×
×
×
×

User and Role Administration

Last Updated On 19 Jan 2026 |
14 minutes read |

User administration refers to the process of managing user accounts within a system or application for better management. In the context of , user administration involves tasks such as creating, modifying, and deleting user accounts. This includes defining user roles, assigning scopes (permissions), and ensuring that users have the appropriate access levels to perform their tasks.

Users and Roles

User accounts are individual accounts created under a scope that provides them the access to endpoints and remote offices. Roles, on the other hand, define a set of permissions that determine what actions a user can perform within the system. Each user is assigned a role, which governs and determines their level of access and authority.

Role Management

Some of the most commonly used Roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions. Here's a brief on the Pre-defined and User-defined roles respectively:

User-defined Role

You can create roles, and customize them based on your personalized needs. These customized roles fall under the User-defined category. Follow the steps mentioned below to create a new User-defined role:

  1. Select the Admin tab, navigate to User Administration. 
  2. Select the Role tab and click the Add Role button.
  3. Specify the Role Name and a small description about it.
  4. Define module-wise permission level for the Role in the Select Control Section. This includes options like Full Control, Read, and No Access.
  5. Click Add button. This completes the process of creating a new role.

Note
Role deletion cannot be performed if that role is associated even with a single User. However you can modify the permission levels for all User-defined roles.

Pre-defined roles:

You will find the following roles in the Pre-defined category:

  • Administrator Role: The Administrator role signifies the Super Admin who exercises full control, on all modules. The operations that are listed under the Admin tab include:
    1. Full control over all modules.
    2. Defining or modifying Scope of Management.
    3. Adding Inactive Users
    4. Changing mail server settings
    5. Scheduling vulnerability database update, and more
  • Guest Role:The Guest Role retains the Read Only permission to all modules. A user who is associated to the Guest Role, will have the privileges to scan and view various information about different modules, although making changes is strictly prohibited. Guest Role also has Read Only permission for viewing, MDM inventory details, reports, profiles and Apps of the mobile devices.
    1. Read-only access to all modules.
    2. Privileges limited to viewing information without the ability to make changes.
  • OS Deployer: The OS deployer role provides the associated user the privilege to capture images of Windows OS and deploy it across the network computers.

How to associate users with roles?

  1. Open the  Web Console → Navigate to Admin tab → User Administration.
  2. Click User → Add User.
  3. Select the Authentication type as Active Directory Authentication or Local Authentication. For Active Directory Authentication, select a Domain in Domain name.
Note
Kindly note that Active Directory Authentication is available for on-premises environments only.
  1. Specify a User Name.
  2. Specify the Role from the drop-down list. This list will contain both pre-defined and user defined roles
  3. For Active Directory Authentication, the Email Address of the user will be fetched from Active Directory, if available. If not, specify the email address of the user manually. The Email Address should be manually entered for local authentication.
  4. If required, enter the phone number of the user
  5. Click on Add User.

Secure Authentication

The Secure authentication feature under User Administration ensures additional security of the application by implementing various security measures. This makes sure that users who have authorised privileges can perform operations in . There are three sub-features under Secure Authentication and they include:

  • Two-factor authentication: The user will only be able to login after entering the username and password, followed by an OTP that they will receive via mail.
  • User Account Policy :The user account policy refers to the set of rules and requirements that govern user accounts within the system. This policy often includes the action that must be taken against invalid login attempts like the number of invalid login attempts allowed and lockout duration for invalid attempts. It also includes the domain settings during login like rules for hiding the domain list and the default domain for authentication. With this policy, you can also set actions against account inactivity and session expiration time for users.
  • Password Policy: The Password Policy allows admins to create a number of rules for users while they are setting up passwords. It allows to set a minimum password length, minimum number of special characters, the number of last passwords that the user can reuse and when they should enforce users to change their password.

Notifications

The Notification feature allows admins to get notified when the user performs a varied set of operations. For the admin to receive notifications, their e-mail ID addresses should be mentioned so that they get notified when the following changes are made:

  • When a user resets the password
  • When the user account gets locked or disabled due to invalid login attempts
  • When the user account gets disabled due to inactivity
  • When the disabled account is reactivated by the admin
  • When the account is manually disabled by the admin
  • When a new user account is created or deleted

Related Articles
  1. How to add a domain in OS Deployer
  2. How to create remote offices in OS Deployer
Was this document helpful?
Yes
No