Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The Edit User functionality allows administrators to modify user details within the Identity Hub.
Navigate to Identity Hub -> Users, select the specific user you wish to edit, then go to the User Info page and click on Edit User
The Edit User form will be displayed, where you can modify the user's information as needed.
After making the necessary changes, click Save to update the user's details.
Saving the changes may also trigger updates in target applications, depending on the configuration. This ensures that any modifications done are synchronized across all relevant systems.
While users may be imported and synchronized from other Identity providers, sometimes users may need to be added manually by the administrator.
First navigate to the User configuration page, by clicking on the Identity Hub > User menu on the left-hand side panel.
Click on the “+Add New” button.
Enter the required information and scroll down to add further information.
Click on the Save button to move to the next configuration page, and copy the automatically generated password.
Optionally a group can be assigned to the user.
And also applications can be assigned to the user.
Once all the above steps are completed successfully the user is created with the assigned groups and assigned applications.
The User Management interface in Cymmetri provides an intuitive and efficient way to manage the users within Cymmetri. The interface is designed to support both list and card views, allowing administrators to easily navigate through user profiles according to their preferences.To access the User Management page, navigate through: Identity Hub -> User
The UserManagement Page provides various features which eases the user management.
View Modes: Users can toggle between a list and a card view, providing flexibility in how information is displayed.
Search Functionality: Quickly find users with the integrated search feature, saving time and improving manageability.
Advanced Filtering: The granular filtering capability ensures that administrators can pinpoint users based on specific criteria, making user management tasks more streamlined. List of users can be narrowed down the using various filters, including:
Account Status
User Status
Users' Login Status
Location
Department
Designation
Usertype
Custom Attributes
For each user, the following information is prominently displayed:
Display Name: The full name of the user as it appears in the organization.
Email: The user's primary email address.
Mobile Number: Contact number of the user.
User Status Indicator: An intuitive green or red dot next to the display picture indicates whether a user is active or inactive, respectively.
A context menu associated with each user profile offers a suite of actions, enabling administrators to manage user accounts directly from the interface. Available actions include:
Reset Password: Securely reset a user's password.
Mark Inactive: Change a user's status to inactive.
Assign Group: Add the user to specific groups for access control and organizational purposes.
Assign Application: Allocate applications to the user as per their role and requirements.
Edit Info: Update user information such as email, mobile number, and other personal details.
Delete User: Remove the user from the system entirely.
Users may be imported into the Cymmetri platform using the bulk Import Users feature.
Please Note: User import process follows the synchronization policies as defined here.
For Importing Users in the Cymmetri platform administrator needs to click on Identity Hub > User menu and then click on the Bulk Import > Import Users button.
A screen pops up that lets you select the CSV file you want to upload to import the users, Upload the CSV file, you may also use the sample data file available and modify it to match your user details.
Click on the Upload File button and select the file you wish to import
Once the file is selected ensure that the default parameters selected match your requirements else you may change these parameters as per your requirement and click on the Next button.
Match the Column names from the CSV file with the Cymmetri User Attributes using this File Info dialog box.
Scroll down and click on the Import button. Note: A "Skip user workflow" check box is available to skip execution of any user workflow configured for the creation of users, if not selected it may trigger user creation workflow, and the process of importing users may slow down due to the numerous approvals that the approver might have to do.
Once Imported results of successfully Imported Users, Duplicate Users, or any error that occurred during import can be seen in Logs > Import History page
This page is designed to provide a comprehensive view of an individual user's information, facilitating easy access and management for administrators.
The top section of the User Details Page showcases the following crucial user information:
The user's profile picture is prominently displayed, offering a visual identification of the user. This feature aids in personalizing the user experience and making navigation more intuitive.
Right next to the profile picture, users can find the current status of the user, which indicates whether the user is Active, Inactive, or Pending. This status helps in quickly understanding the user's engagement level.
This is a unique identifier for the user within the system. It serves as a key piece of information for various administrative processes, including user tracking, support, and security checks.
The user's Email ID is displayed, providing an essential communication link. It is used for sending notifications, password resets, and other critical communications.
The user's mobile number is listed if provided. This number can be utilized for two-factor authentication, urgent alerts, or direct contact purposes.
