Support

Accounts

After defining roles, you can do the following:

  • Create individual accounts manually

  • Provision accounts from an identity provider (Idp)

  • Provide a secure access for selected Nexthink support personnel

This section describes how to create a new account manually. To learn how to provision Nexthink accounts from existing accounts in an Idp, refer to the Single sign-on documentation.

Nexthink supports both internal and external management of credentials to authenticate user accounts as follows:

Internally managed
Externally managed

Password-based

single sign-on (SSO)

The credentials are stored in the Nexthink data cloud

SAML authentication

The process verifies the credentials by either internal or external means based on the provided login name:

  • If the login name includes an @ character, Nexthink assumes external user authentication. This username format is known as User Principal Name (UPN) and, for example, may look like this: [email protected]. In this case, the configuration determines the external authentication method, and the account is authenticated using Security Assertion Markup Language (SAML).

  • If the login name does not include an @ character, Nexthink authenticates the account with internally stored credentials.

Accessing accounts

Use the Accounts tab to create internally managed accounts manually. The system creates SSO accounts automatically, using just-in-time (JIT) user provisioning.

Do not use local accounts for granting access to Nexthink personnel. Use Support access instead.

To create an individual account:

  1. Log in as an administrator using the web interface.

  2. Select the Administration module from the main menu.

  3. Under the Account management section, select Accounts to open the dashboard.

  4. Select the Accounts tab.

  5. Select the New account > New account button in the top-right corner of the page to start the wizard.

Setting personal data and roles

  • Username: Enter the name of the user:

    • To use internal authentication, enter the account name, which will be the user login name. In this case, you cannot use the @ character.

    • To use external authentication, enter the username in a format that includes the @ character. If you use SAML authentication, enter the Name ID of the user, as returned by the Idp. Refer to the Single sign-on documentation for more information.

  • Full name: Enter the full name when using internal authentication.

  • Email address: Enter the user’s email address to send notifications.

  • Password: The password field depends on the user authentication method:

    • Users define their password and configure multi-factor authentication (MFA) using the activation email that the system sends. Administrators can perform the following actions:

      • Resend the activation email if the user is not already active.

      • Reset MFA. In this case, the user has to configure MFA again during the next login.

    • Classic: If you use internal user authentication, type in a password for the user and retype it in the Confirm password field. The default minimum password length for an internally managed account is 8 characters; however, this requirement is configurable.

  • Optional: Select the Never automatically sign out this user while they are active box if you want to override the session timeout control. You can configure the session timeout in the Nexthink web interface.

Roles and permissions

  • Main role: Select the account role from the drop-down list. You must create a role first to see it in the list. Refer to the Roles documentation for more information.

  • Additional roles: Enter the name of one or more additional roles to assign them to the account. Additional roles are optional.

Roles (classic)

Select one or several roles (classic) to grant access to Custom dashboard and Finder content, such as:

  • Modules

  • V6 alerts

  • V6 remote actions

Providing support access

Use the Support access tab to provide and monitor a secure access to your Nexthink environment granted to Nexthink personnel. You can provide support access to individual Nexthink personnel, such as Support and Professional Services, or for the entire Nexthink Support Team.

Do not use local accounts to grant support access. The Support access feature is a secure, dedicated feature for this purpose.

To create a new support access:

  • Log in as an administrator using the web interface.

  • Select the Administration module from the main menu.

  • Under the Account management section, select Accounts to open the dashboard.

  • Select the Support access tab.

  • Select the New support access button in the top-right corner of the page to start the wizard.

Setting support access data and roles

  • Grant access to: Select an Individual contact person or the entire Nexthink Support team.

    • Email: If you selected an individual contact person, enter the person's user name, which is their email prefix. The @nexthink.com domain is automatically added.

  • Main role: Select the support access role from the drop-down list. You must create a role first to see it in the list. Refer to the Roles documentation for more information.

  • Additional roles: Enter the name of one or more additional roles to assign them to the support access. Additional roles are optional.

  • Set access expiration: Select Yes to set a time limit after which the support access cannot be used. Both active and expired support accesses are shown on the Support access page with their respective status.

  • Comment: Add an optional comment or description to the support access.

RELATED TASKS

Last updated

Was this helpful?