LogoLogo
LearnDocumentationSupportCommunity
Version 6.30
Version 6.30
  • Welcome
  • Nexthink V6
  • Overview
    • Software components
    • Collector
    • Finder
    • Engine
    • Portal
    • Nexthink Library
    • Digital Experience Score
  • Installation and configuration
    • Planning your installation
      • Overview of the installation process
      • Hardware requirements
      • Connectivity requirements
      • Software requirements
      • Reference architectures
    • Installing Portal and Engine Appliances
      • Installing the Appliance
      • Installing the Appliance on Azure
      • Installing the Appliance on AWS
      • Installing the Appliance on OTC
      • Managing Appliance accounts
      • Setting the names of the Portal
      • Setting the names of the Engines
      • Specifying your internal networks and domains
      • Federating your Appliances
      • STIG compliance in Web Console
      • Connecting the Portal to the Engines
      • Configuring session performance storage
      • Configuring device performance storage
      • Setting up a software license
      • Sending email notifications from the Appliance
      • Allocating resources for the Portal
    • Installing the Collector
      • Installing the Collector on Windows
      • Installing the Collector on macOS
      • Installing the Collector for a Proof of Value
      • Assigning Collectors to Engines
      • Assignment of roaming Collectors
      • Collector MSI parameters reference table
      • Nxtcfg - Collector configuration tool
      • Inspecting the connection status of the Collector
      • Querying the status of the TCP connection of the Collector
      • Reporting the URL of HTTP web requests
      • Auditing logon events
      • Viewing user interactions in virtualized and embedded environments
      • Engage notifications on macOS
      • Configuring Collector level anonymization
    • Collector remote connectivity
      • Redirecting and anonymizing Collector traffic
      • Redirecting the Collector TCP channel
      • Support for DirectAccess
      • Windows Collector proxy support
      • Mac Collector proxy support
    • Installing the Event Connector
      • Installing the Event Connector on Linux
    • Installing the Finder
      • Installing the Finder on Windows
      • Enabling Cross-Engine Finder features
      • Expanding the time frame of investigations in the Finder
      • Enabling Finder access to the Library
      • Finder proxy support
    • Updating from V6.x
      • Updating the Appliance
      • Content centralization when updating the Appliance
      • Updating the Collector
      • Viewing Collector deprecated fields
      • Updating the Finder
    • Security and user account management
      • Importing and replacing certificates
      • Hierarchizing your infrastructure
      • Adding users
      • Enabling SAML authentication of users
      • Just-In-Time provisioning of user accounts
      • Enabling Windows authentication of users
      • Multi-factor authentication for local accounts overview
      • Provisioning user accounts from Active Directory
      • Establishing a privacy policy
      • Disabling local accounts for interactive users
      • Setting the complexity and minimum length of passwords for local accounts
      • Protecting local accounts against brute force attacks
      • Preventing password saving in the Finder
      • Controlling session timeouts in the Portal
      • Security settings in the Appliance
      • Setting the Do Not Disturb periods between campaigns
    • Data retrieval and storage
      • Data retention
      • Increasing the maximum number of metrics
      • Establishing a data retention policy in the Engine
      • Storing Engine data in a secondary disk drive
      • Importing data from Microsoft Active Directory
      • Setting the locale in the Portal
      • Changing the Time Zone of the Portal
      • Time Zones and data collection
      • Changing the data collection time of the Portal
      • Nightly task schedules timetable
      • Changing the thresholds of High CPU warnings
      • Automatic restart of unresponsive Engine
    • Maintenance operations
      • Logging in to the CLI
      • Special operation modes for the Engine and the Portal
      • Changing the default ports in the Appliance
      • Centralized Management of Appliances and Engines
      • Monitoring the performance of the Appliance
      • Resizing partitions in Appliance
      • Configuring the system log
      • Examining the logs in the Portal
      • GDPR - Retrieving or anonymizing personal data
      • Finding out unlicensed devices
      • Removing devices
      • Installing third-party software in the Appliance
      • Installing VMware Tools in the Appliance
      • Operational data sent to Nexthink
      • Sending additional data to Support
    • Disaster recovery
      • Planning for disaster recovery
