|
Web Console Manage Users |
IT administrators in security conscious organizations have roles-based security model(s) implemented to restrict the access to various applications and operations for personnel. The roles often reflect current organizational structures and business groups hierarchy.
When using a powerful, feature-rich mobile device management solution like MobiControl, it may be desirable to limit access to MobiControl's functionality for some individuals or groups of users. For example, for a multi-tier support and help desk team, an organization may want to limit the access of tier-one help desk personnel to the MobiControl Web Console while added functionality and features might be available for tier-two personnel.
With the MobiControl Web Console, we are able to create new users and user groups. We are also able to bind to active directory to create accounts based on Active Directory credentials.
Manage Users
When the 
button is clicked in the manage users panel, a menu appears asking if we want to create a user, a user group or an Active Directory User/Group.Creating a user and a user group is independent of Active Directory and uses MobiControl's own security engine to keep passwords secure.
Add user, user group or Active Directory User/group
NOTE:
Before activating web console security, a MobiControl administration account must be created.
Users
Creating new users for the MobiControl web console allows only authorized users to access it.
When the User option is select from the Add menu, the right panel will change to the Add User interface. From here, we can create the name and password for the new user account. We can also assign this user to a user group. MobiControl comes with 3 default user groups: MobiControl Administrators, MobiControl Technicians and MobiControl Viewers. New user groups can be created from the User Group interface.
To add the user to the user group, select a group and click 
.
Create New Users
After we're done, click the 
button in the bottom right hand corner.
NOTE:
If a user has locked their account, uncheck the Lock the user's account option.
User Groups
With user groups we are able to organize user accounts based on the Global permissions.
To create a user group, select User Group from the Add menu. The right panel will change to the Add User Group interface. Here we can name this user group.
We are also able to select which users are included in this group. To move users into this group, select a user and click .
Create New User Groups
NOTE:
Users can be placed into more than one user group. If a Global Permission from one group conflicts with another group, the allow option will automatically be inherited.
After we're done, click the button in the bottom right hand corner.
Global Permissions
Global Permissions allows for the configuration of functionality in the MobiControl Web Console. For example, if a certain user group shouldn't be able to view device rules, just click deny in the View Rules section. Global Permissions can be modified on user accounts and user groups.
If allow or deny is not selected, the default value is set to deny.
| Global Permission | Description |
|---|---|
| MobiControl Access | Allow or deny access to the MobiControl Manager. If allow is selected, every option below it will automatically be allowed. If deny is selected, every option below it will automatically be denied. |
| Web Console Access | Allow or deny access to the MobiControl Web Console |
| Manage Console Security | Allow or deny users to turn off Web Console security |
| Manage User Security | Allow or deny users to manage users |
| Configure Devices/Device groups | Allow or deny users to access the devices tab under each device section |
| View Rules | Allow or deny users to view the rules tab. If allow is selected, Manage Add Device, Deployment, File Sync, Device Relocation, Data Collection, Alert and Application Catalog rules below it will automatically be allowed. If deny is selected, they will automatically be denied. |
| Manage Add Device Rules | Allow or deny users to manage Add Device rules |
| Manage Deployment Rules | Allow or deny users to manage Deployment rules |
| Manage File Sync Rules |
Allow or deny users to manage File Sync rules |
|
Manage Device Relocation Rules |
Allow or deny users to manage Device Relocation rules |
| Manage Data Collection Rules | Allow or deny users to manage Data Collection rules |
| Manage Alert Rules | Allow or deny users to manage Alert rules |
| Manage Application Catalog Rules | Allow or deny users to manage Application Catalog rules |
| Configure Packages | Allow or deny users to access the packages tab under each device section |
| Configure Deployment Servers | Allow or deny users to access the servers tab |
| Manage Console Global Settings | Allow or deny users to change Global Settings for MobiControl. This includes changing the APNS certificate and log truncation. |
| Change MobiControl Registration Code | Allow or deny users to change the MobiControl registration code. |
| Manage System and Device Alerts | Allow or deny the users to view and access alerts |
| Generate and Print Reports | Allow or deny users to access the reports tab under each device section |
| Import Reports | Allow or deny users to import new reports |
| View Dashboard | Allow or deny users to view the Web Console dashboard |
Active Directory User/Group
Using Active Directory accounts is efficient to users because they would enter the username and password they log into their Windows Workstation with, meaning, one less password to remember. To ensure that Active Directory user accounts can be binded, please make sure that Active Directory Security is enabled in console security. Please see the Console Security page for more information on how to enable Active Directory security.
When Active Directory User/group is selected, the right panel will change to Add Active Directory User/Group. Here, enter the display name of the user/group to be added and not the User/Group ID. Click Check Name to find the user/group.
If an Active Directory group is added, then all users who are included into that group have access to the MobiControl Web Console.
You can also assign Active Directory user/groups to MobiControl Security Groups.
Create New MobiControl Active Directory Accounts
After we're done, click the button in the bottom right hand corner.
Removing users
If a user account or group is not required anymore, click the user account/group and click 
.