Set up manual user accounts or use Active Directory accounts to assign permissions to view or configure the granular agent settings, tasks, and data that are available in the agent tree.
- Go to Administration > Account Management > User Accounts.
- Click Add.
The Step 1 User Information screen appears.
- Select Enable this account.
- Choose a previously configured role in the Select
role drop-down.
For more information, see Adding a Custom Role.
- In the User Information section, configure the following:
-
Custom account: Select to create a manual user account and specify the required information
-
User name: Type a unique user name for the account
-
Description: Type a description for the account
-
Password: Type and confirm the password that the account uses to log on to the Apex One web console
Important:You cannot use the user name as the account password. Provide a password other than the user name.
-
Email address: Type the email address associated with the user account
Note:Apex One sends notifications to this email address. Notifications inform the recipient about security risk detections and digital asset transmissions.
For details about notifications, see Security Risk Notifications for Administrators.
-
-
Active Directory user or group: Select if you want to use existing Active Directory accounts or groups to log on to the Apex One web console
Important:The Apex One server must be joined to the Active Directory domain in order to manage user accounts.
-
In the User name or group field, type the Active Directory account that you want to use.
-
In the Domain field, type the Active Directory domain to which the User name or group belongs.
-
Click Search.
-
From the User and Groups list, select from the search results and click > to add the account to the Selected Users and Groups list.
-
-
- Click Next.
The Step 2 Agent Domain Control screen appears.
- Select the root account to grant allow the account to view all Apex One domains, or
select specific Apex One domains that the user account can access in the
agent tree.
Important:
Apex One only displays the selected domains when the user account accesses the agent tree. If you do not select a domain, Apex One hides the domain on the agent tree.
- Click Next.
The Step 3 Define Agent Tree Menu screen appears.
- Click the Available Menu Items controls and then specify the permission
for each available menu item. For a list of available menu items, see Agent Management Menu Items.
The agent tree scope you configured in step 8 determines the level of permission to the menu items and defines the targets for the permission. The agent tree scope can either be the root domain (all agents) or specific agent tree domains.
Table 1. Agent Management Menu Items and Agent Tree Scope Criteria
Agent Tree Scope
Root Domain
Specific Domains Menu item permission
Configure, View, or No Access
Configure, View, or No Access
Target
Root domain (all agents) or specific domains
For example, you can grant a role "Configure" permission to the "Tasks" menu item in the agent tree. If the target is the root domain, the user can initiate the tasks on all agents. If the targets are Domains A and B, the tasks can only be initiated on agents in Domains A and B.
Only the selected domains
For example, you can grant a role "Configure" permission to the "Settings" menu item in the agent tree. This means that the user can deploy the settings but only to the agents in the selected domains.
The agent tree will only display if the permission to the Agent Management menu item in "Menu Items for Servers/Agents" is "View".
If you select the check box under Configure, the check box under View is automatically selected.
If you do not select any check box, the permission is "No Access".
If you are configuring permissions for a specific domain, you can copy the permissions to other domains by clicking Copy settings of the selected domain to other domains.
- Click Finish.
- Send the account details to the user.