Configure login accounts

In the Management Portal at Setup > Administrative Roles, prevent unauthorized access to the Management Portal and Setup and Sync Tool. On the Logins tab, configure login accounts and assign them administrative roles. Login accounts can authenticate administrators, based on Active Directory user name or group membership.

Configuration

Field

Explanation and Tips

Properties tab

  • In the Login field, specify the login account.
  • In the Login type field, specify which type of authentication should be used:
    • Select Default to use Windows authentication. If you select this option, specify in the Login field the Active Directory user or group that can authenticate the user.
      • Specify users in the format Domain\User.
      • Specify groups in the format Domain\Group.
    • Select Identity Broker to allow an administrator to sign in with an identity provider as configured in Identity Broker (for example, a Microsoft Azure AD account). Currently, only Windows authentication and UPN are supported.
      • Specify in the Login field the Windows account or UPN of the user, depending on configuration of the Identity Broker.
      • To allow administrators to sign in with their UPN, configure a people identifier UPN, so Ivanti Identity Director can match a person in your environment with the Identity Broker claim.
      • See the Getting Started with the Identity Broker for more information. This document is available at http://success.res.com > Downloads.
  • In the Administrative Role field, assign the login account to one or more administrative roles. This determines the administrative permissions of the login account.
    • To prevent accidental lockout, the first login account that you create is automatically assigned to the default role Full Access. This role grants Modify permissions to all functionality of the Management Portal and the Setup and Sync Tool. You cannot edit or delete this role.
    • If you assign multiple administrative roles, the permissions of all roles are combined, in which the least restrictive permissions apply. See the examples below.

Resulting Security tab

View the outcome of all assigned administrative roles. However, a user may obtain additional permissions at the moment of sign-in, based on the user's membership of Active Directory groups, which may also be assigned administrative roles.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other