(Roles Required: Owner, Administrator, User Manager, Help Desk, EPCS Enroller)
Users are the one who use the AuthX Authentication services (Two Factor/Password less Authentication) to log onto different applications protected by the company.
User Grid
- The Users section shows user metrics like- Total Users and Not Enrolled
- Total Users are the number of active users in the company.
- Not Enrolled are the number of users whose enrollment is still pending.
- Below the metrics is the user grid. The user grid lists – Username, Name, Email, Locked Status, Status of user, Source type, Last Login and Actions that can be taken
- Username: unique for every user in a company.
- Name: Name of the user which includes first name and last name
- Email: The email address of the user is used to login into applications. The email address is also a form of communication for the user.
- Status: A user’s status can be Active, Inactive and Locked Out.
- Active- A user’s status is active in the following situations:
- When the user has been enrolled.
- When the user is actively using the AuthX services. (Which is based off the user’s last login)
- Inactive- A user’s status is inactive in the following situations:
- When the user hasn’t enrolled.
- When the user hasn’t used AuthX services recently (Determined through last login and user settings).
- When the user has been deactivated.
- Locked out- A user’s status is locked out in the following situations:
- When the user fails to authenticate himself a few times and is locked out as a result. (Determined through the user settings)
- Active- A user’s status is active in the following situations:
- Source Type: The source of how the user was added.
- In-Cloud – When the users are added through the portal (i.e using the Add User button).
- AdSync – When the users are added through Azure Directory sync.
- Gdsync – When the users are added through Google Directory sync
- On-Prem – When the users are added through LDAP application.
- Last Login: Last login is the timestamp of the when the user last logged into any application (and not just portal). If the user hasn’t enrolled, then the last login will be Never Authenticated.
- Delete – An option to delete the user by Owner / Admin.
- Search – Use this search filter to pull the exact records you required
- Advance Search
- You can search the values by inputting the following details: User name, First Name, Last Name, Email, Status & Source Type
- After providing the inputs, click Apply – Respective values will be listed on the grid
- After providing the inputs, click Clear – Given values will be cleared
- Reset – Given values on the Search & Advance Search will get reset & the page will be refreshed
- You can search the values by inputting the following details: User name, First Name, Last Name, Email, Status & Source Type
- This page also has the provision to add a user manually by the Add User button in the top right-hand corner.
- Import Users – Refer Here
- Export Users – On selection, the list of users available will be exported / downloaded in the CSV file
Add a user (In-cloud)
(Roles Required: Owner, Administrator, User Manager)
The administrator adds a user manually or through the portal using the Add User button
Username
- The first step in adding a user is to fill in his username.
- The username is checked for uniqueness and should be unique for each user in a company.
- The username should be minimum of 6 characters and shouldn’t exceed 20 characters.
- The username can contain alpha numeric characters.
- The username can be an email address.
- The admin clicks on the Add User button to proceed to the next step in adding a user.
Profile Set Up
- First Name
- User’s first name. This is a mandatory field.
- Last Name
- User’s last name. This is a mandatory field.
- Email
- User’s email address, which will be used for all the notification purposes.
- The user must use his email address to login to the portal.
- Alias Username
- Username alias is not a mandatory field.
- A user can have up to 4 username aliases.
- User can use his username alias to authenticate into applications.
- Primary Username
- Primary username is the user’s principal name.
- This is not a mandatory field.
- User can use his primary username to authenticate into applications.
- Groups
- Admin can assign groups to a user, by clicking on the Add Groups section.
- Users can belong to multiple groups.
- If a user doesn’t belong to any group, default global policy will be applied.
- Password
- Only if this option is enabled in Settings-> Admin → Allow Admin to Assign Password, this Password field will be displayed
- Admin / Owner can either choose – Auto Generate password or Let me create the password
- Auto Generate password – Random 10 digit password is generated for that particular user & the same will be sent in email to the user
- Let me create the password – Admin / Owner can set any password for that particular user & the same will be sent in email to the user
- Only if this option is enabled in Settings-> Admin → Allow Admin to Assign Password, this Password field will be displayed
- Send the sign in information to
- You can also send this login info details to another email address which are mentioned here
- Notes
- Notes is not a mandatory field.
- Admin can write notes about the user in this space.
- Phone Number
- This is a mandatory field.
- Admin can add users phone number in this field.
How to Enroll Auth Factors?
