User Management

The purpose of this section is to understand the OmniDefend User Management Feature. All user management features can be located by clicking Users in the lefthand pane on the OmniDefend dashboard. See the image below for clarity.

Adding/Removing Users and Editing User Information

1. Adding a User

To add a user, locate the lefthand pane in the OmniDefend Dashboard, and under Users, click Add User(s). You should see a page titled Create a New User, as seen in the screenshot below.

Fill out all of the fields above.

Tip

The following fields are optional: Office Branch and Branch Code

The user role field is significant to the access management level of the user. Choose a role from the available list, as depicted in the image below.

Each role has things the user can and can’t do. For more information on user role privileges, see the table below.

OmniDefend Roles

Role display name	System Administrator	HelpDesk Administrator	Company Administrator	Local Administrator	Branch Administrator	Operator	Branch Operator	Auditor	Enroller	Employee	Customer
Role internal name	SystemAdministrator	HelpDeskAdministrator	CompanyAdministrator	LocalAdministrator	BranchAdministrator	Operator	BranchOperator	Auditor	Enroller	Employee	Customer
Role description	The system administrator role allows access to all functions in OmniDefend in all organizations in the server.	The helpdesk administrator role allows access to all non-server related functions in any organization.	The company administrator role allows access to all functions in OmniDefend that are accessible to their organization.	The local administrator role allows access to all functions in their organization except for configuration of organization specific settings.	The branch administrator role allows access to all user administration and auditing information in their work branch in their organization.	The operator role allows for user administration (except enrollment) in his/her organization.	The operator role allows for user administration (except enrollment) in his/her work branch in his/her organization.	The auditor role allows access to reporting and auditing functions in OmniDefend for his/her organization.	The enroller role allows a user to create and enroll other users in his/her organization.	The employee role allows access to the user’s portal and employee related functions like single-sign on (SSO) and Windows login.	The customer role is assigned to users that only require authentication and identity management services. The user can not login to the OmniDefend server and has no access to services like single-sign on (SSO) or Windows login.
User permissions
omnidefend:permissions:core:users:createUsers	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch		Same Organization
omnidefend:permissions:core:users:viewUsers	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch	Same Organization	Same Organization	Self	Self
omnidefend:permissions:core:users:viewUsers:resetPwd	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch	Self		Self	Self
omnidefend:permissions:core:users:viewUsers:unlockAcct	All Organizations	AllOrganizations	Same Organization	Same Organization (except self)	Same Work Branch (except self)	Same Organization (except self)	Same Work Branch (except self)
omnidefend:permissions:core:users:viewUsers:enrollAuth	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch	Self	Same Organization	Self	Self
omnidefend:permissions:core:users:modifyUsers	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch		Same Organization
omnidefend:permissions:core:users:removeUsers	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch
Organization permissions
omnidefend:permissions:core:organizations:createOrganizations	All Organizations	AllOrganizations
omnidefend:permissions:core:organizations:viewOrganizations	All Organizations	AllOrganizations	Same Organization
omnidefend:permissions:core:organizations:modifyOrganizations	All Organizations	AllOrganizations	Same Organization
omnidefend:permissions:core:organizations:removeOrganizations	All Organizations		Same Organization
omnidefend:permissions:core:organizations:viewIAMStatistics	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch
Application permissions
omnidefend:permissions:core:applications:createApplications	All Organizations	AllOrganizations	Same Organization	Same Organization
omnidefend:permissions:core:applications:viewApplications	All Organizations	AllOrganizations	Same Organization	Same Organization	Self			Same Organization	Self	Self
omnidefend:permissions:core:applications:modifyApplications	All Organizations	AllOrganizations	Same Organization	Same Organization
omnidefend:permissions:core:applications:removeApplications	All Organizations	AllOrganizations	Same Organization	Same Organization
Role permissions
omnidefend:permissions:core:roles:createRoles	All Organizations	AllOrganizations	Same Organization	Same Organization
omnidefend:permissions:core:roles:viewRoles	All Organizations	AllOrganizations	Same Organization	Same Organization				Same Organization
omnidefend:permissions:core:roles:modifyRoles	All Organizations	AllOrganizations	Same Organization	Same Organization
omnidefend:permissions:core:roles:removeRoles	All Organizations	AllOrganizations	Same Organization	Same Organization
Event logs permissions
omnidefend:permissions:core:eventLogs:viewLogs	All Organizations	AllOrganizations	Same Organization	Same Organization	Same Work Branch	Same Organization	Same Work Branch	Same Organization	Self	Self
omnidefend:permissions:core:eventLogs:removeLogs	All Organizations	AllOrganizations	Same Organization	Same Organization				Same Organization
Reports permissions
omnidefend:permissions:core:reports:createReports	All Organizations	AllOrganizations	Same Organization	Same Organization	SameOrganization			Same Organization
omnidefend:permissions:core:reports:modifyReports	All Organizations	AllOrganizations	Same Organization	Same Organization	SameOrganization			Same Organization
omnidefend:permissions:core:reports:runReports	All Organizations	AllOrganizations	Same Organization	Same Organization	SameOrganization			Same Organization
omnidefend:permissions:core:reports:removeReports	All Organizations	AllOrganizations	Same Organization	Same Organization	SameOrganization			Same Organization
Server permissions
omnidefend:permissions:core:server:viewServer	Yes
omnidefend:permissions:core:server:modifyServer	Yes
omnidefend:permissions:core:server:viewServerHwInfo	Yes
Portal permissions
omnidefend:permissions:core:portal:portalAccess	Yes	Yes	Yes		Yes	Yes	Yes	Yes	Yes	Yes