      • Web Console backup and restore
      • Engine backup and restore
      • Portal backup and restore
      • Rule-based assignment backup and restore
      • License backup and restore
      • PKI backup and restore
    • Branding
      • Branding the Portal
      • Branding of campaigns
  • User manual
    • Getting started
      • Logging in to the Finder
      • Logging in to the Portal
      • Enabling STIG in Webconsole
    • Querying the system
      • Searching the subject of interest
      • Executing an investigation
      • Creating an investigation
      • Editing the options of an investigation
      • Combining logical conditions in investigations
      • Navigating through the results of an investigation
      • Properties of users and devices
    • Visualizing system activity in the Finder
      • Getting a quick overview
      • Graphically observing the activity of users and devices
      • Observing service performance
      • Viewing network connections
      • Viewing web requests
      • Viewing executions
    • Monitoring IT custom metrics
      • Creating a metric
      • Examples of metrics
      • Session performance
      • Device performance
      • Following the evolution of a metric
      • Finding the visuals of a metric
    • Monitoring IT services
      • Analyzing service quality
      • Creating a service
      • Following the evolution of a service
      • Specifying URL paths of web-based services
    • Engaging with the end user
      • Getting feedback from the end users
      • Types of campaigns
      • Creating a campaign
      • Editing a campaign
      • Types of questions
      • Controlling the flow of questions
      • Translating a campaign
      • Triggering a campaign manually
      • Limiting the reception rate of campaigns
      • Scrutinizing the results of a campaign
      • Continuously measuring the satisfaction of employees
    • Rating devices and users with scores
      • Computing scores
      • Creating a score
      • Checking and comparing ratings
      • Computing potential savings
      • Score XML Reference
      • Documenting scores
    • Remotely acting on devices
      • Scenarios for remote actions
      • Creating a remote action
      • Executing remote actions
      • Triggering a remote action manually
      • Writing scripts for remote actions on Windows
      • Writing scripts for remote actions on Mac
      • Example of self-healing scenario
      • Example of self-help scenario
      • Application control and remote actions
    • Organizing objects with categories
      • Classifying objects of the same type
      • Creating categories and keywords
      • Tagging objects manually
      • Tagging objects automatically
      • Importing tags from text files
    • Getting notified by the system
      • Receiving Engage campaigns
      • Receiving email digests
      • Receiving alerts
      • Creating a service-based alert
      • Creating an investigation-based alert
    • Building web-based dashboards
      • Introducing dashboards in the Portal
      • Creating a dashboard
      • Examining metrics in depth
      • Documenting dashboards
      • Assessing license use
      • Computing dashboard data
      • Reusing dashboard content
    • Importing and exporting authored content
      • Methods for reusing authored content
      • Manually sharing Finder content
      • Importing a content pack
      • Conflict resolution
      • Exporting a content pack
  • Library packs
    • Compliance
      • Device Compliance
    • Configuration Manuals
      • Overview (Configuration Manuals)
      • Installing A New Version Of A Library Pack
    • Digital Employee Score (DEX score)
      • DEX Score Installation And Configuration
      • Detailed Library Pack Changelog
    • Device management
      • Reduce logon duration
      • Group Policy Management
      • Hardware Asset Renewal
      • Hardware Asset Renewal Advanced
      • Application Auto-Start Impact
    • Remote Employee Experience
      • Remote Worker Experience
      • Home Networking
      • Change Log And Upgrade Process
      • Remote Worker Vs Office Worker Device Category
      • Remote Worker Insights
      • DEX V2 Upgrade Of Remote Worker
    • Persona Insight
      • Persona Insight - Overview
      • Persona Insight - Library Pack
      • Persona Insight - Score Only Pack
      • Persona Insight - Without Campaign pack
      • Persona Insight - Getting Started and Upgrade Procedure
      • Persona Insight - Configuration Guide
      • Persona Insight - Troubleshooting - Multiple devices on multiple engines
      • Persona Insight - Reference Guide
      • Persona Insight - Example Pack
      • Persona Insight - Device Sizing
        • Persona Insight - Device Sizing Overview
        • Persona Insight - Device Sizing Configuration
      • Persona Insight - Application Sizing
        • Persona Insight - Application Sizing Overview
