owners are the ones who sign up for a company.

  1. Owners have control over all the links of the portal.

    1. Dashboard – Read-only.

    2. Device Management

      1. Mobile Devices – Update

      2. Windows Management – Read-only

    3. Policies – Add/manage policies.

    4. Applications – Add/manage applications.

    5. Users – Add/manage users.

    6. Groups – Add/manage groups

    7. Administrators – Add/manage administrators

    8. Reports – Read-only

    9. Settings – Edit Settings

  2. Owners can Create, Read, Update and Delete in any of the Add/manage links.

  3. Owner can create another owner who has the same permissions as the first owner.

  4. A single account/company can have multiple owners.

  5. Owner can edit his following details,

    1. First Name

    2. Last Name

    3. Email Address

    4. Phone number – Update & Delete

    5. All authentication factors – Enroll & Deactivate

Administrator

  1. Administrator and Owner role have same rights in the company

  2. Administrators have control over all the links of the portal.

    1. Dashboard – Read-only.

    2. Device Management

      1. Mobile Devices – Update

      2. Windows Management – Read-only

    3. Policies – Add/manage policies.

    4. Applications – Add/manage applications.

    5. Users – Add/manage users.

    6. Groups – Add/manage groups

    7. Administrators – Add/manage administrators

    8. Reports – Read-only

    9. Settings – Edit Settings

  3. Administrator can Create, Read, Update and Delete in any of the Add/manage links.

  4. Admin can edit his following details,

    1. First Name

    2. Last Name

    3. Email Address

    4. Phone number – Update & Delete

    5. All authentication factors – Enroll & Deactivate

Application Manager

  1. Application managers have control over the following links,

    1. Dashboard – Read-Only

    2. Device Management

      1. Mobile Devices – Update

      2. Windows Management – Read-only

    3. Policies – CRUD

    4. Applications – CRUD

    5. Administrators – Read-Only

  2. All the other links are not seen to the application manager.

  3. In administrator link, application manager can only view his own page.

  4. In Application manager’s own page, he can view his details like Name, Email, phone number, role and Phones.

  5. The application manager can enroll and deactivate his biometrics.

User Manager

  1. User Manager have control over the following links,

    1. Dashboard – Read-Only

    2. Users – CRUD

    3. Auth Devices – CU

    4. Groups – CRUD

    5. Administrators – Read-Only

  2. All the other links are not seen to the user manager.

  3. In administrator link, user manager can only view his own page.

  4. In user manager’s own page, he can view his details like Name, Email, phone number, role and Phones.

  5. The user manager can enroll and deactivate his biometrics.

Help Desk

  1. Help Desk have control over the following links,

    1. Dashboard – Read-Only

    2. Device Management – RU

    3. Policies – Read-Only

    4. Applications – Read-Only

    5. Users – Read and Update

    6. Auth Devices – CU

    7. Groups – Read and Update

    8. Administrators – Read-Only

    9. Reports – Read-Only

Users Grid Page

  1. Help Desk cannot add users, hence the Add User button is removed for this page.

User’s Edit Page

  1. Help Desk cannot deactivate a user.

  2. Help Desk cannot delete the phone for a user.

  3. Help Desk can just edit name and add username aliases for the user and save that change.

Group Grid Page

  1. Help Desk cannot add groups; therefore, the Add Group button is removed for this page.

Group Edit Page

  1. Help Desk cannot change the status of a group therefore it has been removed from this page.

  2. Help Desk can only edit group name and description and save the changes.

  3. Help Desk cannot add any users to the groups.

  4. Help Desk can view the users in the groups.

Read-Only

  1. Read-Only have control over the following links,

    1. Dashboard- Read-Only

    2. Administrators – Read-Only

    3. Reports- Read-Only

    4. Settings- Read-Only

    5. All the other links are not seen to Read-Only.

    6. In Settings page, all the fields are static and cannot be edited.

Administrator Grid

(Role Required: Owner, Administrator)

  1. The grid displays all the administrators. Their name, email address, Role and their Last Login.

  2. Any logged in admin user can update their details.

  3. The owner/admin can click on other administrators name to update or modify their information.

Add Administrator

(Role Required: Owner, Administrator)

  1. The owner can add administrators by clicking on the Add Administrator button.

  2. Once the owner enters Name, Email and Phone number

  3. The owner can assign a role to the user from the Role drop-down.

  4. When the Add Administrator button is clicked, a mail is sent to the user with the activation email

Edit Administrator

(Role Required: Owner, Administrator)

  1. The owner can edit any administrators profile. The owner can change the admin’s name, email address and role

  2. The owner can delete administrator’s phone numbers. (Please refer to Delete phone number workflow for reasons to delete the phone and the workflow of the process).

  3. The owner will have a similar edit page, where he can enroll and deactivate his bio-metrics.

  4. Logged in admin user, can update his details.

Administrator Phone Deletion

(Role Required: Owner, Administrator)

  1. Only Owners can delete a phone for an administrator.

  2. Reasons for deleting Phone:

    1. Admin changed his phone (Device)

    2. Admin changed his phone number

    3. Admin deleted his app

    4. Admin lost his phone and wants to disable the phone from being used.

  3. Option to delete should be in edit admin page.

  4. A confirmation pop up asks the admin- “Are you sure you want to delete the phone?” Yes or No

  5. Once the admin deletes the phone, phone number deleted email is sent out to that Admin.

  6. The action column in the phone grid changes. The delete button changes to a Actions icon. On selection, it has 2 options – ”Activate Phone Now, Send Enrollment Email and Send Enrollment Message” and the status changes to “Inactive”.

  7. Activate Phone Now

    1. Redirects to a popup for Phone number activation either by QR code scan or Generate OTP method.

    2. After scanning the QR code, a green tick mark displays & popup is hidden

    3. Now the Phone status is set to Active.

    4. In case if the user did not activate the Phone, the status will be in Pending.

Admin Login Settings

(Role Required: Owner, Administrator)

Admin login settings defines how administrators will log into AuthX portal. Owner & Admin is given three options for setting administrator’s login.

  1. By default, Optional should be selected.

  2. Disabled: “Administrators will only be able to log in with email and password”.

    1. If the admin tries to login using Microsoft, then an error pops up in the login page which has the following message- “Administrators are required to login using email and password.”

  3. Optional: “Administrators will be able to log in with email and password or your identity provider”.

  4. Required: “Administrators, except owners will be required to login with your identity provider”.

  5. If the admin, except owners tries to login using email and password, then a pop up appears in the login page with the following message- “Administrators are required to login using identity provider.”

  6. These login settings will be applied to all the administrators. These settings can be set only by Owner and Administrator.