Tags
URL C1 account SWG portal SSL Encrypted Traffic Dome Cloud enable widget chart endpoint dashboard file groups Rules exceptions Wi-Fi networks Wi-Fi setup security restrictions iCloud auto containment containment settings virtual file system sandbox environment client access control local configuration Comodo Client Security Rebranding Communication Client Rebranding security client re-brand Comodo Clients application rules global rules Portsets port sets Firewall ruleset rule set rulesets global proxy server global proxy antivirus settings Client Proxy remote control tool Firewall protection firewall settings configuration file export profile PowerShell VBS script Windows Standard Account Endpoint Manager Client Communication (EMCC) server security clients updates vulnerable security patches installed Client Communication Communication Client (CC) submission Communication Client tray icon script OS Patch Third Party Patch Installation Uninstallation Discovery additional package External Device Control external ITarian remote Windows device apps signed-in logged-in identify License wizard on-boarding local Comodo Client Security Mac devices Linux devices MSP customers EM profile Mac OS profile MAC OS X device user device configuration profile copy invoice enrollment Logging Settings SIEM tool external server Account Security mobile console EM device owners ownership remove MAC third party application remote uninstallation software inventory duplicate Name Master Image Golden Image Bulk Installation Package Windows Operating Systems summary information local time External IP address OS summary Devices list MDM profile iOS push certificate create APNs Apple account portal APN Apple Push Notification search bar filter options customer device group group membership managed device trust rating old duplicates removal device name MAC address MSP (Managed Service Provider) Versions Marketing & Sales Customer Relationship Management (CRM) Enroll New Device New Ticket quick actions bar release notes security status activity status profile status Sales funnel Secure Internet Gateway application launch Two factor Time zone Language Lockout time Change Password tokens device enrollment User Groups Manage Profiles User List Management customer report customer assessment customers End-User forms auto response attachments time entry address support User Directory scripts Knowledgebase canned Banlist announcements Hostname mail delivery CommandLine Power Shell PowerShell interface File Explorer Commands Interface Remote devices Remote Tools Paranoid Mode Training Mode Custom Ruleset Safe Mode The charging flow edit contracts Charging Flowchart Global Asset Rates Charging Plans Contracts charges calculated Remove role Edit a role staff interface Exclusions data loss prevention (DLP) network discoveries ITarian Remote Access Tool Tarian Remote Access Tool inactive devices Device removal settings Portal Set-up Malware File Name Security Sub-System communication client UI settings Communication Client Tray remove a department ticket submission configure department synchronize department submit ticket distributing Bandwidths client updates device management Bandwidth conservation malware activity virus scope autoruns Proxy servers fallback flag Inactive discovered devices SNMP Apple Device Enrollment Program set up service explorer manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection Virtual Desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to create new user accounts and user groups in Endpoint Manager

Release Time
06/06/2018
Views
1220 times
Categories
User and Roles
Tags

Background

Users:

Open Endpoint Manager > Click 'Users' > ‘User List'

  • The 'User List' interface lets you add, view and manage users.
     
  • Once you have added users, you can enroll the devices which belong to them. You can enroll iOS, Android, Windows, Mac OS and Linux devices.
     
  • You can then remotely manage and apply security policies to your enrolled devices. You can also create user groups in order to apply policies to multiple devices.
     
  • You can assign roles with different privilege levels to users. A role determines what areas a user can access, and what tasks they can perform.

User Groups:

Open Endpoint Manager > Click 'Users' > 'User Groups'

  • Endpoint Manager lets you to create groups of users to simplify user management. For example, users could be grouped according to existing corporate units ('Sales Dept.', 'Accounts Dept.' etc) or by the type of device they own.
     
  • Once created, you can apply dedicated configuration profiles to a group as required.
     
  • You can also import users/user groups from Active Directory using LDAP. EM periodically synchronizes with Active Directory to ensure its user roster is correct.

Create user accounts

You can add new accounts using any of the following methods:

  • Manually - Add individual users to EM
     
    • Click 'Users' > 'User List' > 'Create User' to start this process.
       
    • You need to specify their name, email address, the company they belong to, and their EM role.
       
    • See Manually add users
       
  • Import from .csv - Import a list of users from a comma-separated values file.
     