        • Persona Insight - Application Sizing Configuration
      • Legacy Persona documentation
        • Persona Insight - Library Pack (V.1.0.0.0)
        • Persona Insight - Base Pack
        • Persona Insight - Base Pack Advanced
        • Persona Insight - Customization Guide (V1.0.0.0)
        • Persona Insight - Configuration Guide (V1.0.0.0)
        • Persona Insight - Reference Guide (V1.0.0.0)
    • GSuite
      • GSuite: Health
      • GSuite: Services
      • GSuite: Sentiment
      • GSuite: Advanced Health
    • Support
      • Support: Level 1
    • Shadow IT
      • Shadow IT
    • Malware Protection
      • Malware Protection
    • Office 365 Health
      • Office 365 Health: Overview
      • Office 365 Health: Services
    • Office 365 OneDrive
      • OneDrive Summary
      • OneDrive Operations
      • OneDrive Advanced Health
      • OneDrive Migration
      • OneDrive Sentiment
      • OneDrive Management
      • OneDrive Advanced Operations
    • Office 365 Teams
      • Teams Overall Configuration
      • Teams - Migration
      • Teams - Health
      • Teams - Advanced Health
      • Teams - Adoption
    • Microsoft 365 Apps
      • Microsoft 365 Apps - Operate
    • Employee Self Service
      • Overview
      • Configuration
      • Usage
    • Onboarding Experience Management
      • OEM - Overview
      • OEM - Configuration
    • Office 365 Outlook
      • Outlook Troubleshooting
    • Virtualization
      • Virtualization: Operate
      • Virtualization: AVD - Advanced
      • Virtualization: Citrix Advanced
      • Virtualization: Project
      • Virtualization: Troubleshooting
        • Virtualization: Troubleshooting: Configuration
    • Windows
      • Win10: Configuration
      • Win10: Migration
      • Win10: Feature Update
      • Win10: Quality Update
      • Windows Defender Management
      • Administrators Management
    • Windows 11
      • Windows 11 - Readiness
      • Windows 11 - Migration Pilot
      • Windows 11 - Migration
      • Windows 11 - Operate
    • Webex
      • Webex Operate
    • Zoom
      • Zoom Operate
    • Remote Actions
      • Get Performance Monitor Data
      • Skype For Business
      • Restart Device
      • Upload Logs to S3 using PreSigned URLs
    • Software Asset Optimization
    • Collaboration Optimization
      • Collaboration Optimization - Solution Overview
      • Collaboration Optimization - Configuration
      • Collaboration Optimization - Usage / Troubleshooting
    • Systems Management
      • Manage Configuration Drift
      • MS ConfigMgr - Client Health
        • MS ConfigMgr - Client Health - Summary
        • MS ConfigMgr - Client Health - Configuration Guide
      • Intune
        • Intune - Health
          • Intune - Health - Summary
          • Intune - Health - Configuration Guide
    • Return to the office
      • Return to the office - Planning
      • Return to the office - Readiness
    • Green IT
      • Green IT - Overview
      • Green IT - Configuration Guide
    • Hybrid Working
      • Hybrid Working Experience
      • Hybrid Working Experience - Installation and upgrade procedure
  • Integrations
    • Nexthink ServiceNow Service Graph Connector
      • Overview
        • Roles and Permissions
        • Modules
      • Installation and Configuration Guide
        • Pre-requisites
          • Configure Identification Rules
          • Import and setup the CMDB categories in Finder
        • Setup
          • Configure the connection
          • Configure import properties
          • Configure additional engines
          • Set up scheduled import jobs
      • Data transformation and mapping by default
      • How to customize the behaviour of the Connector
      • FAQ
        • Why ServiceNow Service Graph Connector?
        • What about Nexthink CMDB Connector?
        • Why is the name the primary key for the devices?
      • Troubleshooting
        • IRE identification issues
          • [No Choice found in the sys_choice table for the target table](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/ire-identification-issues/ no-choice-found-in-the-sys_choice-table-for-the-target-table.md)
          • Identification rules not created
          • Discovery_source choice not created
        • Timeout Errors
          • ECCResponseTimeoutException
          • HTTP 0 error
        • MID server issues
          • java.lang.NullPointerException
          • MID Server memory issues
          • Not trusted certificates in Quebec release
        • Configure credentials issues
          • [Not allowing update of property authentication_choice](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-credentials-issues/ not-allowing-update-of-property-authentication_choice.md)
          • Invalid username/password combo (HTTP 401/403)
        • Configure Engines Issues
