Add Users or Edit a User

An Administrator of Aternity can create users and configure their permissions, to sign in to Aternity, depending on their roles in your company.

Add a user to Aternity
To... Do this...

To create a user

Decide on the type of user you want to create, then create the user (see below).

  • Local User is defined entirely inside Aternity, hence their username, password, department, residency and privileges are stored locally inside Aternity.

  • SSO User signs in by securely connecting to a identity provider (IdP) to authenticate the username and password. Enable Aternity SSO with a third party IdP (learn more) or use your Microsoft Active Directory as the IdP (learn more). Then add these SSO users inside Aternity to define their roles and privileges.

    Access your Aternity homepage using SSO
  • SSO Group is Aternity's way of grouping a set of SSO users who all have the same property field and value in the identity provider (IdP). You define the same Aternity privileges for all SSO users who conform to that rule. For example, you can define privileges for a group for all SSO users in the IdP whose memberOf property has the value Engineering.

To change a user's password

(Local users only) In the list of users, select the row's context menu on the right > Reset Password. Learn more.

To change a user's permissions

Edit the user's role (see below).

If you create a local username (not from an LDAP directory), and the username is the person's valid email address, Aternity automatically sends an email to that user, asking them to create a new password. Then new users can sign in with their own password and access the functionality granted in the permissions defined here. For locally defined users, a password must be at least 8 characters long, where at least one of them is uppercase (A-Z), one lowercase (a-z), one number (0-9) and one non-alphanumeric (like @, #, $). Aternity encrypts all locally managed passwords.

After creating local users, they set up their own passwords

You can set a residency requirement for users, so that only users with a particular residency can access a specific account.

Contact Aternity SaaS Administration for more information about this feature.

Procedure

  1. Step 1 Open a browser and sign in to Aternity.
  2. Step 2 To view the usernames and groups who have access to sign in to Aternity, select the Gear Icon > Users.
    View the list of users defined in Aternity
  3. Step 3 To create a single user, decide if you want a local user whose username and password are inside Aternity, or an SSO user where you store and manage the credentials elsewhere.
    • Select Add User/Group > Local User to create a user with locally stored and managed credentials.

    • Select Add User/Group > SSO User to create a user with credentials stored and managed in your enterprise's identity provider (IdP).

    Tip

    You can switch a local user to an SSO user or switch the other way. You can also add a single user to a group, or add one of the members of a group separately as a named user to override the group's roles for that user, by selecting the row's context menu on the right > Switch.... Learn more.

    Add a user to Aternity
    Field Description
    User Name

    Enter the email address for this user, which serves as the username to sign in to Aternity.

    For SSO users, this must be identical to the identifier sent from the IdP to Aternity after authentication. You must first integrate SSO in your deployment (learn more).

    You do not define a password here. The system automatically an email to this address, containing a link for users to create their own passwords.

    Verify this is a valid email address, as Aternity sends the password link to that address.

    First Name / Last Name / Department

    Enter the user's first name, family name and department.

    Description

    (Optional) Enter notes which you may find useful to remind yourself why this user has the permissions you set.

    Tip

    This field appears for single users, it does not appear when adding/editing groups.

    Resident of

    Aternity supports companies which restrict access of data to users who hold a specific residency. When defining users in Aternity, you can specify their residency to restrict access to accounts if the user is not resident in a given country.

    This field appears only when the residency restriction attribute is turned on by account administrator.

    Enter the user's residency if your enterprise restricts access of data to users who are legally resident in a specific country or region. When you set up your account with Aternity, you can specify the residency of users who are allowed access to data. Select from:

    • USA

    • EU

    • APJ for Asia-Pacific and Japan

    • LATAM for countries in Central and South America

    • Israel

    • MEA for countries in the Middle East and Africa

    Roles

    Select the roles and permissions assigned to this user or group (listed below in alphabetical order).

    Tip

    If you do not have permission to view or edit something in Aternity, that entry does not appear at all on the screen.

  4. Step 4 You can also create a group of users who all have the same roles in Aternity.

    Select Add User/Group > SSO Group to define a group of SSO users with the same Aternity roles, where the users share the same property and value as defined in your SSO identity provider. For example, you can create an SSO group which all have a field called location with a value London or memberOf with a value of Sales.

    Note

    If a user is both a single named user AND a member of a group, Aternity only sees the roles in the named user. It ignores the group for that user.

    Create a group of users with the same roles
    Field Description
    Group Name

    Enter the name which you want Aternity to use to refer to this group of SSO users. You define a group of SSO users by a property which they share where they are stored in the identity provider (IdP).

    Group Attribute

    Enter the exact field name or attribute as defined in the IdP, which unites all SSO users in this group. For example, memberOf or Location.

    Group Value

    Enter the value of the Group Attribute field which unites all the SSO users in this group. For example, if all users in this group should have memberOf=management, enter management.

    You can also enter any part of that string (matches on 'contains'). This is useful for attributes with very long sets of values. For example, for an attribute called ldap whose value shows this user's place in the LDAP tree, if you want all users in this group to have the word management somewhere in that tree, you can just enter management.

    Description

    View the description of the group, if it is defined in the LDAP directory.

    Resident of

    Aternity supports companies which restrict access of data to users who hold a specific residency. When defining users in Aternity, you can specify their residency to restrict access to accounts if the user is not resident in a given country.

    This field appears only when the residency restriction attribute is turned on by account administrator.

    Enter the user's residency if your enterprise restricts access of data to users who are legally resident in a specific country or region. When you set up your account with Aternity, you can specify the residency of users who are allowed access to data. Select from:

    • USA

    • EU

    • APJ for Asia-Pacific and Japan

    • LATAM for countries in Central and South America

    • Israel

    • MEA for countries in the Middle East and Africa

    Roles

    Select the roles and permissions assigned to this user or group (listed below in alphabetical order).

    Tip

    If you do not have permission to view or edit something in Aternity, that entry does not appear at all on the screen.

  5. Step 5 Select the roles and permissions assigned to this user or group (listed below in alphabetical order).

    If you do not have permission to view or edit something in Aternity, that entry does not appear at all on the screen.

    Define the roles for this user or group

    The Account Administrator is the most important role.

    Field

    Description

    Account Administrator

    Select to grant permissions which cover all the listed roles, and additionally enable this user to create and configure other users in Aternity.

    Other roles in Aternity are:

    Field Description
    Edit Configuration

    Select to enable this user to view, configure and remove items from the existing list of monitored applications (see Add or View Managed Applications for Enhanced Monitoring) and location definitions (see Configure Business Locations (Site-Based Location Mapping)).

    View Configuration

    Select to enable this user to view (not edit) the existing list of monitored applications (learn more) and location definitions (learn more).

    View Dashboards

    Select to enable this user to view the dashboards and incidents in Aternity. We recommend that every user have this capability.

    Agents Operator

    Select to allow this user to download and manage SteelCentralâ„¢ Agents. This role allows accessing the Agent Download and Agent Administration screens, as well as viewing dashboards.

    Execute Remediation Actions

    Select to allow this user who is not an account administrator to remotely run scripts on another end user device to solve various performance issues.

    Appears only with Agent for End User Devices 12 and after contacting Aternity Beta Team.

    Manage Service Desk Alerts

    Select to allow this user who is not an account administrator to configure alerts triggered by device health events.

    OData REST API

    Select to enable this user to access Aternity performance data directly, bypassing the dashboards, using the REST API (learn more).

  6. Step 6 Select Create.