Knowledge Base ​ > ​ ​Dashboard ​ > ​ ​Setup & Utilities ​ > ​   Admins and Roles

Admins and Roles

Updated 1 year ago by Shally Maheshwari

The IT admins have to be given more privileges with which they can make the access to Scalefusion Dashboard more secure for users. To achieve this, they can configure certain settings via Admins and Roles section on Dashboard, like:

  • Create and manage Administrators
  • Create and manage Custom Roles
  • Configure Password Policy and Session Management
  • Configure SAML sign in for various Identity Providers

This document describes all about Admins and Roles section.

Before You Begin

  • Have a Scalefusion dashboard account
  • The admin should be in the role of Owner or Co-Account Manager

How to Access

Click on your account profile in the upper right corner. There are two ways to access Admins and Roles:

  1. View and Edit Profile

Click on View and Edit Profile. This will open your Account profile page. Admins and Roles button is present on the top right of this page.

  1. Admins and Roles

Clicking on this directly opens the Admins and Roles page.

Sections under Admins and Roles

Following are the main sections on this page:

  • Administrators
  • Roles & Permissions
  • Security
  • Sign In Settings

Administrators

You can add new Administrators and manage existing ones. To add a new admin:

  1. Click on the Add New Admin button in the upper right corner.
  2. Add Admin window will appear. Enter the details and select the role (to be assigned to this administrator) from the drop-down list.
    Account Expire On: You can set a date on which the account will expire and the admin will not be able to login and access the dashboard post that date.
    System Roles and Custom Roles will be listed in Role drop-down
  1. Click Submit
  2. You will receive an activation email on the email id entered above, to activate. Click on the Activate Your Account And Log in button in your email. Your newly created admin will appear in the Account Profile.
The status is displayed as Expired if the account is expired or De-Activated if it is inactive for the specified time period.
Additional features
  • View the total number of administrators displayed on top
  • Search for administrator(s) by email id or name
  • Download the list in csv format

Roles & Permissions

There are two categories of roles:

  1. System Roles: Scalefusion has some pre-defined roles for users which they can assign while creating administrator(s). They are as follows:

Role Name

Description

Permissions

Group Admin

Group admin can see the devices only for the device groups he/she is assigned

  • Read Only
  • Read and Write

Device Admin

Device admin can see all the devices present in the account

  • Read Only
  • Read and Write

Co-Account Manager

Co-Account Manager has access to all features similar to owner

All Access

Click on View below each system role, to view the permissions enabled for that role. If you want to customize, click on the button Make a copy and make changes to create a role that suits you.
  1. Custom Roles: You can also create your own custom role, enable/disable permissions as per requirement and assign this role to administrators. To create a custom role:
    1. Under the Admin and Roles page, click on the Roles & Permissions tab.
    2. Click on Create New under Custom Roles.
    3. A new page will open. Fill the following details:
      Role Name: Enter a name for this role
      Creating Role: Choose one, whether you want to create role for All Devices or for Device Groups
      Permissions: There are three categories to set permissions:
      • Visibility: Toggle this button to on/off based on whether a particular feature should be visible on the dashboard.
      • All Access: This provides both read and write permissions to the admin.
      • Read Only: This provides read-only permission to the admin.
        Any feature can either be assigned with All Access or Read Only
    4. Once all the permissions are set, click on the Save Role button.
    5. The custom role created will appear on Roles & Permissions page.

Assign a custom role to admin

If you want to assign a custom role to an admin:

  1. Visit Administrators page and click on the three dots in front of an existing admin. Select Edit.

  1. This will open the Edit Admin User window. Here, in the Role drop-down, select a role and Submit

  1. The custom role with all the permissions defined in it, will be assigned to this admin.

Security

In this section, you can do the following:

Enable 2-step verification

If enabled, it adds extra layer of security when you and admins login to dashboard. After password verification, a verification code is sent as a second step which when entered authenticates and lets the admins log in to dashboard. To activate this,

  1. Toggle on the setting Enable 2-step verification.
  2. There are two options. Choose any one:
  • Email: A unique verification code will be sent to the e-mail post verification of password.
  • Google Authenticator: Users need to install Google Authenticator application and enter the Unique verification code displayed in the app, at the time of login.
  1. Click Save after selecting one of the above options.
Password Policy and Session Management

Configure password policy for your account as well as for other admin accounts to secure dashboard access.

  1. To configure, toggle on Password Policy & Session Management setting. This will activate the settings to be configured
Important
Password Policy can be configured by Account Owner or CoAccount Owner. However, it applies to any Administrator role who signs in with Scalefusion account

The policy is not applicable on users who sign in via SAML, GSuite or O365 account
  1. Following are the settings to configure Password Policy

Policy

Description

Minimum Password Length

Select from the drop-down what should be the minimum length of the password. By default it is set to 8. It can be set till 15.