          • [The client secret supplied for a confidential client is invalid](integrations/nexthink-servicenow-service-graph-connector/troubleshooting/configure-engines-issues/ the-client-secret-supplied-for-a-confidential-client-is-invalid.md)
        • No Cis imported and no errors found in the log
    • Nexthink ServiceNow Incident Management Connector (IMC)
      • Installation and configuration guide (IMC)
      • Troubleshooting Guide (IMC)
      • Domain separation installation (IMC)
    • Nexthink ServiceNow CMDB Connectors
      • Installation and Configuration Guide
      • Troubleshooting Guide
      • Field transformation and normalisation examples
    • Nexthink Event Connector
      • High level overview
      • Installation and Configuration Guide
      • Troubleshooting guide
      • RPM installation
      • Splunk specific documentation
        • Upgrading from Splunk Connector to Event Connector
        • Splunk add-on installation and usage
    • Nexthink Chatbot SDK
      • Introduction and concepts
      • Installation, configuration and update guide
        • Installation and configuration
        • Update to newer version
        • Uninstallation
        • Authentication
        • Topics configuration
        • Remote action configuration
        • Advanced configuration
        • Additional resources and references
      • Dimensioning guide
      • Troubleshooting
      • Technical solution description
      • Downloads and release notes
  • Glossary and references
    • Search and information display
      • Search in Finder
      • Keyboard shortcuts for column display selection
      • Campaign display compatibility
      • Real-time and consolidated service data
      • Service errors and warnings
      • Errors and warnings for devices and executions
      • Types of widgets
      • Widget compute state in charts
      • Errors in the execution of remote actions
      • Top results of Cross-Engine investigations
      • Engine data history
    • Tooltips in the user and device views
      • Alerts tooltips
      • Warnings tooltips
      • Errors tooltips
      • Activity tooltips
      • Services tooltips
    • Database information and organization
      • Maximum supported values
      • Local and shared content
      • Device Identification
      • Local IP address of devices
      • Timestamping of events
      • Boot and logon duration
      • Application startup duration
      • Application not responding events
      • Memory and CPU usage
      • Status of TCP connections
      • Status of UDP connections
      • Network and port scan conditions
      • Binary paths
      • Maximum number of Binaries
      • Package Executable Mapping
      • Metro apps
      • Investigation with packages
      • Portal aggregation and grouping
      • Focus time metric
    • Security
      • Access rights and permissions
      • Active Directory authentication
      • Canonical domain names for Windows authentication
      • System alerts
      • Audit trail
      • Appliance hardening
      • STIG hardening
      • FIPS 140-2 compliance
      • Security bulletins
        • Is Nexthink affected by Okta breach
        • Is Nexthink affected by SolarWinds breach
        • Nexthink and Log4j - Security bulletin
        • CVE-2022-22965 - Security Vulnerability Spring4shell - Spring Framework
        • Version 6.22.2.10: Security Vulnerability Maintenance Release
        • The Collector V6.27.X Release – Security Bulletin
    • References
      • Components of the Collector
      • Server support
      • Compatibility mode
    • Glossary
      • Activity
      • Alert
      • Application
      • Binary
      • Campaign
      • Category
      • Connection
      • Dashboard
      • Destination
      • Device
      • Domain
      • Entity
      • Event
      • Executable
      • Execution
      • Focus time
      • Hierarchy
      • Installation
      • Investigation
      • Keyword
      • Metric
      • Module
      • Object
      • Package
      • Platform
      • Port
      • Printer
      • Score
      • Service
      • Session
      • System boot
      • User
      • User logon
      • Web request
      • Widget
  • API and integrations
    • Integrating with Nexthink
      • Event Connector
      • Getting data through the NXQL API
      • Bidirectional integration with the Finder
      • Count metrics API
      • Software metering API
      • Services API
      • List Engines API
      • GetSID API
      • Triggering campaigns via their API
      • Triggering remote actions via their API
      • Audit trail API
      • Integrating investigation-based alerts
      • Downloads
    • NXQL API
      • Introducing the NXQL API
      • NXQL Tutorial
      • NXQL language definition
      • NXQL Data Model
    • Integrations
      • Excel integration with NXQL
      • Power BI
      • Azure Data Lake Storage Gen2
      • Splunk Event Connector
    • ServiceNow
      • CMDB Connector
      • Incident Management Connector
      • Event Management

