Portal User Logins
Introduction
The Portal User Logins page allows you to create additional user accounts for portal management. Initially, only the first administrator (i.e. the person whose email was used to sign up for the free plan) can modify the portal user list. That person can add new users to the portal with different roles, including the ability to also add new users if so required.
About Portal Users
Portal users (also known as Portal Admins) are users that can log in to the portal and access the areas you decide. You can define scopes to limit the resources a user can access.
For example, a manager who is not in IT could be set up to approve requests in his own sub-organization. In such a case, you can set up a scope based on users in an Organizational Unit or in groups.
Portal User Logins
Users with portal access are listed in the table; these users can log on to both the portal and the mobile phone app (see Mobile Application).
The following column check boxes are matched with their corresponding settings under the Rights heading, which is available when clicking New user or EDIT.
-
Users - Portal users admin
-
Settings - Settings
-
Inventory - Inventory
-
Approve - Approve Requests
-
Auditlog - Auditlog
-
Reports - Reports
-
Remote - Allow Remote Control
-
Scope - Indicates if a scope is applied to this user
The Preview link is visible only when a scope exists for the user and indicates the computers to which the user has access.
Click New user or EDIT to access the settings table.
Vendor Access users who are not authorized to login to the portal must have setting "Limit to access.work" in the Rights panel set to On.
Account tab
Account heading
Click the New user button to create a new portal user, or click the EDIT link to update an existing user..
Setting |
Type |
Description |
---|---|---|
Account enabled |
Toggle Default: On |
On - .Account is active and user can log in to the portal.. Off - Account is disabled and user cannot log in. |
Sign-on method |
Selection Default: Credentials
|
Credentials - Authorize access to the portal with username and password. Two factor (Credentials and SMS) - Authorize access with username, password and an SMS code sent to a mobile phone. Office 365 / Azure AD Single sign-on - Authorize access with an account that has previously been configured in Azure AD for single sign-on (SSO). The following options are available only after Single Sign-on Setup (portal menu Logins > Single Sign-on Setup) has been completed for the respective option. ADFS - Authorize access with an account that has previously been configured in Active Directory Federation Services for SSO. Okta - Authorize access with an account that has previously been setup in Okta Identity Manager for SSO. SAML - Authorize access with an account that has previously been configured via a third party product under SAML 2.0 rules for SSO. Note that there can be multiple entries for the ADFS, Okta and SAML sign-on methods. Each domain configured will have an option. |
Password |
Selection Default: Send a set password email to user upon save |
Keep current password - Use the password currently set for this user. I will enter a new password - Use a new password entered by the portal admin adding or updating this user account. Selecting this option makes visible the New password field. Send a set password email to user upon save - Send an email to the user's Email address which advises that the user must set a new password on first login to the portal. |
New password (enabled only when I will enter a new password is selected in the Password field) |
Text |
A new password, entered in clear text, to be used by the portal user being added or updated. |
Full name |
Text |
The full name of the portal user. |
Email address |
Text |
The email address of the portal user. |
Phone number |
Text |
The phone number of the portal user. |
Date format |
Selection Default: Auto-detect |
Auto-detect - Use the date format of the operating system. United States (mm/dd/yyyy) - Use the American date format (month/day/year). Default (dd/mm/yyyy) - Use the European date format (day/month/year). |
Save |
Button |
Saves customization and changes to any fields. Note that reloading any defaults does not take effect until Save is clicked. |
Rights heading
The setting Limit to access.work can be used for external users, to limit their access to the admin portal. As it applies only to remote access, this field is hidden until at least one on-premise gateway is configured.
