Access Control

Navigate to Main menu > Admin > Access Control, the Members, Roles, Scopes, and Spaces pages enable you to manage access across the Ivanti Neurons Platform.

The Spaces page and the associated options are only available for Unified Product Experience tenants. For more information, see Unified Product Experience.

Members

When a company signs up for the Ivanti Neurons Platform, the first person who logs in becomes a member and is assigned the role of Administrator. Other people can be invited to become Neurons Platform members and use the features the Neurons Platform has to offer.

There is no connection between the list of users who are members of the Neurons Platform and the user data such as People, Function, Feature, and Directory that is imported using an Active Directory connector.

  1. Go to Main menu > Admin > Access Control > Members.
  2. On the Members page, click + Invite New Member.
  3. Provide the email address and name of the person, and assign the desired roles.
    To invite more than one user, click Add another until you've added everyone you want to invite.
  4. Click Send invitations. An email is sent to each address you provided, and each person is invited to log in.

When the invitation is sent, the person's name appears in the Members list and the status is set to Invitation sent. To resend the invitation, click More Options (ellipsis icon) to the right and select Resend invitation.

After they log in for the first time, the status is set to Joined.

  1. Go to Main menu > Admin > Access Control > Members.
  2. Find the person in the list.
  3. Click More Options (ellipsis) to the right and select Deactivate or Delete.
  1. Go to Main menu > Admin > Access Control > Members.
  2. Find the person in the list and click on their Name to open the member Details page.
    The Roles section of the page lists roles that are already assigned to the member.
  3. Click Assign Roles for a list of available roles and their associated permissions.
    The Select Roles dialog appears.
  4. Select the roles you want to assign to the member.
  5. You can select the space for a specific role by clicking (spaces) in the Selected Roles section.
    The Select spaces for Custom-MDM-Role section appears.
  6. Select the desired space(s) by clicking on the check boxes.
  7. Click X in the Selected Roles section.
  8. You can go to the Effective Permissions tab to review the resulting access profile for the member.
  9. You can go to Spaces and click Remove Member to remove the member from the space.
  10. When you have made the desired changes, click Save & Close.
    If the role requires to select a space, refer to the

Roles

Configure the permissions of your members by assigning them one or more Roles.

The Neurons Platform comes with several pre-configured roles that cannot be changed. If these roles do not meet your needs, you can also create custom roles.

Space aware roles - The permissions are specific to each space, so you can assign roles to a specific space only. Examples are Device Management, App Management in a space. To learn more, refer to the Roles Management section in the Ivanti Neurons for MDM Administrator guide.

General roles - The permissions are, by nature, applicable to all roles. Examples are tenant-level settings such as MDM Certificates, App Catalog Settings.

  1. Go to Main menu > Admin > Access Control > Roles.
  2. Click +Add Custom Role.
    The New Role page appears. 
    1. Enter the Name.
    2. Enter a Description.
  3. Click the Permissions tab to specify the set of permissions for the selected role.
    You can set permissions for multiple products. For example, when you are creating a role in the Neurons Platform tenant, you can set permissions associated with both Neurons Platform and MDM at the same time.
    You can add or remove permissions in two ways:
    Select by Category:
    1. Select a permissions category from the left-hand column, for example, MDM Actions.
    2. Select the required permission categories under MDM Actions.
    3. In the Select Permissions column, select the desired permissions from the MDM Actions category. The planet icon indicates space-aware permission.
    4. The Selected column displays an overview of all selected permissions across categories.
      You can also use the check box at Select Permissions to add or remove all the permissions in the category.
      checkbox with blue background and white dash symbol indicates some permissions in the category have been selected.
      check box with blue background and white tick indicates all permissions in the category have been selected.
      Alternatively, click Remove from the Selected column to remove the existing permission.
    5. Repeat for other categories you may need.
    Select by Name:
    1. If you know (part of) the name of the permission, type it in the Search.
      A list of matching permissions appears and is updated as you type. You can add permissions using the check boxes in these search results.
    2. Continue with step 3 (d) under Select by Category.

  4. Use the Members tab to assign the role to members or remove it.
    1. Click the Assign to Member(s) button.
      The Assign to Member(s) dialog appears.
    2. Select the members you want to assign the role to.
    3. Click Assign to Selected.
    4. To remove a member, select them and click Remove Selected Member(s).
    5. Select the member to assign the role(s).
    6. Click Assign Roles in the Roles Panel.
      The Select Roles dialog appears.
    7. Select the roles you want to assign to the chosen member.
      To remove the selected role(s), click X in the Selected roles section.
    8. Once you have made the changes, click X to close the Select roles dialog.

  5. Click Save & Close

  1. Go to Main menu > Admin > Access Control > Roles.
  2. Click Permissions tab. Follow the steps 3 to 6 from the create a custom role section.

Scopes

Use scopes to define which devices members can see and manage. Administrators can create a scope containing a static list of devices or they can create a scope that works dynamically based on filters.

Members can have multiple scopes assigned to them. Scope creation and assignment requires the Access Control > Modify Scopes permission.

