Learn about managing all aspects of user accounts including managing two-factor authentication.
This does not include Zone Management. For details about managing users and their zone assignments from the Setup and Configuration page, see Global Zone Management.
The following topics are described here:
Prerequisites: You have Zone Administrator privileges. Refer to Roles and Permissions.
Note: The default session timeout before a user must login again is 30 minutes.
Accessing the User Accounts page
To access User Accounts, open the Settings menu in the upper-right corner of the console. Click Users.
The following options are available:
Add users to the zone and define their permissions.
View details about a user account.
Export a CSV file containing details about the chosen users.
Remove existing users from a zone.
Manage two-factor authentication settings for users.
Adding a User Account
You can add a new user from the Users tab.
Prerequisites: You must have Zone Administrator permissions. For details see Roles and Permissions.
Click Add User.
In the Add User window, enter the email address for the new user.
Select a role for the new user. You can select from four RBAC or role-based access controls.
Zone Administrator: This user can control all aspects of the Automox console for this zone.
Zone Operator (formerly patch administrator): This user can create, read, modify, and delete all policies and groups.
Patch Operator: This user can create, modify, and delete patch policies. They do not have permission to create or modify a worklet or a required software policy. They can view and run any policy type. They can modify and read groups, however, they cannot associate or disassociate groups with worklets or required software policies.
Read Only: This user only has read access rights.
Billing Administrator: You must have this role to modify billing settings for your organization.
Click Send Invitation.
A user who is new to the account will receive an email invitation from Automox support (firstname.lastname@example.org) that includes a link to create the account.
An existing user to the account will not receive an email.
Viewing User Accounts
The following information is available from the User Accounts page. The columns are not necessarily all shown by default. The columns are sortable.
User ID (hidden by default)
Showing All Columns of Data
The default setting of the User Accounts table does not show all available columns. You can show more data or rearrange how the columns are presented.
Click the Columns button and select the checkboxes to show or hide columns.
You can rearrange the order of the data by dragging the columns to the desired position.
Viewing Details for a User Account
You can view user account information for each user and modify the user role.
Note: You must have Zone Administrator privileges to change the user role for other user accounts within the zone.
Click the email address of the user you want to view account information for.
In the User Account Info dialog box, you can change the user role.
You change the user role from the Role drop-down menu. Select a new user role for the account and click Update Account. For details about user roles, see Adding a User Account.
Click the Actions button to select from the following options. These are described in the following sections.
Exporting User Account Details
You can export a CSV list of account details for a user or multiple users in your zone.
From the User Accounts tab, select the user(s) you want to export information for.
Click Actions → Export User.
In the Export Users dialog box, select the data to be exported or clear the checkbox to not include that information. The following data can be exported:
Click Export User.
A CSV file is downloaded with the information you have selected.
Removing a User Account
You can remove a user from your zone.
Note: It is not possible to remove a Global Administrator.
From the Users tab, select the checkbox for the user you want to remove.
Click Actions → Remove User.
In the Remove User window, click Remove to confirm.
Resetting Two-factor Authentication (2FA)
You can reset two-factor authentication for a user or multiple users.
If the user is a member of any zone that requires two-factor authentication (2FA), resetting 2FA for this user will default them to verification through email. If the user is not a member of a zone that requires 2FA, resetting this user will disable 2FA. See Security for more information.
From the Users tab, select the checkbox for the user(s) you want to reset 2FA for.
Click Actions → Reset User.
Click Reset User.
Enabling Two-factor Authentication (2FA)
You can enable two-factor authentication for a user
From the Users tab, select the checkbox for the user(s) you want to enable 2FA for.
Click Actions → Enable User 2FA.
Click Enable User.
If users do not already have 2FA enabled, this action will set their 2FA status to email.