© Nexthink

  • Privacy policy
  • Responsible Disclosure Policy
On this page

Was this helpful?

Last updated 10 months ago

Was this helpful?

Overview

Right after installation, the only user that exists in the system is the first and main central administrator or admin user. The admin user has unrestricted access to all data available in both the Portal and the Finder. Moreover, the admin user is able to create and modify all kinds of content in the system, including dashboards, investigations, categories, alerts and user accounts.

Incidentally, you may want to give other people the chance to log in to the system and use it without necessarily having all the capabilities of the admin user. The admin user can thus create accounts for other users, restrict their views on the data and limit their ability to alter content. In this section, learn how to add users to the system and control their access to the data recorded.

Prerequisites

Before defining new profiles and users, ensure that you have for the product. Otherwise, some configuration pages will not show up.

Account update considerations

Beware that changes to accounts and their permissions may not take immediate effect on logged in users.

For users logged in to the Finder or to the Portal, the user keeps the permissions before the change during the session lifetime. For users making use of Web API (NXQL), the old permissions are still in force up to five minutes after the change, until the Engine synchronizes account information with the Portal.

Defining user roles

The roles attributed to a user determine the responsibilities of the user. Depending on their responsibilities, users carry out different tasks to achieve their goals. Roles let you group the items that enable users to execute their assigned tasks. When assigning roles, specify the modules that a user or group of users can see in the Portal, the investigations that they are able to run in the Finder, and the alerts of which they must be aware.

To incorporate items into a role, first create those items either in the Finder or in the Portal. It is not essential to have all the items ready before defining a role. You can start by creating the role with a few items and later edit the role to add the missing items.

To define a new role:

  1. Log in to the Portal as administrator .

  2. Click the ADMINISTRATION drop-down menu at the top of the window.

  3. Select the option Roles to open the dashboard for editing roles.

  4. Click the plus sign at the top right hand side of the dashboard to open the wizard for adding a new role.

Step 1: Adding modules

  1. Type in the name of the new role in the Name field.

  2. Optional: Click Add module to add an existing module of the Portal to the role. A dialog to choose the module pops up.

    1. Select a module from the list labeled Module.

    2. Click Add. The dialog closes and the selected module is added to the Modules list of the role.

  3. Repeat the previous step to add as many modules as the role needs.

  4. Click Next to go on with the next step of the wizard.

Step 2: Adding service-based alerts

  1. Optional: Click Add alert to include service-based alerts to the role. A dialog to specify the alerts pops up.

    1. Select a service-based alert from the list labeled Alert.

    2. Optional: Click yes in the Mandatory section to force the subscription to the alert of all users with the current role. By default, the alert is not mandatory.

    3. Click Ok.

  2. Repeat the previous step to add as many alerts as the role needs.

  3. Click Next.

Step 3: Adding investigations

  1. Optional: Click Add investigation to share existing investigations with all users who have the current role assigned. A dialog to specify the investigation pops up.