    • Click 'Users' > 'User Import' to start this process
       
    • The file should contain the following, separated values: 'Username' (mandatory), 'Email address' (mandatory) and 'Phone number' (optional).
       
    • The file should not contain column headers and each line should contain a single user.
       
    • Users are assigned the role you specify in the import dialog.
       
    • See Import users from a CSV file
       
  • Bulk enroll from Active Directory
     
    • See this wiki page for help to enroll devices through AD group policy and import their users. 

Manually add users

  • Open Endpoint Manager
     
  • Click 'Users' > 'User List'
     
  • Click the 'Create User' button

OR

  • Click the 'Add' button  in the menu bar and choose 'Create User'
     



 

  • Enter the user details and select a role:


 

Username - The login name of the user.

Email - The email address of the user for registration in EM. Account and device enrollment emails are sent to this address. Users need to open the enrollment mail on the target device itself.

Phone Number (Optional) - The contact number of the user.

Company - Choose the company to which the user belongs.

  • MSPs can add users from any company they have added to their account.
     
  • Enterprise and stand-alone customers can only add users to the default company.

Assign role – Choose the new user’s role.



  • Users - This role is typically used for owners of the devices you want to manage. ‘Users’ cannot log in to Endpoint Manager, but you can remove this restriction if required.
     
  • Administrators - Can log in to EM and access all management interfaces. This role can be edited as required.
     
  • Technician - Can log in to EM and access all management interfaces. The technician role has fewer privileges than the administrator role. This role can be edited as required.
     
    • You can also create custom roles with specific privileges. All roles you create will appear in EM the 'Assign Role' drop-down.
       
    • See this wiki page for help to create and manage custom roles.
       
  • Click the 'Submit' button.


 

  • Repeat the process to add more users.

You can now add the user's devices to EM.

Endpoint Manager sends account activation mail to new users with admin roles. They can activate their account and set their login password by clicking the link in the email:


 

Note: By default, users with the role 'Users' do not receive an account activation mail and cannot log in to Endpoint Manager.

Import users from CSV

  • Click 'Users' > 'User List' > 'Import User'
     
  • You can load a list of new users by importing them from a comma-separated values (.csv) file
     
  • You can also specify roles for all users in the list
     
  • After adding a user, you can enroll Windows, Android, iOS, Mac OS and Linux devices for them

Process in brief

  • Create a .csv file with your list of users in Excel or OpenOffice Calc.
     
  • The file should contain the following, separated values: 'Username' (mandatory), 'Email address' (mandatory) and 'Phone number' (optional).
     
  • The file should not contain column headers and each line should contain a single user.
     
  • In the EM admin console, click 'Users' > 'User List' > 'Import User'
     
  • Browse to and select the .csv file you want to import
     
  • Select a company and a role for the imported users
     
  • Upload the file
     
  • The users are imported and enrolled to EM

Requirements for .csv file

  • There are two mandatory fields and one optional field per user account:
     
    • Username (mandatory)
       
    • Email address (mandatory)
       
    • Phone number (optional)
       
  • Each line in the file should contain one user
     
  • The file should not contain column headers

Example:

"james", "james@ditherscons.com", "9876543210"

Import users from a list

  • Click 'Users' > 'User List'
     
  • Click 'Import User' on the top


 

CSV File - Click 'Browse', navigate to the location of your .csv file

Customer - Choose the company to which the users belong.

  • MSP customers can add users from any company they have added to their account.
     
  • Enterprise and EM stand-alone customers can only add users to the default company.

Role - Choose the new user’s role.

See the explanation of the roles above for more details.

Do not send enrollment notifications - Select whether or not notification emails are sent to new users.

Note: Notification mails are only sent to those with ‘Admin’ and ‘Technician’ roles. They are not sent to users who have the ‘Users’ role.

Click 'Import users from List' when finished:



 

Endpoint Manager sends account activation mail to new users with admin/technician roles. They can activate their accounts and set their login password by clicking the link in the mail.

Note: By default, users with the role 'Users' do not receive an account activation mail and cannot log in to Endpoint Manager.

Create user groups

  • Click 'Users' > 'User Groups'
     
  • Click 'Create Group' above the table.


