Access Control

Under Admin > Access Control, the Members, Support Users, Roles, and Scopes pages enable you to manage access to the Neurons Platform.

Members

When a company signs up for the Ivanti Neurons Platform, the first person who logs in becomes a member and is assigned the role of Administrator. Other people can be invited to become Neurons Platform members and use the features the Neurons Platform has to offer.

There is no connection between the list of users who are members of the Neurons Platform and the user data that’s imported using an Active Directory connector.

  1. Go to Admin > Access Control > Members.
  2. On the Members page, click Invite new member.
  3. Provide the email address and name of the person, and assign the desired roles.
    To invite more than one user, click Add another until you've added everyone you want to invite.
  4. Click Send invitations. An email is sent to each address you provided, and each person is invited to log in.

When the invitation is sent, the person's name will appear in the Members list and the status is set to Invitation sent. To resend the invitation, click the More Options icon (ellipsis icon) to the right and select Resend invitation.

After they log in for the first time, the status is set to Joined.

  1. Go to Admin > Access Control > Members.
  2. Find the person in the list.
  3. Click the ellipsis icon to the right and select Deactivate or Delete.
  1. Go to Admin > Access Control > Members.
  2. Find the person in the list and click on their Name to open the member Details page.
    The Roles section of the page lists roles that are already assigned to the member.
  3. Click Assign Roles for a list of available roles and their associated permissions.
  4. Select the roles you want to assign to the member.
  5. You can go to the Effective Permissions page to review the resulting access profile for the member.
  6. When you have made the desired changes, click Save & Close.

Support Users

You can invite support users to perform various support tasks, such as Deploy Patch, Detect Outages, Execute Script, Factory Reset, File Transfer, Install Endpoint Manager Package, Lock/Unlock Device, Manage Processes, Reboot Device, and Remote Control.

To invite new support users:

  1. Go to Admin > Access Control > Support Users.
  2. Click + Invite Support Users and enter values for the following fields:
    1. Email*
    2. First Name
    3. Last Name*
    4. Roles
    5. Scopes
    6. Expiry Time

  3. Click Add Another to add more support users.

  4. Click Send Invitations button. The invitations will be sent in an email.

  5. Click to perform the following modifications:
    1. Click Resend Invitation to send the email with the invitation again.
    2. Click Extend Expiry to increase the expiry time of the support user to perform the designated tasks. Available options are 12 hours, 24 hours, 3 days, and 7 days.
    3. Click Delete to delete the support user.

      If the member has already logged in, they will continue to have access to the tenant until the expiration time.

Roles

You can configure the permissions of your members by assigning them one or more Roles.

The Neurons Platform comes with several pre-configured roles that cannot be changed. If these roles do not meet your needs, you can also create custom roles.

  1. Go to Admin > Access Control > Roles.
  2. Click the role you want to modify or click Add custom role, to open the role configuration page.
  3. Use the Permissions tab to specify the set of permissions for this role.
    You can add or remove permissions in two ways.

    Select by category:

    1. Select a permissions category from the left-hand column, for example Global Actions.
    2. In the Select Permissions column, use the checkboxes to select desired permissions from the Global Actions category.
      You can also use the check box at Select Permissions to add or remove all permissions in the category.
      checkbox with blue background and white dash symbol indicates some permissions in the category have been selected.
      check box with blue background and white tick indicates all permissions in the category have been selected.
    3. Repeat for other categories you may need.

    Search by name:

    1. If you know (part of) the name of the permission, type it in the Search all permissions field.
      A list of matching permissions appears and is updated as you type.
    2. Add or remove permissions directly from that list, using their check boxes.

    The Selected column displays an overview of all selected permissions across categories.

  4. Use the Members tab to assign the role to members, or remove it.
  5. When you have made the desired changes, click Save & Close.

Scopes

Use scopes to define which devices members can see and manage. Administrators can create a scope containing a static list of devices or they can create a scope that works dynamically based on filters.

Members can have multiple scopes assigned to them. Scope creation and assignment requires the Access Control > Modify Scopes permission.

Scopes currently apply to only the following areas of Ivanti Neurons platform:

  • Devices
  • People
  • Smart Advisors
  • Dashboard components that get data from Devices or People
  1. Click Admin > Access Control > Scopes.
  2. Click the scope you want to modify or click Create new > Create device scope, to open the new device scope page.
  3. Enter a Scope name.
  4. Under Scope type, select Static.
  5. Click Add devices.
  6. Click Add or select the box next to each device you want to include in the scope. Use the search box to filter the list.
  7. Click OK when you're done adding devices. The devices you selected appear in the scope's device list.
  8. At the bottom of the page, click Save & Close.
  1. Click Admin > Access Control > Scopes.
  2. Click the scope you want to modify or click Create new > Create device scope, to open the new device scope page.
  3. Enter a Scope name.
  4. Under Scope type, select Dynamic. It's the default.
  5. Under Scope filters, build a filter that includes the devices you want.
  6. At the bottom of the page, click Save & Close.
  1. Click Admin > Access Control > Members.
  2. Find the person in the list and click on their Name to open the member Details page.
  3. Click the Scopes field.
  4. Click Add Scope > Device Scope.
  5. From the Device scopes list, select the scopes you want to assign to the member.
  6. Click Assign scopes.
  7. When you have made the desired changes, click Save & Close.
  1. Click Admin > Access Control > Scopes.
  2. On the required scope, click and select Remove Members to remove a member from the scope.

    If the scope is not assigned to a member, the Remove Members option will be disabled for that particular member.