    1. Export an investigation or a folder of investigations from the Finder to the clipboard.

    2. Paste the contents of the clipboard on the dialog of the wizard.

    3. Click Add. The dialog to paste the investigation closes and the investigation is added to the Investigations list of the role.

  2. Repeat the previous step to add as many investigations as the role needs.

Step 4: Adding one-click investigations

  1. Optional: Export a pack with all the one-click investigations that you want to add to the role from the Finder.

    1. Paste the pack of one-click investigations on the dialog of the wizard.

  2. Click Next.

Step 5: Adding investigation-based alerts

  1. Optional: Click Add alert to include investigation-based (Finder) alerts to the role. A dialog to specify the alert pops up.

    1. Export an alert or a folder of alerts from the Finder to the clipboard.

    2. Paste the contents of the clipboard on the dialog of the wizard.

    3. Click Add. The dialog to paste the alert closes and the alert is added to the Alerts list of the role.

      • The syslog notification mechanism of global alerts is local to the Engine where the global alert was created and, therefore, not propagated to other Engines via roles. If you add a global alert with syslog notification enabled to a role, only the email notification mechanism is propagated to the users with that role.

  2. Repeat the previous step to add as many alerts as the role needs.

  3. Click Next.

Step 6: Adding remote actions

  1. Optional: Click Add remote action to assign a remote action to the current role. A dialog shows up.

    1. Select a remote action from the drop-down list. Only remote actions which can be triggered manually are available in the list.

    2. Click Ok to add the remote action.

  2. Repeat the previous step to add as many remote actions as the role requires.

  3. Click Finish to end the wizard. The new role is added to the list of the Roles dashboard.

Defining user profiles

The profile of a user defines the type of user, the access rights of the user to the different domains of a hierarchy (both as a viewer and as administrator, if applicable) and to the functions of the Finder. Moreover, you can associate one or multiple roles to a profile. Thus, users are able to play any of the roles associated to their profile, along with any other possible role that you may additionally assign to them.

Profile types

There are two main types of profiles:

User

This profile is intended for users that only have the right to view the information; both in the Portal and, optionally, in the Finder. They are able to see only the data that belongs to their view domain (a subset of the available hierarchies), possibly limited by privacy settings as well. Optionally, users can create and publish Portal modules (dashboards).

Central administrator

Users with a Central administrator profile can practically do all that the main admin user does. The difference is that, while the main admin has complete visibility over all the information available, the information that central administrators can see is limited by their privacy settings. Central administrators have the rights to create and manage Portal content, create other user accounts, access all hierarchies, create and modify profiles and hierarchies, control the connections of the Portal to the Engines, and manage the product license.

In general, an administrator is either the main admin user or a user with the central administrator profile.

To create a new profile:

  1. Log in to the Portal as administrator.

  2. Click the ADMINISTRATION drop-down menu at the top of the window.

  3. Select the option Profiles to open the dashboard for editing profiles.

  4. Click the plus sign at the top right hand side of the dashboard to add a new profile. The wizard to add a new profile opens.

Step 1: Choosing the type of account

  1. Type in a name for the new profile in the field labeled Profile name.

  2. Select one of the three types of accounts from the choice Account type.

    • Select User if the profile is intended for users without administrative tasks.

      • Optional: Uncheck the box Allow creation of personal dashboards to prevent users with the current profile from creating their own modules and dashboards. By default, the box is checked, allowing the users to create Portal content.

      • Optional: Check the box Allow publication of dashboards to enable users with the current profile to publish their own modules and dashboards, so that others can use them.

    • Select Central administrator to create users that can administer the whole system in the same way as the main admin user, except for the fact that you can restrict what they see in their data privacy settings.

  3. In the section Available metrics, choose the group of metrics that users with the current profile may use to build their own dashboards and see in dashboards created by others:

    • Select All metrics for the user to be able to see and use any of the metrics in the system. This option is mandatory if the user must be able to edit metrics (see step 3).