The user license field is also significant. Left click the field to show any licenses available, and select the license you want that user to be assigned to, as seen in the image below:

Tip

It is possible to add a user without a license. The user will not be allowed to log in and work normally until a license is assigned.

The save password field is also significant. If the user does not wish to set a password at this time they would leave this unchecked. By default Password fields will be greyed out when there is no check mark. To set this setting. Click the box then type in a password in the password field and type the same password into the confirm password box. If not checked the new user will need to set a password later. See the image below:

Once all the information has been filled out, the user will have 3 different options to create the user, as seen in the image below:

Option 1 - ``Create``

Create simply creates the new user and does nothing more.

Option 2 - ``Create + New``

Create + New is an option to use if you are creating more than one user using this method. It finishes this user creates them and populates the Add new user screen to allow you to fill out for the next user.

Option 3 - ``Create + Enroll``

Create + Enroll is an option if you are wanting to enroll your user in a device after adding them. In this case it would finish creating the user and take you too enrollment for that user.

2. Adding a User in OmniDefend Import Template Method

To import a new user from a file utilizing a template, click the blue button labelled Import from file in the top left corner of the Add User page, as shown below:

The next page will direct you to fill in an organization name and choose a file to import.

Tip

The organization name is important, as some companies have certain users only in certain organizations.

Tip

Click here below the choose file box to download a sample excel file with an organizational template.

The sample file should look similar to the image below:

Fill out these 12 fields for 1 user or many users. The sample template shows there are 10 users that will be added. Now that your spreadsheet is filled out copy it somewhere locally and follow the following steps:

Click upload to finish the import process.

3. Adding a User through importing from a domain controller

To import a user from the domain controller, navigate to the add user page, and click the button titled Import from Directory as shown in the picture below:

The next page will direct you to fill in an organization name and enter in the domain.

Tip

The organization name is important, as some companies have certain users only in certain organizations.

The page will then refresh and look similar to the example below. you should now be able to see a list of users from the domain you joined to OmniDefend if it is configured correctly. Left Click on the check box on the left to select a user to import.

1. Removing Users in OmniDefend

To remove a given user, first navigate to that User’s page. Then, as depicted in the image below, find the actions button to right of Sarah’s user picture. Choose the Remove User option from the dropdown which appears.

A confirmation box will appear, as shown in the image below. Click yes to confirm, and no to cancel and go back to the Users page.

After confirmation, the user will be permanently removed from OmniDefend.

User Licenses and Email Confirmation

It is possible that a User may be added without a license. If this is the case, you will see a brown banner at the top of the Users page like so:

Let’s demonstrate how to correct this with example user Sarah Freedman

On the Users page, click Edit to edit profile information, and Basic user information select the corresponding dropdown to add a license.

Caution

If nothing shows in the drop down the user may have not added a license to the server. The user must add a license to their server prior to these steps in order for it to show here.

After selecting a valid license, click the Save button. If the license was valid, a confirmation message will appear like so:

To resend a confirmation, locate the user profile, and select the correct option under the Actions tab, as demonstrated below.

Check the email for that given user, an activation link will be sent in the form of a link, as seen in the image below.

Caution

The activation link will only be valid for 15 minutes. After that time, the process will have to be started over.

The activation link will direct the user to the following page, where they must enter a new password, and confirm that password in the second box.

PIN Enrollment and Password Change

1. Changing A User’s Password

To change a user’s password, navigate to the user’s page, and left click on actions. A drop down box populates, as shown in the image below:

A change password box then populates.

Caution

Make sure to enter a password not previously used, and confirm the password correctly. Failure to do so will prompt an error message, as shown in the images below:

Upon submission of a valid password, the user should recieve a confirmation email, as shown below:

2. Enrolling a User in OmniDefend PIN

   This section demonstrates how to enroll a user in OmniDefend PIN. First navigate to the User’s page (see example Danny Bellows below), and select the PIN Authenticator icon.

   

   Tip

   In the authentication devices section are all the enrollment devices that were set up during server setup.

   Next, the user should see a PIN box populate like the screen below:

   

   After you type in the new pin and confirm pin, left-click the save data button.

   Caution

   Please ensure to type the same pin in the new pin and confirm pin or the user will get the error message below:

   

   Click save data to save and confirm.