This structured format ensures that an administrator or any authorized viewer can quickly access and understand a user's essential information without navigating through multiple pages.
The user's risk details are visible on the page to notify that the user is a high-risk user. On further clicking on that page it shows User's Risk metrics.
This page provides a comprehensive overview of the user information managed within our system. The data is categorized into several sections to facilitate easy access and understanding of each user's profile. These sections are detailed below.
First Name: The user's given name.
Middle Name: The user's middle name, if applicable.
Last Name: The user's family name.
Grade: The user's grade (a set of values needs to be defined for this field in Masters).
Designation: The specific title or position the user holds.
Date of Birth: The user's birth date.
Age: The user's current age, is calculated from the date of birth.
User Type: Classification of the user based on the user types defined in the system.
Login ID: The unique identifier used by the user to access the system.
Country: The country where the user is located.
City: The city within the country.
Mobile: The user's mobile phone number.
Email: The user's email address, is used for electronic correspondence.
Landline: The user's landline phone number, if applicable.
Address: The user's full postal address.
Employee ID: A unique identifier assigned to the user within the organization.
Department: The department to which the user is assigned.
Start Date: The date when the user commenced their current position.
End Date: If applicable, the date when the user's current position will or has ended.
Manager: The user's direct supervisor or manager.
Additionally, this page may display values for custom attributes specific to our organization. These attributes allow for the capture of information not covered by the standard categories but deemed necessary for our operations.
This comprehensive user information page ensures that all pertinent data regarding an individual within our organization is readily accessible, facilitating smooth operations, management decisions, and communication.
This page is designed to streamline the management and assignment process of applications for users. It offers a section where you can easily view all your assigned applications along with their current status. Additionally, it allows for the straightforward assignment of new applications to your profile.
Viewing Assigned Applications: Upon accessing the page, you will be presented with a list of applications currently assigned to you. Each application tile gives a snapshot of the application's status, enabling you to quickly assess which applications require your attention.
Assigning Roles: Application Roles can be assigned to the user, using the Assign Role option. This option also allows the assignment of multiple roles to a user.
Unassign Assigned Applications: Assigned applications can be removed using the delete option in the (⋮) menu.
Assigning New Applications: Should you need to add more applications to your list, the process is simple. Just click on the Add New Button located on the interface. This action opens up a selection window where you can choose additional applications that you wish to assign to the user.
Searching for Applications: To facilitate ease of access, a search function is incorporated into the interface. This feature allows you to quickly find specific applications by typing the name or part of it into the search bar, saving you time and effort from manually scrolling through the list of applications.
Note: In instances where an application has not been successfully assigned, the interface provides direct actions to resolve the issue without needing to navigate away from the page. Each application tile includes an (⋮) menu with two options:
Retry: If an application's assignment process encounters an issue, you can select this option to attempt assigning the application again.
Delete: If the assignment issue remains unresolved or if you no longer wish to keep the application, you can choose to remove the application from your list entirely.
This page provides an overview of the groups to which a user is assigned, reflecting the current status of each.
Upon accessing the page, users are presented with a list of all the groups to which they are currently assigned. Each entry includes the group's name, description, number of users in the group and number of applications assigned to the group.
To enhance the user's role or access within the system, the Add New Button is prominently positioned. This option allows users to be added to more groups, expanding their access and functionalities within the application. The process is designed to be straightforward, guiding the user through a simple process to ensure accurate group assignments.
This menu option found within the ellipse (⋮) menu takes you to the groups page where you may edit any information related to the group
Equally important is the capacity to manage the departure from groups, which is facilitated by the Delete Group option. Also found within the ellipse (⋮) menu, this feature does not delete the group itself but rather unassigns the user from the selected group. This action ensures the user's access and permissions within the application are precisely tailored, maintaining security and relevance.
This page shows user user-specific audit log for all the various actions and activities performed by the user. This may include all activities related to the user as shown below
Status: You can change the status of users and accounts in our system to manage access and control.
Locked: Stops user access temporarily. This is used for security reasons or if there are too many failed login attempts.
Unlocked: Gives access back to the user, allowing them to log in and use the system.
Active: The account is in use, and everything works normally.
Inactive: Temporarily not in use but can be activated again.