    • Select Only metrics in roles for the user to be able to see and user only those metrics which are part of their roles; that is, metrics embedded in the modules added to their roles. This is the only option available if the user has no right to create dashboards.

  4. Click Next to go on with the next step of the wizard.

Step 2: Set privacy settings, roles and view domain

  1. Select the Data privacy settings for the profile:

    • anonymous users, devices, destinations and domains: user accounts with this profile cannot see the names of users, devices, destinations, or domains.

    • anonymous users and devices: user accounts with this profile can see neither the names of users nor of devices.

    • anonymous users: user accounts with this profile cannot see the names of users.

    • none (full access): user accounts with this profile have full access to the collected data.

  2. Select the roles of the profile by clicking their name in the Role(s) list. Use the Ctrl key to select several roles at the same time. The investigations, alerts, modules, etc attributed to the selected roles are inherited by the profile.

  3. Specify the view domain of the profile for each defined hierarchy. Users with the current profile can only view the objects grouped in the specified domain:

    1. In the from field, select the highest level in the hierarchy that belongs to the view domain.

    2. In the Node field, either:

      • Choose the top node of the view domain from the available nodes of the level. This node and all the nodes below it belong to the view domain, down to the level specified in the next step.

      • Leave the top node undefined by choosing --parameter-- from the list. Define the top node of the view domain individually for each user when creating their user account.

    3. In the to field, select the lowest level in the hierarchy that belongs to the view domain.

  4. Click Next.

Step 3: Set Finder access

To let users with the current profile access the Finder and its different features:

  1. Check the box Finder access.

  2. Select the time zone of the user.

  3. Optional: Check the box Allow editing of application and object tags to let users with the current profile manually modify the tags of objects in the Finder.

  4. Optional: Check the box Allow editing of campaigns to let users with the current profile create, modify, and publish campaigns, as well as trigger manually targeted campaigns, to get end-user feedback. This option requires the profile to have full access to data in the privacy settings and an unrestricted view domain in at least one of the defined hierarchies.

  5. Set the visibility level of Web & Cloud information for the users with the current profile to either restricted or full in the list under Web & Cloud visibility.

  6. Click Finish to end the creation of the profile. The profile is added to the list of profiles in the dashboard.

Creating a user

After defining roles and profiles for users, create the user accounts that make use of them. To create user accounts in the Portal, either:

  • Create individual user accounts manually.

  • Provision user accounts from Active Directory (recommended).

Nexthink supports both internal and external management of credentials to authenticate users:

Because the Finder connects to the Portal, it is the Portal that holds the responsibility of authenticating users. The Portal decides whether to authenticate a user by either internal or external means based on the provided login name for that particular user:

  • If the login name includes a @ character, the Portal assumes external authentication of the user. The exact external method is determined by the configuration of the Portal.

  • Otherwise, the Portal authenticates the user with the internally stored credentials.

Because the login name of the users provisioned from Active Directory is in the UPN format (username@domain), the provisioned users are all authenticated with the help of external mechanisms such as Active Directory or SAML.

To create an individual user account:

  1. Log in to the Portal as administrator.

  2. Click the ADMINISTRATION drop-down menu at the top of the window.

  3. Under ACCOUNT MANAGEMENT, select the option Accounts to open the dashboard for editing accounts.

  4. Click the plus sign in the top right corner of the dashboard. The wizard to create a new user account shows up.

Step 1: Setting personal data and profile

  1. Type in the name of the user:

    • To use internal authentication, type in the desired account (login) name of the user in the field Username.

    • To externally authenticate users, type in the name of the user in a format that includes the @ character in the field Username:

      • In the case of Active Directory or Windows authentication, type in the sAMAccountName of the user followed by the @ character and the DNS domain name (e.g. jwick@example.com). Note that this field is case sensitive. Therefore, the name of the Nexthink account must exactly match the sAMAccountName name in Active Directory.

  2. Type in the complete name of the user in the field Full name.

  3. Configure the email address for sending notifications to the user in the field Email address.

  4. Depending on the authentication method applied to the user, enter a password for the user or not:

    • If the user is internally authenticated, type in a password for the user in the field Password and retype it in Password confirmation.

