Managing different users and technicians accessing and MDM solution takes up a lot of time and effort from IT admins. This is also because delegating access for various important aspects like app management, content distribution, certificate management, etc has to be done carefully and with thought. Mobile Device Manager Plus solves these concern through its User & Role Management module, by delegating routine activities to selected users/technicians with well-defined permission levels.
It is recommended to have a common Super Admin for all the Zoho services, used across the organization. If the added user is a part of another Zoho service, you cannot exercise Super Admin privileges on this user
Some of the most commonly used Roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions. Here's a brief on the Pre-defined and User-defined roles respectively:
You can tailor-make any number of roles, using Mobile Device Manager Plus and give them permissions of your choice based on your personalized needs. These customized roles fall under the User-defined category. You can choose to grant your technicians access to specific modules such as enrollment, app management etc, to comply with exisiting privacy practices in your organization. For a better understanding let us quickly see how to create a User-defined Role in the following section. Follow the steps mentioned below to create a new User-defined role:
- On the web console, select the Admin tab and click User Administration. This opens the User Administration page.
- Select the Role tab and click the Add Role button.
- Specify the Role Name and a small description about it.
- You can define module-wise permission level for the Role in the Select Control Section.
The permission levels are broadly classified into:
Full Control - To perform all operations like an administrator, for the specific module
Read - To only view the details in that module
No Access - To hide the module from the User .
- Click Add button.
You have successfully created a new role.
The role you have just created will now be available in the Roles list of the user creation module. Role deletion cannot be performed if that role is associated even with a single User. However you can modify the permission levels for all User-defined roles.
You will find the following roles in the Pre-defined category:
The first admin/user who creates an account with the MDM, will be considered as the super admin for the organization. Super admin does not posses excessive powers than an administrator, however super admin cannot be deleted from the organization.
The Administrator role signifies the "Admin user" who exercises full control, on all modules. The operations that are listed under the Admin tab include:
- Add new users and create new roles.
- Enroll Devices
- Rebranding ME MDM.
- Viewing Action Logs of Mobile Device Manager Plus.
- Has full control permission for the Inventory module.
- Has full control for Reports module.
- Has full control for Profiles module.
- Has full control on Apps module.
Making changes to this role is strictly prohibited.
The Technician Role has a well defined set of permissions to do specific operations. Users under the Technician role are restricted from performing all the operations listed under the Admin tab. The technician is also restricted from using MDM settings.
The operations that can be performed by users associated with the Technician Role include:
- Can perform Scan operations.
- Has write permission for the following, Inventory, Reports, Profiles and Apps in Mobile Device Management.
The Guest Role retains the Read Only permission to all modules- for viewing, MDM inventory details, reports, profiles and Apps of the mobile devices. A user who is associated to the Guest Role, will have the privilege to view IT asset information. Making changes to this role is strictly prohibited.
The Auditor role is specially crafted for Auditing Purposes. This role will help you grant permission to auditors view the details of software and hardware inventory.
IT Asset Manager:
The IT Asset Manager has complete access to the Asset Management module. IT Asset Manager can view the Inventory details of all the Mobile Devices. All the other features are inaccessible.
Creating a User and Associating a Role
You can associate a User with a Role while creating a New User. To create a user follow the steps mentioned below:
- Login toMobile Device Manager Plus as anAdministrator
- ClickUser Administration
- Specify a Email, User Name, Role and Phone number
- Click Add User, an email will be sent from Zoho Accounts to the user to join the organization.
On accepting the mail, an account will be created for the user and the user will be prompted to enter a password.
Modifying User details
Mobile Device Manager Plus offers the flexibility to modify the role of users, to best suit your changing requirements. You can change the Role of the user as and when required.
Deleting a Users
At times when you find a user's contribution obsolete, you can go ahead and delete the user from the User List. The user so removed will no more exercise Module Permissions.
Transfer Administrator Privilege:
If the administratior of Mobile Device Manager Plus wishes to pass over his rights as an administrator, he can do so by assigning the administrator role to another user of the organization. Transfer of the admin privilege is necessary in the following cases:
- The current MDM administrator is changing roles or jobs.
- The organization has purchased only one administrator license.
Follow the steps given below to transfer the administration ownership to another user:
- Navigate to User Administration under the Admin tab.
- Select the user to whom the ownership is to be transferred.
- Under Actions, click on Transfer Ownership.
- Enter the e-mail address of the user who will be given the administrator privilege and click Transfer.
- If the user is already a part of the organization, the ownership will be transferred immediately and the existing administrator's rights will be revoked.
- If the user is not part of the organization, he will receive an e-mail to join the organization. The existing administrator's rights will be revoked once the new administrator has joined the organization.
NOTE:This option is available only for the MDM account administrator.
You can invite users (technicians) from here : Admin ->Global Settings -> User Administration. You can specify the email address, name and role of the user. Users will be sent an email, to join the organization. On accepting the Join Organization invitation sent from Zoho Accounts, users can access MDM.
If you are an existing user of ManageEngine ServiceDesk Plus On-Demand or any such ZOHO services, you will have an active account with Zoho. In such cases, you will not receive an email to join the organization. You will have access to MDM. To know more about Zoho Accounts, refer to the FAQs given here.
Points to be Noted
- Only Administrators will have permission to modify the user details, create or delete a user.
- Only Administrators are allowed to create new roles and to modify or delete roles.