Users (classic)
Nexthink Finder is a Windows-only desktop application whose functionality is now available within the Nexthink web interface. Nexthink can now be used directly from a browser and most functions no longer require an additional desktop application.
After defining profiles and roles for Finder (classic), you can create either:
Individual user accounts manually, or
Provision user accounts from an identity provider.
The section describes how to create a new user account manually. To learn how to provision user accounts to Nexthink from existing user accounts in an identity provider, refer to the Single sign-on documentation.
Nexthink supports both internal and external management of credentials to authenticate users:
Internally managed | Externally managed |
---|---|
Password based | SSO |
The Nexthink web interface stores the credentials |
The process verifies the credentials by either internal or external means based on the provided login name:
If the login name includes a @ character, Nexthink assumes external authentication of the user. The configuration determines the exact external method.
Otherwise, Nexthink authenticates the user with internally stored credentials.
Because the login name of a user provisioned from an identity provider is in the UPN format (username@domain), the provisioned user is authenticated with the help of Security Assertion Markup Language (SAML).
Accessing users
To create an individual user account:
Log in as an administrator using the web interface.
Select the Administration module from the main menu.
Under the Account management section, select Users to open the dashboard.
Click on the Add user button in the top-right corner of the page to start the wizard to create a new user account.
Setting personal data, profile, and roles
Username:
To use internal authentication, enter the desired account (login) name of the user. Note that in this case, the @ character cannot be used.
To authenticate users externally, enter the name of the user in a format that includes the @ character. In the case of SAML authentication, enter the Name ID of the user, as returned by the identity provider. Refer to the Single sign-on documentation for more information.
Full name: if the user is internally authenticated, enter the full name.
Email address: enter the user’s email address for sending notifications.
Password: the password field depends on the authentication method applied to the user:
If the user is internally authenticated, type in a password for the user and retype it in Confirm password field. The default minimum password length for an internally managed account is 8 characters. This requirement is configurable.
If the user is externally authenticated, the Password field becomes uneditable and displays a message Managed externally as soon as the Username includes an @ character.
Optional: check the box for Never automatically sign out this user while they are active if you want to override the session timeout control configured in the Nexthink web interface and never log the user out while active. Note that having a live view of the service keeps the user's status active even without the user’s interaction with the system.
Permissions
Profile: select the user profile from the drop-down list. If the selected profile does not define a particular top node for the view domains of the user because the domain is parameterized, the user is granted all permissions for default content and roles associated with the profile. In this case, select the top nodes of those domains individually.
Optional: if you want the user account to inherit content from one or more roles that do not belong to the assigned profile, click on the Manage roles button and select the desired roles from the Select Roles dialog box. Note that Select Roles does not display roles that already belong to the profile of the user account.
Click Save.
RELATED TASKS
Last updated