User management in the Adminapp

A core feature of the Adminapp is end-user management, which is primarily used by user administrators and help-desk staff.

 
Notice

To improve readability, the term administrators is used for both user administrators and help-desk staff throughout this article.

The corresponding Users menu of the Adminapp allows administrators to create, edit, delete, and search for end-users, and unlock locked users.

The Users menu consists of:

  • The Users main dialog, where administrators can create new end-users with the Create User button. It also allows searching for existing end-users. The (configuration of the) search function is described in User search in Adminapp.
  • The User Details dialog shows the details of the selected end-user. This is where administrators can lock or unlock end-users, edit the user's details or delete the end-user account entirely. The (configuration of this) dialog is described below.

The User Details dialog in the Adminapp

The screenshot below shows the User Details dialog for end-user John Doe:

The following table provides a high level description of the dialog tabs and their configuration options in the Config Editor.

 
Notice

Most settings of the User Details dialog are configured with the Users Configuration plugin. The configuration options in the table below focus on this plugin.

To configure the Users Configuration plugin, go to
Config Editor >> Adminapp >> Users

Tab

Description

Configuration options in the Users Configuration plugin
(Config Editor >> Adminapp >> Users)

Overview

Summarizes information on the end-user, such as profile details, login information, and failed logins.

The User Locking section shows whether the selected end-user is currently locked and if yes, the lock details. Administrators can unlock a locked user or manually lock the user, if needed.

User locking

  • Section User Details Page - General section:
    • User Locked Section field: Defines the visibility of the User Locking section in the Overview tab.
    • Locking Settings field: Defines the locking behavior and settings, such as available lock reasons. The administrator can choose one of those lock reasons when manually locking an end-user.

Profile

Displays editable user profile information, such as first and last name, date of birth, address, email address, correspondence language, and the user validity period. You can also assign roles to the selected end-user.

The Delete button allows administrators to delete the selected end-user.

 
Notice

If an end-user has the same username as the administrator, and both are stored in the same user store, the administrator may accidentally delete their own account. To prevent this, refer to the configuration options on the right.

User profile entry fields

  • Section User Details Page - General; Rows On User Detail Page list: Defines the entry fields displayed in the Profile tab. Note that the Username field is not configurable as it is always visible.

Available user roles

  • Section User Details Page - General; Available User Roles list: Defines the roles that can be assigned to the end-user.

User validity period

  • Section User Details Page - General; Show User Valid Section checkbox: If enabled, the Profile tab includes a Valid from/to section, allowing administrators to set/edit the validity period of the selected end-user. This checkbox is disabled by default.

Preventing self-deletion

  • Section Advanced Settings; Admin Cannot Delete User With Same Name checkbox: If enabled, administrators cannot delete users with the same username as themselves. This checkbox is disabled by default.

Authentication Methods

Displays the authentication methods available for the selected end-user. Administrators can set the currently active authentication method, add new authentication methods, and define a deadline by which the end-user must migrate to a different authentication method.

Each new authentication method added by the administrator for the end-user gets its own tab in the User Details dialog. See the screenshot above, where end-user John Doe has three tabs, Password, Airlock 2FA, and FIDO. Each tab shows the authentication method's details.

Available authentication methods

  • Section User Details Page - Authentication Tokens (Credentials); Authentication Tokens (Credentials) list: Defines the available authentication credentials (methods). To enable an authentication method for the selected end-user, administrators must choose it from the drop-down in the Add New Authentication Method section of the Authentication Methods tab.

Authentication method migration

  • Section User Details Page - Authentication Tokens (Credentials)
    • Show Migration Section checkbox: If enabled, the section Authentication Method Migration is displayed in the Authentication Methods tab. This checkbox is disabled by default.
    • Enable Multiple Next Auth Methods checkbox: If enabled, administrators can select multiple authentication methods in the Authentication Method Migration section. During migration, the selected authentication methods appear to the end-user so they can choose their preferred method. For more details, see Plugin documentation - Users Configuration plugin. This checkbox is disabled by default.

Activities

Shows the most-recently logged activities of the selected end-user. The list includes log entries from both the Loginapp and Adminapp.