 

  • Name - Type a label for the user group.
     
  • Choose User(s) - Add users to the group.
     
    • Type the first few letters of a username and select from the suggestions.
       
  • Repeat the process to add more users.
  • The group is saved and the group details screen appears:


 

  • Configuration profiles can now be applied to the group. See this help page for help to apply a profile to a user group. 

Note: A single user can be a member of more than one group. Profiles from every group of which the user is a member are applied to the user's device. If the settings in one profile clash with another profile, EM implements the most restrictive setting. For example, if one profile allows the use of the camera but another profile blocks it, then the device is not able to use the camera.

Import user groups from Active Directory

You can configure the Endpoint Manager to access your AD server through the Lightweight Directory Access Protocol (LDAP). You can add multiple LDAP accounts.

Process in brief:

  • Add an LDAP server by specifying its IP address, domain and the login credentials of the AD server:
     
    • Click 'Settings' > 'Portal Set-Up' > select the 'Active Directory' tab > Click 'Add'
       
  • Once added, users and user groups in the AD directory are visible in the 'Active Directory' interface:
     
    • Click 'Settings' > 'Portal Set-Up' > select the 'Active Directory' tab > Click on an AD domain name > Click the 'User Groups' tab
       
  • Select the users and groups you want to import
     
  • Assign roles to users/user groups as required
     
  • Synchronize LDAP with Endpoint Manager
     
  • The selected users/user groups are imported and placed into corresponding groups in EM
     
  • The 'User List' and 'User Groups' interfaces let you view/manage users and enroll user devices.

Notes:

  • Endpoint Manager communicates with Comodo servers and managed devices in order to update data, deploy profiles, synchronize LDAP server via devices and so on.
     
  • You need to configure your firewall accordingly to allow these connections. The details of IPs, hostnames and ports are provided in Appendix 1a and Appendix 1b of the online help guide.

Add an Active Directory and import users/user groups

  • Click 'Settings' > 'Portal Set-Up'
     
  • Click the 'Active Directory' tab


 

  • Click 'Add' to start the 'Login to Active Directory' wizard:

Step 1 - Enter LDAP account details

  • Enter the AD server details


 

LDAP Server Host - The IP address or hostname of the Active Directory (AD) server

LDAP Account Domain - The Active Directory domain name.

Company - Choose the company to which the AD server belongs.

  • ITarian MSP customers can add AD servers for multiple companies.
     
  • ITarian Enterprise and EM stand-alone customers can only select the default company.

LDAP Account Login and LDAP Account Password - The admin username and password required to access the AD server.

Click 'Next'

Step 2 - Synchronization Settings


 

Enable Sync at Business Days – EM will check for and import new users from the AD server once per day, Monday through Friday.

Enable Sync At Weekend - EM will check for and import new users from the AD server on Saturdays and Sundays.

  • Note - you can manually sync at any time by clicking the 'Sync with LDAP' button.

Connection Type - These determine how Endpoint Manager connects to the LDAP server. You can specify a direct connection from the EM server to the AD server, or connect via an enrolled device.

If you choose the second option, you should specify the names of enrolled Windows devices that are in the same network as the AD server.

Click 'Next'

Step 3 - Finish


 

  • Do not send any enrollment notifications - No notification mails are sent to imported users
     
  • Send enrollment notifications to all synchronized new users - Device enrollment emails are sent to imported users. These mails include instructions that tell the user how to add their device to the Endpoint Manager.
     
  • Specify email address to send enrollment notifications for all synchronized new users - Add specific recipients who should receive a notification mail when new users are added. Usually sent to an admin, the mail contains instructions on how to enroll devices for the new users. You can add multiple email addresses here.
     
  • Click 'Finish'

Endpoint Manager connects to the LDAP server as per the configuration. A summary of account settings is shown if the connection is successful:


 

  • Click 'Edit' if you want to change any details, edit the details and click 'Save' to save your settings.
     
  • The synchronization task runs as scheduled in step - 2, and the user groups are added.
     
  • Click 'Sync with LDAP' to instantly sync the user groups between the AD server and EM
     
  • Repeat the process to add more AD servers to import user groups from.

The imported user groups and users are available shown in 'Users' > 'User Groups', and 'Users' > 'User List'.