|
|
As an administrator, many a time you would have felt mundane routines spill over crucial attention-seeking jobs of your network. Mobile Device Manager Plus MSP allows the administrator to designate various roles with certain privileges to other technicians through its User & Role Management module.
Some of the most commonly used Roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions. Here's a brief on the Pre-defined and User-defined roles respectively:
You can tailor-make any number of roles, using Mobile Device Manager Plus MSP and give them permissions of your choice based on your personalized needs. These customized roles fall under the User-defined category. Using this the administrator can provide access to the technicians for the customers that the technician is managing. This will allow the technician to view and manage the devices of customers that fall in their scope of management and restrict access to the other customer's devices.
For a better understanding let us quickly see how to create a User-defined Role in the following section. Follow the steps mentioned below to create a new User-defined role:
On the web console, select the Admin tab and click User Administration. This opens the User Administration page.
Select the Role tab and click the Add Role button.
Specify the Role Name and a small description about it.
You
can define module-wise permission level for the Role in the Select
Control Section.
The permission levels are broadly classified
into:
Full Control
- To perform all operations
like an administrator, for the specific customer
Read
- To only view the details
of the customer's devices
Write
- To perform actions like association and distribution
for the customer. No permission to create or modify any settings in the module.
No Access
- To hide the customer from
the User .
Click Add button.
You have successfully created a new role.
 |
|
You will find the following roles in the Pre-defined category:
The Administrator role signifies the Super Admin who exercises full control, on all customers. The operations that are listed under the Admin tab include:
Making changes to this role is strictly prohibited.
This role has all the same permissions and privileges as the administrator role , the only difference being that these actions can be performed only for the particular customer that has been assigned to them by the administrators.
The Technician Role has a well defined set of permissions to do specific operations. Users under the Technician role are restricted from performing all the operations listed under the Admin tab. The technician is also restricted from using Mobile Device Manager Plus MSP settings.
The operations that can be performed by users associated with the Technician Role include:
The Guest Role retains the Read Only permission to all modules-for viewing, MDM MSP inventory details, reports, profiles and Apps of the mobile devices. A user who is associated to the Guest Role, will have the privileges to scan and view IT asset information. Making changes to this role is strictly prohibited.
Auditor:The Auditor role is specially crafted for Auditing Purposes. This role will help you grant permissions to auditors view the details of software inventory, check for license compliance, etc.
The IT Asset Manager has complete access to the Asset Management module. IT Asset Manager can view the Inventory details of all the Mobile Devices. All the other features are inaccessible.
You can associate a User with a Role while creating a new user. To create a user follow the steps mentioned below:
You have successfully create a user and associated a role to the user.
In addition to providing a passcode policy, you can also secure access to Mobile Device Manager Plus MSP server by configuring Two-Factor Authentication(TFA) as well. TFA provides an additional layer of authentication, before access to Mobile Device Manager Plus MSP server. Mobile Device Manager Plus MSP provides you with two methods for authentication:
On providing the password, a verification code is sent to the E-mail address provided by the user previously. You can add the E-mail address by navigating to Admin -> User Administration and selecting the User tab. Click on the ellipsis icon under Action, against the user whose E-mail address is to be added. Click on Modify and provide the E-mail address. Once done, click on Modify to save the changes
You need to have the Google Authenticator app (iOS / Android) installed for this authentication. On providing the passcode first time after the policy has been applied, you will be shown instructions on-screen for authentication using Google Authenticator. You need to either scan the given QR using Google Authenticator or add the given key manually. Once done, Google Authenticator periodically generates verification codes, which is to be used for authentication.
You can configure TFA as explained below:
 |
If you are facing issues with authentication using Google Authenticator,
|
It is always recommended to have the password policy for logging to MDM MSP server, as it prevents unauthorized logins. password policy defines various parameters such as password complexity, password length to ensure users provide to a strong password, in accordance with the security standards of the organization. You can configure a password policy as explained below:
| FEATURE | DESCRIPTION |
| Password Type | Specify the complexity of the login password. If the option Complex is selected the login password must contain one special character, one upper case and one lower case character. |
| Minimum Password Length | Specify the minimum number of characters, the login password should contain. |
| Number of passwords to be maintained in history | Specify the number of old passcodes which cannot be utilized by the user, while changing the password. For example, if you set it as 4, the users cannot use the last 4 passwords used previously |
| Lock user account, if it exceeds the maximum login attempts specified | Specify whether the user should be restricted from logging in, on exceeding the maximum number of invalid login attempts |
Once you have configured the policy, click on Save to apply the policy.
Mobile Device Manager Plus MSP offers the flexibility to modify the role of users, to best suit your changing requirements. You can do operations like Changing the User Role and Reset User Password at any point of time you feel you should.
There are certain scenarios, where you might want to know the number of active sessions, the number of sessions from a particular IP/location etc., Mobile Device Manager Plus MSP lets you obtain all this information in addition to terminating all other active sessions.
To know the login session details of a particular user,
To know other details, click on the user icon present at the top right of your server and from the dropdown, you will know the number of current active sessions. Click on it, to know the last 10 logon activities as well as to terminate other active sessions
At times when you find a user's contribution obsolete, you can go ahead and delete the user from the user list. Follow the below given steps to remove a user:
|
|