After defining profiles, you can create either:
Individual user accounts manually, or
Provision user accounts from an identity provider.
The section describes how to create a new user account manually. To learn how to provision user accounts to Nexthink from existing user accounts in an identity provider, refer to the Single sign-on documentation.
Nexthink supports both internal and external management of credentials to authenticate users:
The Nexthink web interface stores the credentials
The process verifies the credentials by either internal or external means based on the provided login name:
If the login name includes a @ character, Nexthink assumes external authentication of the user. The configuration determines the exact external method.
Otherwise, Nexthink authenticates the user with internally stored credentials.
Because the login name of a user provisioned from an identity provider is in the UPN format (username@domain), the provisioned user is authenticated with the help of Security Assertion Markup Language (SAML).
To create an individual user account:
Log in as an administrator using the web interface.
Select the Administration module from the main menu.
Under the Account management section, select Users to open the dashboard.
Click on the Add user button in the top-right corner of the page to start the wizard to create a new user account.
Setting personal data and profile
Username: enter the name of the user:
To use internal authentication, enter the desired account (login) name of the user. Note that in this case, the @ character cannot be used.
To authenticate users externally, enter the name of the user in a format that includes the @ character. In the case of SAML authentication, enter the Name ID of the user, as returned by the identity provider. Refer to the Single sign-on documentation for more information.
Full name: if the user is internally authenticated, enter the full name.
Email address: enter the user’s email address for sending notifications.
Password: the password field depends on the authentication method applied to the user:
If the user is internally authenticated, type in a password for the user and retype it in Confirm password field. The default minimum password length for an internally managed account is 8 characters. This requirement is configurable.
If the user is externally authenticated, the Password field becomes uneditable and displays a message Managed externally as soon as the Username includes an @ character.
Optional: check the box for Never automatically sign out this user while they are active if you want to override the session timeout control configured in the Nexthink web interface and never log the user out while active. Note that having a live view of the service keeps the user's status active even without the user’s interaction with the system.
Profile: select the user profile from the drop-down list. If you haven’t created a profile yet, you must create one first. Refer to the Profiles documentation for more information.