Fingerprint Authentication
- Click Add fingerprint on computer
- Choose any finger and enroll it
- Then click Finish to save the enrolled finger’s
Face Authentication
- You can enroll your face on computer and AuthX mobile app
- Click Add face on computer
- Look at the camera & keep your face within the grid to enroll successfully
- Click Continue to enroll the face
- Click Add face on mobile
- A notification will be received. Approve it
- Keep the face within the grid to enroll successfully
RFID Authentication
- Connect your RFID reader
- Click Add RFID
- Place your card on the reader
- Card enrolled successfully
Pin Authentication
- Click Add Pin
- Input 6 digit pin to use it
- Options
- Change Pin – Update to new pin
- Activate & Deactivate – Current pin will be active / inactive
Hardware Token Authentication
- Go to Authentication Devices and add an Hardware token
- Now come back to Users & click Add Hardware Token
- Select your device & provide the OTP value
- Token added successfully
Protected Web Applications
- Click View Web Application
- Added web applications by the User to be listed here
After Adding User
The following are what happens once a user is added in-cloud or manually:
- User’s information appears in the user grid, where status shows as Inactive and last login shows as Never Authenticated.
- The user appears in the pending enrollments grid.
- The Not Enrolled metrics count is increased by one.
- An enrollment email is sent to the user’s email address provided by the admin.
In-Cloud User Enrollment Workflow
The following are steps for users added manually to enroll in AuthX:
- Enrollment Email
- User receives an enrollment email to his mailbox.
- Below is the template for the enrollment email.
- Redirected to AuthX Page
- When the user clicks on the enrollment link, the user is directed to the AuthX portal.
- Create a Password
- The user is directed to the Create a Password page.
- The user creates a password and confirms it.
- Mobile Number
- The user enters his phone number.
- The user enters his phone number.
- QR Code
- The user sees a generated QR Code.
- User installs the AuthX mobile app and scans the QR code.
- Scanned QR Code
- The user scans the QR code.
- If the QR code is scanned successfully, the QR code has a green check mark and an account is created on the mobile app.
Edit User
(Role Required: Owner, Administrator, User Manager)
Admins can edit a user’s profile by clicking on the username of the user. Admins can also see Account Creation and Last Login details:
- Account Creation
- Account creation is the timestamp when the user was created or when the admin clicked on the add user button in the username page.
- The time zone of the timestamp will be taken from the company’s general settings.
- Last Login
- Last Login is the timestamp of the user’s last login into the portal or any other applications.
- The time zone of the timestamp will be taken from the company’s general settings.
- When the user is being created, last login will be Never Authenticated.
- Admin cannot edit, users first name, last name, username aliases and primary username.
- Admin can however add username aliases, add groups for a user.
- Admin remove groups assigned to a user here too.
- Admin can edit user’s email address and notes.
- If a user changes his number (just his number and not his device), then the admin can edit the number in the phone number field and save changes. The phone number in the phones grid should change too
- Admin can delete user’s phone for reasons mentioned below- which will lead to the delete phone workflow (Delete Phone Workflow).
- Reasons for deleting Phone
- User changed his phone (Device) -> Delete Phone Workflow.
- User changed his phone number -> Delete Phone Workflow.
- User lost his phone and wants to disable the phone from being used->Delete Phone Workflow.
- User deleted the accounts in the app -> Delete Phone Workflow.
- Admin can enroll user’s bio metrics and deactivate them.
Delete Phone Workflow for user
(Role Required: Owner, Administrator, User Manager)
- Admin can delete user’s phone by clicking on the trash symbol in the edit user page
- A confirmation pop up appears for the admin to confirm once again. If no is chosen the phone is not deleted, when yes is chosen the phone is deleted.
- Once the phone is deleted- two things happen:
- Register user receives a Phone Number Deleted email
- The status of the phone changes to Inactive from active and in the action column there is an option “Send Enrollment Email & Send Enrollment Message”. After clicking on Send Enrollment email, an email would be triggered for the respective user to activate Phone.
- User is sent an Enroll Phone Number email. Below is the template for the Send Enrollment Email. On selecting the activation link, the respective user receives an Activate phone email.
- Select Activation link from the email, it will redirect to Phone number page (if needed, update the phone number)
- For activating, either scan QR code or Generate OTP method
- After scanning the QR code successfully, green tick mark displays on the QR code
- After click on continue, it redirects to Confirm your identity page. Use anyone of the authentication factors to login.
- User is sent an Enroll Phone Number email. Below is the template for the Send Enrollment Email. On selecting the activation link, the respective user receives an Activate phone email.
- Register user receives a Phone Number Deleted email
Inactive User (In-Cloud User)
(Role Required: Owner, Administrator, User Manager)
The admin can make the active user to Inactive, by clicking the toggle
- Users status will be changed to inactive.
- The user is no longer able to login into the portal.