# Users (classic)

{% hint style="info" %}
Nexthink Finder is a Windows-only desktop application whose functionality is now available within the Nexthink web interface. Nexthink can now be used directly from a browser and most functions no longer require an additional desktop application.
{% endhint %}

After defining profiles and roles for Finder (classic), you can create either:

* Individual user accounts manually, or
* Provision user accounts from an identity provider.

The section describes how to create a new user account manually. To learn how to provision user accounts to Nexthink from existing user accounts in an identity provider, refer to the [Single sign-on](/platform/user-guide/administration/account-management/single-sign-on.md) documentation.

Nexthink supports both internal and external management of credentials to authenticate users:

| Internally managed                                | Externally managed                                                                              |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
| Password based                                    | SSO                                                                                             |
| The Nexthink web interface stores the credentials | [SAML authentication](/platform/user-guide/administration/account-management/single-sign-on.md) |

The process verifies the credentials by either internal or external means based on the provided login name:

* If the login name includes a @ character, Nexthink assumes external authentication of the user. The configuration determines the exact external method.
* Otherwise, Nexthink authenticates the user with internally stored credentials.

Because the login name of a user provisioned from an identity provider is in the UPN format (*username\@domain*), the provisioned user is authenticated with the help of Security Assertion Markup Language (SAML).

## Accessing users <a href="#users-classic-accessingusers" id="users-classic-accessingusers"></a>

To create an individual user account:

1. Log in as an administrator using the web interface.
2. Select the **Administration** module from the main menu.
3. Under the **Account management** section, select **Users** to open the dashboard.
4. Click on the **Add user** button in the top-right corner of the page to start the wizard to create a new user account.

## Setting personal data, profile, and roles <a href="#users-classic-settingpersonaldata-profile-androles" id="users-classic-settingpersonaldata-profile-androles"></a>

* **Username**:
  * To use internal authentication, enter the desired account (login) name of the user. Note that in this case, the @ character cannot be used.
  * To authenticate users externally, enter the name of the user in a format that includes the @ character. In the case of SAML authentication, enter the Name ID of the user, as returned by the identity provider. Refer to the [Single sign-on](/platform/user-guide/administration/account-management/single-sign-on.md) documentation for more information.
* **Full name**: if the user is internally authenticated, enter the full name.
* **Email address**: enter the user’s email address for sending notifications.
* **Password**: the password field depends on the authentication method applied to the user:
  * If the user is internally authenticated, type in a password for the user and retype it in **Confirm password** field. The default minimum password length for an internally managed account is 8 characters. This requirement is configurable.
  * If the user is externally authenticated, the **Password** field becomes uneditable and displays a message **Managed externally** as soon as the **Username** includes an **@** character.
* Optional: check the box for **Never automatically sign out this user while they are active** if you want to override the session timeout control configured in the Nexthink web interface and never log the user out while active. Note that having a live view of the service keeps the user's status active even without the user’s interaction with the system.

## Permissions <a href="#users-classic-permissions" id="users-classic-permissions"></a>

* **Profile**: select the user profile from the drop-down list. If the selected profile does not define a particular top node for the view domains of the user because the domain is parameterized, the user is granted all permissions for default content and roles associated with the profile. In this case, select the top nodes of those domains individually.
* Optional: if you want the user account to inherit content from one or more roles that do not belong to the assigned profile, click on the **Manage roles** button and select the desired roles from the **Select Roles** dialog box. Note that **Select Roles** does not display roles that already belong to the profile of the user account.
* Click **Save**.

***

RELATED TASKS

[Single sign-on](/platform/user-guide/administration/account-management/single-sign-on.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/user-guide/administration/account-management/users-classic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.