Setting |
Type |
Description |
---|---|---|
Areas |
|
|
Auditlog |
Toggle Default: On |
On - User can access the portal Auditlog. Off - User cannot access the Auditlog. |
Reports |
Toggle Default: On |
On - User can access Admin By Request reports. Off - User cannot access reports. |
Settings |
Toggle Default: Off |
On - This user is authorized to make changes to settings (global and sub), unless Read-only view is On. Note that this does not apply to these portal user settings - that is controlled by Portal users admin. Off - User cannot make any changes to settings. |
Mobile App |
Toggle Default: On |
On - User is authorized to install and use the Mobile Application. Off - User cannot use the mobile application. |
Requests |
Toggle Default: On |
On - Allow user to view requests. To also allow the user to approve requests, make sure Approve Requests is On. Off - User cannot view requests. Selecting this option disables Approve Requests.. |
Inventory |
Toggle Default: On |
On - User is authorized to view inventory records. Off - User cannot view inventory. |
Portal users admin |
Toggle Default: Off |
On - This user is authorized to add, update and delete other portal users, unless Read-only view is On. Off - User cannot administer portal user logins. |
Read-only view |
Toggle Default: Off |
On - This setting lets the user view selected areas, but without the option to change any data. Note that rights still apply - the user can enable Approve Requests, Create Support Ticket, Issue PIN Codes and Issue Break Glass in read-only view. Off - User is a normal portal administrator, with the ability to change data. |
Permissions |
|
|
Approve Requests |
Toggle Default: On |
On - Allow user to approve requests for elevated privileges. Off - User cannot approve requests. |
Issue PIN Codes |
Toggle Default: On |
On - Allow user to issue PIN codes for uninstallation or other elevated privilege operations. Off - User cannot issue PIN codes. |
Allow Remote Control |
Toggle Default: On |
On - Allow user to take remote control of servers or workstations via Admin By Request's Unattended Access feature. Off - User cannot take remote control of other computers via Admin By Request. |
Create Support Ticket |
Toggle Default: On |
On - Allow user to create a support ticket via the admin portal (menu Support > New Support Ticket). Note that creating a support ticket is not available under the Free Plan. Off - User cannot create a support ticket. |
Issue Break Glass |
Toggle Default: Off |
On - Allow user to create a one-time-use Break Glass account. Off - User cannot create Break Glass accounts. |
Limit to access.work (visible when the tenant has one or more devices that are able to be remotely accessed) |
Toggle Default: Off |
On - Prevent user from logging-in to the admin portal at www.adminbyrequest.com. User can still log in to www.access.work. Off - Allow user to log in to the portal. |
Communication |
|
|
Product Updates |
Toggle Default: On |
On - Authorized to receive product update emails. Off - Will not receive product update emails. |
Scope tab
User Scope defines which computers the user can view in this context. Defining a scope for a user enables the Preview link on the users list. Clicking Preview shows the computers this user can see in the inventory.
Network Scope is used to hide computers for certain users. This is typically used for tiering. When you toggle a gateway off, all computers behind this gateway become invisible to the user.
The Network Scope section becomes available only when the tenant has one or more devices that are remote access capable. This means a device:
-
has ABR Server Edition installed, or
-
has been discovered by an on-premise gateway.
Discovered devices are only known by a name, unlike computers with Admin By Request Server Edition installed that can also be scoped using Operating System Scope and Domain Scope. With an on-premise gateway installed on your local network, you can use network scope to limit who can see and access computers on the network represented by that gateway.
Setting |
Type |
Description |
---|---|---|
Computer Type |
|
|
Windows Workstations |
Toggle Default: On |
On - User can see (and therefore connect to) Windows workstations. Off - User cannot see Windows workstations. |
Windows Servers |
Toggle Default: On |
On - User can see Windows servers. Off - User cannot see Windows servers. |
Apple Macs |
Toggle Default: On |
On - User can see computers running macOS. Off - User cannot see computers running macOS. |
Linux |
Toggle Default: On |
On - User can see computers running Linux. Off - User cannot see computers running Linux. |
Discovered Devices |
Toggle Default: On |
On - User can see devices discovered by gateways. Off - User cannot see devices discovered by gateways. |
Domain Scope |
|
|
Computer must be in OU |
Text |
A list of organizational units into which computers are placed, with multiple OUs on separate lines. |
Computer must be in group |
Text |
A list of groups into which computers are placed, with multiple groups on separate lines. |
Computer must be in domain |
Text |
A list of domains into which computers are placed, with multiple domains on separate lines. |
End user must be in OU |
Text |
A list of organizational units into which users are placed, with multiple OUs on separate lines. |
End user must be in group |
Text |
A list of groups into which users are placed, with multiple groups on separate lines. |
End user must be in domain |
Text |
A list of domains into which users are placed, with multiple domains on separate lines. |
Network Scope |
|
|
Computers without a gateway |
Toggle Default: On |
On - User can see all computers that are available for remote control, across all gateways. Off - User can see only those computers controlled by the relevant gateway. |