Scopes currently apply to only the following areas of Ivanti Neurons platform:

  • Devices
  • People
  • Smart Advisors
  • Dashboard components that get data from Devices or People
  • Patch Management
    In certain scenarios, the number of devices found in a scope may be higher than the number of devices available in Patch Management once this device scope is assigned. The icon shows the information in the column is not as per specified scope. A banner also indicates this on the top of the page.
  • Edge Intelligence (Device Scope supported)
    In certain scenarios, the number of devices found in a scope may be higher than the number of devices available in Edge Intelligence once this device scope is assigned.
    Scenarios are:

    1. When configuring a scope, the used filter criteria can result in identical devices. For an example: multiple devices with the same computer name.

    2. Not all devices have the Edge Intelligence engine or capability installed.

    3. Device being offline for longer than 30 days, which Edge Intelligence will clean up.

  1. Go to Main menu > Admin > Access Control > Scopes.
  2. Click the scope you want to modify or click Create new > Create device scope, to open the new device scope page.
  3. Enter a Scope name.
  4. Under Scope type, select Static.
  5. Click Add devices.
  6. Click Add or select the box next to each device you want to include in the scope. Use the search field to filter the list.
  7. Click OK when you have finished adding devices. The devices you selected appear in the scope's device list.
  8. At the bottom of the page, click Save & Close.
  1. Go to Main menuAdmin > Access Control > Scopes.
  2. Click the scope you want to modify or click Create new > Create device scope, to open the new device scope page.
  3. Enter a Scope name.
  4. Under Scope type, select Dynamic. It's the default.
  5. Under Scope filters, build a filter that includes the devices you want.
  6. At the bottom of the page, click Save & Close.
  1. Go to Main menu > Admin > Access Control > Members.
  2. Find the person in the list and click on their Name to open the member Details page.
  3. Click the Scopes field.
  4. Click Add Scope > Device Scope.
  5. From the Device scopes list, select the scopes you want to assign to the member.
  6. Click Assign scopes.
  7. When you have made the desired changes, click Save & Close.
  1. Go to Main menuAdmin > Access Control > Scopes.
  2. On the required scope, click and select Remove Members to remove a member from the scope.

    If the scope is not assigned to a member, the Remove Members option will be disabled for that particular member.

  1. Go to Main menu > Admin > Access Control > Scopes.

  2. Click the scope you want to modify or click Create New > Create People Scope.
    The New People Scope page appears.

  3. Enter a Scope Name.

  4. Under Scope Type, select Static.

  5. Click + Add People.
    The Add People panel appears.

  6. Click Add to add a single user or to add multiple users select the check box of each user you want to include in the scope and click + Add People button. You can use the search box to filter the list.

  7. Click OK when you're done adding user(s). The user(s) you selected appear in the list of scopes.

  8. Click Save & Close on the top right of the page.

  1. Go to Main menu > Admin > Access Control > Scopes.

  2. Click the scope you want to modify or click Create New > Create People Scope.
    The New People Scope page appears.

  3. Enter a Scope Name.

  4. Under Scope Type, select Dynamic. It's the default.

  5. Under Scope Filters, build a filter that includes the users you want.

  6. Click Save & Close on the top right of the page.

  1. Go to Main menu > Admin > Access Control > Scopes.

  2. Click Create New > Copy from Device Group.
    The Device Group window appears.

  3. Select the desired device group or use the search box to filter out the device.

  4. Click Copy to Scope.
    The New Device Scope page appears.

  5. Enter the Scope Name.

  6. Configure the scope as required.

  7. Click Save & Close on the top right of the page.

Spaces

The Spaces page and the associated options are only available for Unified Product Experience tenants. For more information, see Unified Product Experience.

Spaces allow you to categorize mobile devices based on their characteristics or the user they belong to, making it easier to facilitate delegation management. Spaces can be created to reflect an organizational hierarchy or geography. Ivanti Neurons for MDM supports single-level delegation with a central management entity referred to as a Default Space, and a number of subordinate management entities referred to as Delegated Spaces.

To learn more about Spaces, see the Ivanti Neurons for MDM Administrator guide.

  1. Go to Main menu > Admin > Access Control > Spaces tab.
  2. Click +Add Space.
    The Add Space panel appears.
  3. Enter the Space Name.
  4. Set Priority. By default the priority is set to the next level available.
  5. Define Rule. Select Any when you want a device to be placed in this space if it matches any of the rules you have specified. Select All when the device must match all rules to be placed in this space.
  6. Click Add Space.
  7. Click Preview Changes to see how many devices will be assigned to the space.
  8. Click Save to publish the space.
  1. Go to Main menu > Admin > Access Control > Spaces tab.
  2. Click to modify the space.
    1. Click Edit name to modify the space name.
    2. Click Edit rule to modify the defined rules.
    3. Click Move up to increase the priority by one and decrease the priority of the space above this space by one.
    4. Click Move down to decrease the priority by one and increase the priority of the space below this space by one.
    5. Click Delete space to delete the space.