Delete: The account is deleted and moved to suspended accounts
Reset Password: A Generate button allows the administrator to reset passwords for users, which can then be copied to the clipboard if required.
RBAC: This section can be used to assign tenant-wide roles defined in the master to the user.
Secret Questions: This section shows a list of secret questions selected by the user
Additional MFA: Administrators can view the MFA mechanisms configured by the user as well as remove the configured MFA if required for a specific user
If Adaptive MFA is configured for users and a configuration for Device Trust is done, Cymmetri maintains a list of Trusted devices that satisfy the conditions of the Device Trust configuration. This list of devices trusted based on the configuration done by the admin are listed on this page with the following information about each device: Browser, OS, Created At, Trusted, Action(remove device)
This page provides Cymmetri administrators with the capability to monitor and manage all user sessions, It provides the following information: Browser, OS, Created By, IP Address, Created At, and Action (delete session). A user may have multiple session entries if the Multiple Session configuration is enabled.
The Managed View page shows the user data based on various provisioning applications assigned to a user, This page shows the Attribute Name, Managed System Value, and IDM Value
Attribute Name: Attribute name as defined in the policy attribute page of the provisioning application
Managed System Value: Value as saved in the provisioning application
IDM Value: Value as saved in Cymmetri
In Cymmetri, one of the features available to users is the ability to delegate self-service access. This capability enables users to assign their access rights and responsibilities to other users temporarily. Ideal for scenarios such as vacations, business trips, or whenever a user needs someone else to manage their duties without forfeiting their credentials or compromising security.
This page shows the delegation provided by the user, this may be currently in progress or the delegation which was last completed.
The page shows the status of the Delegation (INPROGRESS, COMPLETED), Designated To, Start Date and End Date, and the list of Excluded Applications(if any)
Administrator tasks pertaining to bulk users may be eased by creating groups of users.
Access the group configuration page by clicking the Identity Hub >Groups menu on the left-hand side.
Click on the “+Add New” button to start creating a new group
Group Name: Indicates the name of the group.
Group Type: For environments not using Active Directory, either Local or Remote Group may be chosen, in case Active Directory is being used for synchronization in the tenant, the appropriate type according to the group policy object must be chosen.
Parent Group: If a parent group is chosen, all the policies and rules applicable to the parent group will be assigned to this new group, in addition to the policies and rules specifically applied to this new group.
Group Description: Optionally, a description may be provided to the group.
Once all the details have been entered click on the Save button and a new group is created.
This section stores and manages user accounts that have been archived or deactivated. These accounts are usually no longer active but are retained for historical or compliance purposes.
You can see the other condition when the users are moved to archived users here.
For any user to be able to delegate their work to other users, the user should be added to the delegation users list; Check here how to Add Users to the delegation list so that they can delegate their activities.
Following are the steps to delegate work to a delegatee:
The logged-in user needs to go to their Settings Page by clicking on the user's username on the top right
Once on the Settings Page user needs to click on the My Delegations menu
Note: My Delegations menu will appear only if the logged-in user is added to the delegation users list. Here is how to Add Users to the delegation list.
Toggle Status: Enable the Toggle Status to Active
Start Date: The date from which the user is delegated the work
End Date: The date up to which the access is delegated
Delegated To: The user (delegatee) to whom the work is delegated. This dropdown populates the list of all users to whom the task can be assigned
Excluded Applications: List of applications whose access is not provided to the delegatee
Once all the details are filled the user is expected to accept the consent to be able to configure the delegation. The consent looks something similar to as shown below:
Once confirmed the user needs to click on the I agree check box and save the delegation.
Once saved the delegatee can see and accept the delegation in their My Delegation Page under Settings.
Upon receiving a delegation request, the user is notified via email and within the platform.
To view the delegated task the delegatee can go to Settings->Delegation to Me to see details about the delegated tasks and the user who has assigned the task
The user needs to click on the Accept button to accept the delegation. On clicking the Accept button an Assignee(delegatee) Consent is shown which the users need to read and confirm. The Consent also shows details of the delegator and the duration of the delegation.
Once the user accepts the delegation the user sees a login button, to login into cymmetri as the delegator
On clicking the login button the delegatee is redirected to the delegator's My Workspace Dashboard.