    • If the user is externally authenticated, enter no password. The Password field becomes uneditable and displays the message Managed externally as soon as the Username includes an @ character.

  5. Select the profile of the user from the list Profile. The user gets all the permissions, default content and roles associated to the profile.

    • If the selected profile does not define a particular top node for the view domains of the users with that profile (because the domain is parameterized), select now the top nodes of those domains individually for the current user.

  6. Click Next.

Step 2: Setting additional roles

  1. Optional: If you want the user account to inherit content from one or more roles that do not belong to its assigned profile, select the desired roles from the list Additional roles. Use the Ctrl key to select more than one. Note that the list of Additional roles does not display roles that already belong to the profile of the user account.

  2. Click Ok to end the creation of the user account. The account is added to the list of accounts in the dashboard.


RELATED TASKS

RELATED REFERENCES

This step is available only if you have purchased a . Moreover, only the main admin or users with the right to edit remote actions in their profile can assign role-based remote actions to other users.

.

Optional: Check the box Allow system configuration to let users with the current profile edit categories, services, metrics, scores, and global alerts, as well as import and export content, or . You can only select this option if you gave full access to the profile in the privacy settings of the previous step.

Optional: Check the box Allow editing of remote actions to let users with the current profile add and modify Nexthink Act scripts. In addition to a , this option requires the profile to have full access to data in the privacy settings and an unrestricted view domain in at least one of the defined hierarchies.

Optional: Check the box Allow API of remote actions to let users with the current profile execute remote actions programmatically through the . In addition to a , this option requires the profile to have full access to data in the privacy settings and an unrestricted view domain in at least one of the defined hierarchies.

Optional: Check the box Allow management of Collectors to let users with the current profile . Again, you can only select this option if you gave full access to the profile in the privacy settings of the previous step.

Optional: Check the box Access campaigns trigger API to let users with the current profile send campaigns programmatically through the Nexthink Engage API. In addition to a , this option requires the profile to have full access to data in the privacy settings and an unrestricted view domain in at least one of the defined hierarchies.

Find below how to manually create a new user account. To learn how to provision user accounts to Nexthink from existing user accounts in Active Directory, see the article on .

In the case of SAML authentication, type in the Name ID of the user, .

The default minimum password length for an internally managed account is 8 characters ().

Optional: tick the check box Never automatically sign out this account from Portal when active if you want to override the and never log out the user from the Portal while active. Note that having a live view on a service keeps a user active even without actual user interaction.

  1. Installation and configuration
  2. Security and user account management

Adding users

  • Overview
  • Prerequisites
  • Account update considerations
  • Defining user roles
  • Step 1: Adding modules
  • Step 2: Adding service-based alerts
  • Step 3: Adding investigations
  • Step 4: Adding one-click investigations
  • Step 5: Adding investigation-based alerts
  • Step 6: Adding remote actions
  • Defining user profiles
  • Profile types
  • Step 1: Choosing the type of account
  • Step 2: Set privacy settings, roles and view domain
  • Step 3: Set Finder access
  • Creating a user
  • Step 1: Setting personal data and profile
  • Step 2: Setting additional roles
installed a license
Nexthink Act license
See here the complete matrix of access rights and permissions
Nexthink Act license
Nexthink Act API
Nexthink Act license
follow and control the deployment of the Collector from the Finder
Nexthink Engage license
provisioning user accounts from Active Directory
as returned by the Identity Provider
configurable
session timeout control configured in the Portal
Provisioning user accounts from Active Directory
Enabling SAML authentication of users
Enabling Windows authentication of users
Setting the minimum password length for local accounts
Controlling session timeouts in the Portal
Setting up a software license
Triggering remote actions via their API
Access rights and permissions
Active Directory Authentication

Internally managed

Externally managed

Password based

SSO

Password based

  • Portal stores the credentials

SAML authentication
Windows authentication
Active Directory
manually synchronize users and devices with Active Directory