ManageEngine® Applications Manager


User Administration

<< Prev

Home

Next >>

User Administration

 

Applications Manager permits four types of user access to work with the product. The different roles are User, Operator, Administrator and Manager.

User : As a system user, you will have read-only access to all components of the product. Users will not have the privilege to access, configure or edit the different components of the product. To delete a user, a user must log in as default Administrator.

 

Operator: The system operators have read-only access to only those components of the product that the administrator assigns to the operator. The operator role does not have the privilege to access, configure or edit the different components of the product. If an operator is part of a Monitor Group, then the restrictions will be in effect only for the operator and not others.

 

Administrator: The system administrators are allowed to perform all admin activities. The administrator role also have the privilege to configure user administration.

 

Manager: The Manager has an integrated high-level view of the Business Infrastructure. Service Level Agreements (SLAs) can be created and associated with various business applications and servers. More information on Manager role can be viewed here.

In the Admin page, click User Administration under Global Configurations to browse through the following tabs:


 

Profiles

Applications Manager provides you with the ability to manage users and roles for your enterprise, with roles assigned to users and different permissions associated to each role. This is achieved by first adding users and associating the users with the roles.

 

You can also import users from Active Directory or LDAP. This functionality is implemented as a more convenient method to add a large number of users and to ease the user administration in Applications Manager. You can import users and perform role configuration for LDAP and Active Directory users and groups in Applications Manager.

 

Add new users to Applications Manager

 

The system administrators are allowed to perform all admin activities as explained in Performing Admin Activities. The admin role also has the privilege to configure user administration as explained below.

Note

The default user access of Applications Manager is admin (Administrator). All users log into Applications Manager as Admin users and are given all the administrative privileges to work with the tool.

You can also assign the owners for the Monitor Groups while creating the Monitor Groups or while editing the existing Monitor Groups

 

Importing users from active directory or LDAP

 

You can import users and perform role configuration for LDAP and Active Directory users and groups in Applications Manager.

 

Users imported from the Active Directory or LDAP can login into Applications Manager using their Active Directory/LDAP credentials. Since user authentication is done in the Domain Controller all the account policy regulations of the company/domain is automatically inherited to Applications Manager credentials also.

 

 

Adding a New Domain

You can select an already added domain from the drop-down list or add a new domain. You can also edit the existing Domain controller settings in the same manner.

You can edit User Profiles from the list of users.  

 

Delete a user


 

User Groups

You can create User Groups in Applications Manager with roles assigned to users or import user groups from Active Directory or LDAP.

Add new user groups to Applications Manager

 

Importing user groups from active directory or LDAP

 

Users in the groups imported from the Active Directory or LDAP can login into Applications Manager using their Active Directory/LDAP credentials. Since user authentication is done in the Domain Controller all the account policy regulations of the company/domain is automatically inherited to Applications Manager credentials also.

 

The users in groups imported from Active Directory\LDAP will be associated automatically to that particular usergroup during login.

 

For Active Directory Users, the admin can import their group and use this feature in permissions tab (Create a new user account if the user logs in with domain authentication.)

 

Adding a New Domain

You can select an already added domain from the drop-down list or add a new domain. You can also edit the existing Domain controller settings in the same manner.

Delete a user group


 

Permissions:

Using the Permissions options, you can allow Operators to manage / unmanage monitors, reset the status of monitors, edit display names and also to execute actions. Otherwise, the admin user has permission to perform these activities. Also, permission can be given to Admin or operator to use the Telnet client of the server monitor, if the server was added in Telnet & SSH mode. AS400 Permissions allow you to permit Operators to execute AS400 Admin activities.

 


 

Views:

This is for Operator only. Using View option, you can define how to represent your subgroup in the webclient.You can either show the associated subgroups directly in the home tab itself or from the corresponding top level Monitor Group.


 

Account Policy:

To enhance Web Client security, Account Policies can be configured. You can define the number of continuous failed login attempts to lock user account and Idle session timeout. You can enforce single user session and strong password rules.

Strong password rules:

 


 

Configuring Active Directory / LDAP with the configuration file

 

You can import users and perform role configuration for LDAP users and groups in Applications Manager. Users and groups are fetched into Applications Manager from different domains, based on the entry in the authentication.conf file found in the following location. For LDAP configuration, you can edit the ldapauthentication.conf file found in the location: ManageEngine/AppManager11/conf.

 

Ldap Configuration

ldap.group.commonNameAttribute=cn
ldap.group.primaryAttribute=cn
ldap.group.displayNameAttribute=cn
ldap.group.objectCategory=group
ldap.group.objectClass=posixGroup;groupOfNames
ldap.group.memberAttribute=member;memberUid
ldap.group.memberofAttribute=
ldap.group.groupTokenAttribute=gidNumber

ldap.user.commonNameAttribute=cn
ldap.user.primaryAttribute=uid
ldap.user.displayNameAttribute=cn
ldap.user.objectCategory=person
ldap.user.objectClass=person;posixAccount
ldap.user.memberofAttribute=
ldap.user.groupidAttribute=gidNumber

Active Directory Configuration

ad.group.commonNameAttribute=cn
ad.group.primaryAttribute=sAMAccountName
ad.group.displayNameAttribute=cn
ad.group.objectCategory=group
ad.group.objectClass=group
ad.group.memberAttribute=member
ad.group.memberofAttribute=memberOf
ad.group.groupTokenAttribute=primaryGroupToken


ad.user.commonNameAttribute=cn
ad.user.primaryAttribute=sAMAccountName
ad.user.displayNameAttribute=displayname
ad.user.objectCategory=person
ad.user.objectClass=
ad.user.memberofAttribute=memberOf
ad.user.groupidAttribute=primaryGroupID

Note

If you have changes in LdapConfiguration.conf and later want to retain the initial configuration, simply rename the file (for example, rename it to LdapConfiguration_old.conf) or move the file to different location and restart Applications Manager.

<< Prev

Home

Next >>

Configure Proxy

Logging