The delegatee can access and perform actions on all the applications assigned to them and if any application is excluded during delegation they are not visible to the delegatee.
The admin can delete the user from the users tab in the identity hub section.
After the user is deleted, the user is moved to the suspended users tab.
In the section for suspended users, the administrator has two options: they can choose to
Resume User - Which relocates the user back to the all users section OR
Force Delete - This transfers the user to the archived users section where retention of the user is not possible
Delegation as a process in the Cymmetri platform refers to the ability of any end-user to delegate their responsibilities to any other end-user on the platform. As such, delegation provides the ability to the delegatee to perform various actions, including Single Sign On, Application Requests, managing workflows by providing approvals, and performing Cymmetri administrative actions (if the delegator has the required permissions on the platform), among other actions. However, the login flow for the delegatee stays the same.
Access the Delegation administration panel, by clicking on the Configuration left-hand side menu item and then clicking on the Delegations menu item.
For any user to be able to delegate their work to other users, the user should be added to the delegation users list; To Add Users to the delegation list so that they can delegate their activities, click on the Assign New button and select one or more users to add to this list.
The User and Assignee Consent sections allow organizations to align task delegation practices with their unique policies. This customizable feature empowers administrators to define specific consent texts, ensuring that both the user delegating a task and the delegatee receiving it acknowledge and agree to these terms.
The user consent will be displayed whenever the delegator (user) goes to their settings in their Workspace and assigns a delegation to an end-user (delegatee). This consent will be recorded in the Cymmetri backend for audit logging purposes.
Similarly, the assignee consent will be recorded when the end-user (delegatee/assignee) logs into the account for their manager (delegator/user).
Here's how it works:
Administrator Configuration: Administrators can craft consent texts tailored to their organization's requirements. These texts typically outline the responsibilities, expectations, and any legal or compliance aspects associated with task delegation.
User Perspective: When a user decides to delegate a task to someone else, they will be presented with the customized consent text. The user must carefully review and accept the terms before proceeding with the delegation process. This step ensures that the user is aware of the implications of task delegation and is willing to proceed.
Assignee Perspective: On the other side, the delegatee who is about to receive the delegated task will also be presented with relevant consent text. They must thoroughly read and accept these terms before taking on the responsibility. This step helps establish clarity and accountability for the delegatee.
This page provides Cymmetri administrators with the capability to monitor and manage all user sessions across the entire platform.
This functionality allows administrators to gain insights into ongoing user activities, view active sessions, and, if necessary, terminate or manage these sessions for security, compliance, or administrative purposes.
The admin can terminate all the user sessions at once or select them individually. The page also has a search option for the admin to search the desired user session.
Users once created in the Cymmetri platform can be assigned to a group. Assigning users to a group helps ease the administrative efforts to apply the same policies and assign applications to multiple users.
When assigning users to groups there are various approaches that can be used:
Adding User to Group (from the Group Page)
Assigning a Group to a User (from the User's Page)
Bulk Assigning Users to a Group (Using Group Assignment on Group Page)
First, the administrator needs to click on the group name and enter the configuration for the group.
Now Go to the Users Page and click on the +Add button to get a list of users to add to the group
3. Now click on the assign button next to the user you wish to add to the group. Once assigned the user can be seen on the Users page of the Group as shown below:
For this approach, the Administrator needs to go to Identity Hub > User page and then select the user from the list to whom the group needs to be assigned
Go to the user's page, select the Groups menu and click on "+Assign New" button
This opens a pop up window where a list of all groups is visible
Click on the assign button and the group is assigned to the user or you may say the user becomes a part of the group
For this approach, the Administrator needs to go to Identity Hub > Group page and then click on the Group Assignment button
A screen pops up that lets you select the CSV file you want to upload to import the users that need to be assigned to the group. This CSV file needs to have one column that contains the login id of users; Upload the CSV file, you may also use the sample data file available and modify it to match your user's login id.
Once the file is selected and uploaded, next you need to select the group to which you want to assign the users.
After selecting the group the column in the csv file needs to be mapped with the Cymmetri login column.
Once mapped click on the import button and the users would be mapped to the assigned group provided the login id is correct
Results of successfully Imported Users, Duplicate Users, or any error that occurred during import can be seen in the Logs > Import History page