Access Control
Under Admin > Access Control, the Members,
Members
When a company signs up for the Ivanti Neurons Platform, the first person who logs in becomes a member and is assigned the role of Administrator. Other people can be invited to become Neurons Platform members and use the features the Neurons Platform has to offer.
There is no connection between the list of users who are members of the Neurons Platform and the user data that’s imported using an Active Directory connector.
- Go to Admin > Access Control > Members.
- On the Members page, click Invite new member.
- Provide the email address and name of the person, and assign the desired roles.
To invite more than one user, click Add another until you've added everyone you want to invite. - Click Send invitations. An email is sent to each address you provided, and each person is invited to log in.
When the invitation is sent, the person's name will appear in the Members list and the status is set to Invitation sent. To resend the invitation, click the More Options icon () to the right and select Resend invitation.
After they log in for the first time, the status is set to Joined.
- Go to Admin > Access Control > Members.
- Find the person in the list.
- Click the icon to the right and select Deactivate or Delete.
- Go to Admin > Access Control > Members.
- Find the person in the list and click on their Name to open the member Details page.
The Roles section of the page lists roles that are already assigned to the member. - Click Assign Roles for a list of available roles and their associated permissions.
- Select the roles you want to assign to the member.
- You can go to the Effective Permissions page to review the resulting access profile for the member.
- When you have made the desired changes, click Save & Close.
Support Users
You can invite support users to perform various support tasks, such as Deploy Patch, Detect Outages, Execute Script, Factory Reset, File Transfer, Install Endpoint Manager Package, Lock/Unlock Device, Manage Processes, Reboot Device, and Remote Control.
If the Support Invitation to Ivanti Neurons option in the Authentication page is not enabled, the Support Users tab will not appear in the Access Control page.
To invite new support users:
- Go to Admin > Access Control > Support Users.
- Click + Invite Support Users and enter values for the following fields:
- Email*
- First Name
- Last Name*
- Roles
- Scopes
- Expiry Time
-
Click Add Another to add more support users.
-
Click Send Invitations button. The invitations will be sent in an email.
- Click to perform the following modifications:
- Click Resend Invitation to send the email with the invitation again.
- Click Extend Expiry to increase the expiry time of the support user to perform the designated tasks. Available options are 12 hours, 24 hours, 3 days, and 7 days.
- Click Delete to delete the support user.
If the member has already logged in, they will continue to have access to the tenant until the expiration time.
Roles
You can configure the permissions of your members by assigning them one or more Roles.
The Neurons Platform comes with several pre-configured roles that cannot be changed. If these roles do not meet your needs, you can also create custom roles.
- Go to Admin > Access Control > Roles.
- Click the role you want to modify or click Add custom role, to open the role configuration page.
- Use the Permissions tab to specify the set of permissions for this role.
You can add or remove permissions in two ways.Select by category:
- Select a permissions category from the left-hand column, for example Global Actions.
- In the Select Permissions column, use the checkboxes to select desired permissions from the Global Actions category.
You can also use the check box at Select Permissions to add or remove all permissions in the category.
indicates some permissions in the category have been selected.
indicates all permissions in the category have been selected. - Repeat for other categories you may need.
Search by name:
- If you know (part of) the name of the permission, type it in the Search all permissions field.
A list of matching permissions appears and is updated as you type. - Add or remove permissions directly from that list, using their check boxes.
The Selected column displays an overview of all selected permissions across categories.
- Use the Members tab to assign the role to members, or remove it.
- When you have made the desired changes, click Save & Close.
Scopes
Use scopes to define which devices members can see and manage. Administrators can create a scope containing a static list of devices or they can create a scope that works dynamically based on filters.
Members can have multiple scopes assigned to them. Scope creation and assignment requires the Access Control > Modify Scopes permission.
Scopes currently apply to only the following areas of Ivanti Neurons platform:
- Devices
- People
- Smart Advisors
- Dashboard components that get data from Devices or People
- Go to Main menu > Admin > Access Control > Scopes.
- Click the scope you want to modify or click Create New > Create Device Scope .
The New Device Scope page appears. - Enter a Scope Name.
- Under Scope Type, select Static.
- Click Add Devices .
The Add Devices panel appears. - Click Add to add a single device or to add multiple devices select the check box of each device you want to include in the scope and click + Add Devices button. You can use the search field to filter the list.
- Click OK when you're done adding device(s).
The devices you selected appear in the scope's device list. - Click Save & Close on the top right of the page.
- Click Admin > Access Control > Scopes.
- Click the scope you want to modify or click Create New > Create Device Scope.
The New Device Scope page appears. - Enter a Scope Name.
- Under Scope Type, select Dynamic. It's the default.
- Under Scope Filters, build a filter that includes the devices you want.
- Click Save & Close on the top right of the page.
- Click Admin > Access Control > Members.
- Find the person in the list and click on their Name to open the member Details page.
- Click the Scopes field.
- Click Add Scope > Device Scope.
- Click Assign Scopes.
- Click Add or to add a single scope or to add multiple scopes select the check box of each scope you want add and click Assign Scopes button. Use the search box to filter the list.
- When you have made the desired changes, click Save & Close.
- Go to Main menu > Admin > Access Control > Scopes.
- On the required scope, click and select Remove Members to remove a member from the scope.
If the scope is not assigned to a member, the Remove Members option will be disabled for that particular member.
- Go to Main menu > Admin > Access Control > Scopes.
-
Click the scope you want to modify or click Create New > Create People Scope.
The New People Scope page appears. -
Enter a Scope Name.
-
Under Scope Type, select Static.
-
Click + Add People.
The Add People panel appears. -
Click Add to add a single user or to add multiple users select the check box of each user you want to include in the scope and click + Add People button. You can use the search field to filter the list.
-
Click OK when you're done adding user(s). The user(s) you selected appear in the list of scopes.
-
Click Save & Close on the top right of the page.
-
Go to Main menu > Admin > Access Control > Scopes.
-
Click the scope you want to modify or click Create New > Create People Scope.
The New People Scope page appears. -
Enter a Scope Name.
-
Under Scope Type, select Dynamic. It's the default.
-
Under Scope Filters, build a filter that includes the users you want.
-
Click Save & Close on the top right of the page.
- Go to Main menu > Admin > Access Control > Members.
- Find the member from the list and click on their Name to open the details page of that member.
- Click Scopes.
- Click + Add Scope > People Scope.
The People Scopes window appears. - Click Add or to add a single scope or to add multiple scopes select the check box of each scope you want add and click Assign Scopes button. Use the search field to filter the list.
- Click OK when you're done adding user(s). The user(s) you selected appear in the list of scopes.
- Click Save & Close on the top right of the page.
- Go to Main menu > Admin > Access Control > Scopes.
- On the required scope, click and select Remove Members to remove a member from the scope.
If the scope is not assigned to a member, the Remove Members option will be disabled for that particular member.
-
Go to Main menu > Admin > Access Control > Scopes.
-
Click Create New > Copy from Device Group.
The Device Group window appears. -
Select the desired device group or use the search field to filter out the device.
-
Click Copy to Scope.
The New Device Scope page appears. -
Enter the Scope Name.
-
Configure the scope as required.
-
Click Save & Close on the top right of the page.