Minimum Number of Digits

Select the minimum no. of numeric digits that should be there in the password. By default it is None. You can either select 1 or 2

Minimum Number of Alphabets

Select the minimum no. of characters that should be there in the password. By default it is None. You can either select 1 or 2

Minimum Number of Lower case Alphabets

Select the minimum no. of alphabets in lower case that should be there in the password. By default it is None. You can either select 1 or 2

Minimum Number of Upper case Alphabets

Select the minimum no. of alphabets in upper case that should be there in the password. By default it is None. You can either select 1 or 2

Minimum Number of Symbols

Select the minimum no. of symbols that should be there in the password. By default it is None. You can either select 1 or 2

Password Expiry Period

Select a time period after which the password expires and user is forced to set a new password. Following are the options:

  • Never Expires (default)
  • In a day
  • In a month
  • In two months
  • Every Quarter
  • Every six months

Maximum Password History List

Select the number of historical passwords that the user cannot use while setting a new password. Following are the options:

  • None (default)
  • Current Password
  • Last Password
  • Last 3 Passwords
  • Last 5 Passwords
  • Last 10 Passwords

  1. Click Save after configuring policy.
  2. You will be asked to enter your current login password. Enter password and click Submit.
  3. The next time you Sign In to the dashboard, you will be asked to configure new password with the rules you have set for configuring new password, provided the existing password does not meet the requirements as per new policy. Following screen will be displayed to change password
  • Change Password within Dashboard

When the admin/owner/co-account owners want to change their password from within dashboard from View and Edit profile, the screen displays rules as per new policy

Enable Automatic Session Timeout

Specify duration after which the user will be automatically logged out from the dashboard. To do so,

Automatic Session Timeout can be set for SAML, GSuite, O365 users as well.

Enter duration: This takes values between 1-1440 and select one unit of time out of minutes, hours or days

Enable Multiple Login Sessions

With this setting, admin can configure if users can sign in to Dashboard from multiple locations or allow only one session at a given time.

By default, this setting is ON which means users can sign in from multiple locations. If set to OFF, the user is allowed to sign in only from one device or browser at a time, that is, they will be auto-logged out from their previous sessions when they sign into a new browser.

  • If user does a fresh login from another device/browser, they will be able to log in to the dashboard while on the existing device/browser, the following message will be displayed:
  • If you wish to continue using on existing device, click Continue. This will log the user in again and log out from other devices.
This setting can also be configured for IdP based Sign-ins viz SAML, GSuite, O365, Active Directory users
Deactivate the Account if the user does not login for (days)

IT Admins can define a period after which the users' Scalefusion account is marked as de-activated if there is no activity from that account. No activity means, the user has not logged in to the account or there is no activity on the Dashboard at all.

Enter number of days (from 1-365) in front of the setting and click Save. The account gets de-activated after the specified no. of days.

If the user tries to login following message will get displayed:

Once an account is deactivated an email will go to the owner, co-account owner and other admins briefing that the email account is deactivated.

Important Points:

  1. Except Co-Account owner and owner, this setting can be configured for any other role
  2. This setting can also be configured for IdP based accounts viz SAML, GSuite, O365, Active Directory users
  3. A de-activated account can be reactivated also. In the Administrators section, click on three dots in front of the account that is de-activated and click Re-Activate. You will get a confirmation box, click Re-activate and the account will be accessible again.
Account Locking settings on invalid Sign In attempts

The admins can also configure account locking settings if there are invalid sign in attempts to the Dashboard.

  1. Following are the configurable settings:

Setting

Description

Number of invalid attempts after which account is locked

Select the number of invalid attempts made to login to Dashboard after which the user's account will get locked. The options are:

  • 3
  • 5
  • 10
  • 15

Duration for which the account should be locked

Select the duration (in minutes) and the account will get locked for that much time:

  • 30
  • 60
  • 120

Send Unlock instructions to the user email

The user gets unlock instructions over email as soon as the account gets locked after specified no. of invalid attempts. Following the instructions, they can unlock their account before it gets unlocked after the configured duration.

If this setting is disabled then the account is enabled automatically after the configured duration.

Send Email Alerts on invalid Sign In attempts

If set to ON, the users get email alerts if there are invalid sign in attempts. The alerts can be sent to the following:

  • Account Owner
  • Co-Account Owner
  • Custom email settings: Enter email addresses to whom such email alerts have to be sent.

  1. Click Save after configuring policy.
  2. You will be asked to enter your current login password. Enter password and click Submit.

Sign In Settings

Configure SAML based Sign In to Scalefusion Dashboard with which you and Admins in your organization with access to Scalefusion will be forced to Sign In using your Authentication provider. To configure SAML, please visit the Integrations help section.

How did we do?

Powered by HelpDocs (opens in a new tab)