The following section describes the components of user management.


Until a license key is applied to your system, only the System Administrator (SA) user can log in. When a license key has been applied, analysts can log in to all applications (if they have the appropriate privileges), and all other user types can log in to Ivanti Self Service.

Analysts need a license before they can log in. All other user types can log in without using a license.

There are two license types available:

For information about applying a license key, see the Setup Guide.

For information about allocating licenses to users, see Managing the user license allocation.

User types

There are different types of user account. Analysts are the only type of user that can log in to the Ivanti Console and Web Desk. However, you may want other users to have some access to the information in your system. For this reason, there are other types of user account that can log in to Ivanti Self Service and Ivanti Workspaces. The different types of user account are:

For information about creating users, see Users.

Group types

You can create groups to arrange the users according to job function, expertise, location, and so on. Users don’t have to be a member of a group at all, but it is good practice to make them a member of one or more groups. You can use group membership to control the publishing of shortcut groups and dashboards, the partitioning of data, which window designs appear for the user, and other such features.

For example, you can create different groups for processing incidents and requests, and also create dashboards that are appropriate to help each of these groups with their different responsibilities. You can then publish the dashboards to the appropriate groups and so make the appropriate dashboards available to the required users only.

There are four group types: Support Group – which is an internal group, and Company, Customer and Supplier – which are all external groups.

For information about creating groups, see Groups.


You assign roles to users to specify the privileges that the associated users have.

For example, you can configure your system so that users with the Analyst role can log and resolve incidents, but only users with the Supervisor role can close incidents.

You can place users in groups without assigning them a particular role, and you can assign roles to users who do not belong to a specific group. However, we recommend that you assign roles to users to control their privileges and use groups to control which shortcuts, dashboards, windows, and so on appear to users.

For information about roles, see Roles.


Although you can assign privileges to both groups and roles, we recommend that you assign privileges to roles only. This makes managing your privileges more straightforward. We recommend that you assign privileges to groups only to fulfill group-specific requirements, for example if a privilege is required by a group associated with a specific location.

Privileges enable you to control a role or group’s access to different sections of the system and the functions they can perform within each section. Users are given privileges only when they are added to a role or group.

For information about privileges, see Privileges.

User structures

You can create organization structure diagrams and add users to groups, roles to users, and link users and groups together to represent your organization’s structure.

For information about creating user structures, see User structures.