Skip to main content
Skip table of contents

Adding Users


To add a new user, do the following:

1. Log in to the Management Tool as a user with the administrative User Management permission.

2. Click the Users navigation link (on the left).

3. On the User Management page that opens, click the Add User button (in the top right of the page).

    

4. On the Adding New User page that opens, on the User Type tab, select the type of the user to be added:

Click the Add an Internal User button to create an internal Management Tool user.

Click the Add an Active Directory User / User Group button to add an existing Active Directory user / user group.

NOTE: If an Active Directory user has already been added to two or more AD user groups, this user cannot add themselves as an independent user of the Management Tool; only other users with appropriate permissions can add them.

 NOT AVAILABLE IN SAAS Click the Add Application Account button to add an application account user (please refer also to Syteca Application Credentials Broker (ACB)).

   

5. On the User Details tab, do one of the following (depending on the user type), and then click Next:

Click Add an Internal User, and define the user credentials, and optionally any additional information about the user, and select the Enable two-factor authentication on login checkbox if you want the user to additionally enter a 2FA code on login.

NOTE: A login name and password are required for the user. The login name must be unique, but in Multi-Tenant mode, users of different tenants can have the same login name. The password must be at least 8 characters long, and contain at least one lowercase letter, one uppercase letter, one numeric character, and one special character, and cannot contain more than 3 consecutive identical characters or the user login name. The maximum length of the first name, last name, and description is 200 characters.

NOTE: For an internal user to receive an automatically generated one-time password, the user’s Email address (to which the one-time password will be sent) needs to be entered.

NOTE: A "Reset 2FA" button is also displayed (on the right of the "Enable two-factor authentication on login" checkbox, if selected), but this button is only displayed while editing the user after the user has already been added, and only after the user has already logged in and set up 2FA (by using an authenticator app on their mobile device), and is only displayed to the "admin" user of the tenant concerned. This button can be clicked to delete the user's 2FA profile, for example, if the user losses their phone as well as their 2FA recovery code, so as to allow them to log in and set up 2FA again (e.g. on a new phone).

   

Click Add an Active Directory User / User Group, and search for and then select the required user / user group from any domain, and select the Enable two-factor authentication on login checkbox if you want to force the user to additionally enter a 2FA code on login.

NOTE: A "Reset 2FA" button is also displayed (on the right of the "Enable two-factor authentication on login" checkbox, if selected), but this button is only displayed while editing the user after the user has already been added, and only after the user has already logged in and set up 2FA (by using an authenticator app on their mobile device), and is only displayed to the "admin" user of the tenant concerned. This button can be clicked to delete the user's 2FA profile, for example, if the user losses their phone as well as their 2FA recovery code, so as to allow them to log in and set up 2FA again (e.g. on a new phone).

   

NOTE: Active Directory users / user groups cannot be added if an LDAP target has not been added for the required domain on the Configuration page, or if there is no connection with the domain (the domain is unavailable).

Click Add Application Account, and enter the Login name of the application account required, and optionally define any additional fields (please refer also to Syteca Application Credentials Broker (ACB)).

   

6. On the User Groups tab, select the user groups that the user will belong to, and then click the Next button.

NOTE: To find a specific user group, enter its name or part of its name in the Search box (at the top of the page), and then click the Apply Filters button on the right of it.

NOTE: The user is automatically added to the default All Users user group and cannot be removed from it.

   

7. On the Administrative Permissions tab, select the administrative permissions that will be granted to the user, and then click Next.

NOTE: If the user has inherited any permissions from user groups, you can only add new permissions. To remove permissions inherited from user groups, you need to remove the user from these groups.

    

8. On the Client Access tab, for each Client / Client group for which the permissions are to be defined, do the following, and then click Next:

Find the required Client / Client group.

NOTE: To find a specific Client, enter its name in the Search box (at the top of the page), and then click the Apply Filters button on the right of it.

Click the Edit Permissions (

) icon on the right of the required Client / Client group, and in the Client Permissions window that opens, select the Client permissions that will be granted to the user for the corresponding Client / Client group.

Click Save to close the Client Permissions window.

   

9. So-called "User-to-User" access permissions can be defined on the User Access tab to allow the (Management Tool) user being added to be restricted, so that they are only able to view the monitoring results (i.e. sessions) of specific users on Client computers (i.e. specific endpoint users).

So if you do not want the monitoring results of all endpoint users to be accessible to the Management Tool user, for each endpoint user / user group that the Management Tool user will be able to view the sessions of, do the following:

Click the Add User button (on the right).

Enter and then select the Domain / (local) Computer Name of the required endpoint user / user group in the drop-down list that appears.

NOTE: A asterisk can be used as a wildcard to specify multiple domains / local computers.

NOTE: Domains and computers are only displayed in the drop-down list if they have already been used to monitor Client computers previously, but new domains and computers can also be entered simply by entering their names and then selecting them.

Enter and then select the required endpoint User / User Group in the drop-down list that appears.

NOTE: A asterisk can be used as a wildcard to specify multiple users / user groups.

NOTE: Users and user groups are only displayed in the drop-down list if they have already been used to monitor Client computers previously, but new users and user groups can also be entered simply by entering their names and then selecting them.

Click the

icon on the right of the endpoint user / user group, to complete adding it, and the settings will take effect immediately (or click the
icon to delete the user / user group).

The rows of users / user groups in the grid can be sorted by clicking the required column header, as well as edited or deleted by clicking the corresponding icon next to any row.

   

NOTE: If no users / user groups are added on this tab, by default, the Management Tool user will be able to view all the monitored sessions of all endpoint users without any restrictions.

NOTE: The Management Tool user will be able to view all the sessions of the endpoint users / user groups added both previously recorded monitoring results and future ones. However, when users belonging to domain groups are added, the Management Tool user will only be able to view sessions which were recorded after they were added.

10. Click the Finish button in the bottom right of the page.

11. The Management Tool user is then added and displayed on the User Management page.

12. PAM seat licenses can then be assigned to the users (by enabling the corresponding toggles in the PAM column) for these users to be able to use the PAM (Password Management and Account Discovery) functionality (if required). 


NOTE: For Active Directory users, the first name and last name properties will be automatically filled after the user’s first login to the system.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.