Add or Configure a User

An Administrator of Aternity can create users and configure their permissions, to log in to Aternity and access parts of the system, depending on their roles in your company.

You can create LDAP-managed network users who enter their regular network usernames and passwords to login to Aternity. Their credentials are housed in your Microsoft Active Directory (AD), and therefore password changes are managed there. To configure, you must first connect your AD to Aternity. You can add Aternity users one AD user at a time, or add as an AD group of users (all with the same set of privileges).

Connect the enterprise AD to use network usernames and passwords to access Aternity

If you create a local username (not from an LDAP directory), and the username is the person's valid email address, the system automatically sends a mail to that user, asking them to create a new password. Then new users can login with their own password and access the functionality granted in the permissions defined here. For locally defined users, a password must be at least 8 characters long, with at least one uppercase (A-Z), one lowercase (a-z), one number (0-9) and one non-alphanumeric character (like @, #, $). The system encrypts all locally managed passwords.

After creating local users, they set up their own passwords
Note

If you add several AD groups, where the same user is a member of more than one group, that user receives a combination (union) of all those groups' rights. But if you define an AD user individually, and that user also appears in LDAP groups, the system only adopts the roles assigned to the individual user.

For on-premise deployments, you can force the system to require local usernames to be in the format of email addresses, select the Gear Icon > Settings > Advanced Settings > security > userInEmailFormat and set it to Yes.

Procedure

  1. Step 1 Open a browser and log in to Aternity.
  2. Step 2 Select the Gear Icon > Users.

    View the list of usernames already defined in the system to view your data.

    If a user from a group in your Active Directory (AD) accesses the system, their details appear in this list, but you cannot edit their properties, since they are managed as part of their AD group.

    Important

    This list of users are allowed to sign in to view Aternity. This is NOT the list of monitored usernames and device details which is obtained by the Aternity Agent running directly on the monitored device.

    View the list of users defined in the system
    Field Description
    Add Local User

    Select to create a new Aternity user, where you define the details (username, password, privileges) locally, not from an LDAP directory.

    For more information, see Add or Configure a User.

    Add Directory User

    Select to create a new Aternity user whose usernames and passwords are managed by your AD.

    For more information, see Add or Configure a User.

    Add Directory Group

    Select to create a set of Aternity users in one click, where the usernames and passwords are the same as a user group defined in your AD. Use this to assign all these users with the same privileges and roles.

    For more information, see Add or Configure a User.

    User/Group Name

    Displays the username for accessing the system, typically the user's email address.

    Department

    Lists the department entry for the user as entered when you created that user.

    Type

    You can create both local users and users imported from your enterprise AD.

    Roles

    Displays the list of permissions allowed for this user.

    Tip

    To view a user's roles, you must have at least all the roles of that user. Otherwise the system displays No permission to view.

    Locked

    This user attempted to login with an incorrect password too many times (by default more than five times). You can unlock the user by deselecting the check box.

    Enabled

    Select to enable this user's access to the system.

    Actions

    Select any of the following options:

  3. Step 3 To create a local user whose username is manually defined in the system (not from an LDAP directory), select Add Local User.

    Define the user's details, and their permissions or privileges.

    Add a user to the system

    Enter the user details:

    Field Description
    User Name

    Enter the email address for this user, which serves as the username to login to Aternity. You do not define a password here. The system automatically an email to this address, containing a link for users to create their own passwords.

    Note

    If you set the system to require local usernames to be email addresses, verify this is a valid email address, as the system sends the password link to that address.

    First Name

    Enter the user's first name.

    Last Name

    Enter the user's family name.

    Department

    (Optional) Enter the user's department.

    Description

    (Optional) Enter notes which you may find useful to remind yourself why this user has the permissions you set.

  4. Step 4 To add a single user whose username and password are managed by your LDAP directory, select Add Directory User.
    Add a single user who is defined in your LDAP

    This option is only visible if you configured Aternity to connect to your LDAP directory.

    Field Description
    Domain

    Select the display name of your LDAP directory, as defined in the AD configuration.

    User Name

    Enter the exact name of the LDAP username who should have a login to Aternity.

    Validate

    Select to confirm the exact username exists in the AD. If it is validated, the system displays the name underlined, and displays the remaining fields so you can confirm the username is the person you intended.

  5. Step 5 To add an LDAP-managed group, select Add Directory Group.

    All members of this group become Aternity users with identical roles and privileges. The usernames and passwords are managed by your LDAP directory.

    Create group of Aternity users with the same members as an LDAP group
    Field Description
    Domain

    Select the display name of your LDAP directory, as defined in the LDAP configuration.

    Group Name

    Enter the exact name of the LDAP group whose members should have a login to Aternity.

    Validate

    Select to confirm the exact name of the LDAP group is as you entered in Group Name. If it is validated, the system displays the name underlined.

    Description

    View the description of the group, if it is defined in the LDAP directory.

  6. Step 6 Select the roles and permissions assigned to this user or group (listed below in alphabetical order).
    Define the roles for this user or group

    The System Administrator is the most important role.

    Field

    Description

    System Administrator

    Select this role to grant the permission for ALL the roles, and additionally enable this user to create and configure other users in the system. The owner of this permission has full control over Aternity.

    Tip

    We recommend having just two users with system administrator privileges in your enterprise. The ideal system administrator is a person from the IT team, preferably from the Performance Monitoring group, who knows in depth the structure and deployment procedures of the company.

    The following table lists the other roles in the system:

    Field Description
    Aternity User

    (Only appears for those who upgraded from Aternity 8.x and altered the permissions of this role.)

    In version 8.x of Aternity, this role gave basic permissions to view dashboards, view devices, device details, view incidents, and inspect the Performance Navigator.

    In version 9.x this is replaced with View Devices, View Dashboards, and View Reports.

    Edit Advanced Configuration

    Select to enable this user to:

    Edit Configuration

    Select to enable this user to view, configure and remove items from the existing list of monitored applications (see View the List of Managed Applications) and location definitions (see Configure Business Locations (Site-Based Location Mapping)).

    Manage Devices

    Select to enable this user to view the list of all the Agents in your company, in the Agents window. This user can select a single Agent to:

    • Change an Agent's state and log level, or collect Agent logs in the Agent Control section in theAgent Dashboard window (see Agent Administration).

    • View the Agent events in the Agent Events sub-window.

    • View the history of the reports of a specific device (Agent) in the History sub-window.

    • View the incoming and the outgoing remote connections between a device and other devices in the Connections sub-window.

    • View and select the monitored applications on the device in the Monitors sub-window of the Agent.

    The owner of this privilege may also access the dashboards which summarize the device information, the device history, and the installed application list.

    View Advanced Configuration

    Select to enable this user to view, but not edit, the information listed for the Edit Advanced Configuration role.

    View Configuration

    Select to enable this user to view (not edit) the existing list of monitored applications (see View the List of Managed Applications) and location definitions (see Configure Business Locations (Site-Based Location Mapping)).

    View Dashboards

    Select to enable this user to view the dashboards and incidents in Aternity. We recommend that every user have this capability.

    View Devices

    Select to enable this user to view, but not edit, the same information as listed in the Manage Devices role.

    View Performance Navigator

    Select to grant this user access to the Performance Navigator dashboard to execute advanced queries on Aternity gathered data.

    View Reports

    Select to enable this user to access the report window and schedule automatic reports on Aternity solution performance, or on device and application performance (see ~Aternity Reports Overview~).

    Note

    If a user does not have permission to view or edit something in the system, that entry does not appear at all in the user interface.

  7. Step 7 Select Create.