Articles in this section

User management explained

  • Updated

Cooperation is one of the core principles of the IXON Cloud. This is why the IXON Cloud offers benefits for multiple people. In order to enable everybody that has access to your IXON Cloud company to do what he or she does best, IXON has an extensive user management system. Through this user management system, you can give users access to the functions they need, to do their job.

Use the links below for easy navigation:

What is user management?

Don't feel like reading? You can watch this video with a brief introduction to IXON's user management system.

User management is a system you can use to determine what permissions a user will get and what devices this user will get to execute these permitted actions for. The infographic depicted below shows how our user management system works. Our user management system consists of three core elements. They are defined in the table below.

Element Definition
Roles A role is a selection of permissions. There are admin and device permissions, and you can add access categories.
Access categories An access category is a selection of pages and services.

Groups

 A group is a selection of devices and users. You can divide groups in different group types.

The role of a user will determine what a user can do. This is partly regulated through permissions for our apps, and partly through permissions to use the pages and services in an access category. Groups put users and devices together. This determines the devices for which a user can execute his or her permissions. The infographic depicted below illustrates the relationships between users, devices and our user management system.

How do I use user management?

You can customise the user management system in your company. This article provides several use cases of how to customise your user management system. Follow the actions described below to fully customise your user management system. 

Frequently asked questions

What exactly are Access categories?

A user role contains permissions (manage devices, manage users, etc), and also access categories. An access category is a special type of permission that gives the user access to certain services (VPN, VNC, or HTTP) and pages.

At the device configuration in the Fleet Manager you configure which services and pages are added to which access category. That, indirectly, determines which services the user can use.

For example, let's say that you have a device that has a VPN service and an HTTP service. You wish for your customer to be able use the HTTP service, but not the VPN service. For convenience, you create two logically named access categories "VPN" and "HTTP". In the Fleet Manager, you assign the "VPN" access category to the VPN service and the "HTTP" access category to the HTTP service. Then you grant the user role "Customer" access to access category "HTTP", but not to "VPN". As a result, your customer will be able to use the HTTP service of this device as intended. At the same time, your customer cannot establish a VPN connection, because their role does not give them access to the "VPN" access category. Make sure to not forget to grant your own, Platform administrator, role access to these newly created access categories as well. Otherwise you are unable to use them.
How do I invite a user with access to a single specific device?

This will grant a user access to a specific individual device. Once invited, you can change their permissions and grant them access to more individual devices, if so desired.

  1. Go to Portal > Users and click onadd.svgInvite users.
  2. At Access level, select Device-specific and then select the device.
  3. Enter the remaining required fields and click Send invite.
How do I invite a user to a group of devices?

This will grant a user access to all devices within a specific group. Once invited, you can change their permissions and grant them access to more groups, if so desired.

  1. Go to Portal > Users and click onadd.svgInvite users.
  2. At Access level, select Group-specific and then select the group.
  3. Enter the remaining required fields and click Send invite.
How can a user invite and manage users within their group?

If a user has been granted Group-specific access and has the permission Manage users in their role, then this user can manage all other users within their group. More specifically, this user can invite new users into their group, remove users from their group, and change the permissions (role) of the users in their group. Note that this user can only see, change, and assign roles that contain the same, or less, permissions as their own role.

For example, let's say there are 3 roles in an IXON Cloud company:

  • Engineer (group-specific) with permissions: Manage devices, Manage users, Access category A
  • Customer manager (group-specific) with permissions: Manage users, Access category A
  • Customer (group-specific) with permissions: Access category A
    In this example it's irrelevant what exactly "Access category A" entails. It's merely used to distinguish different permissions.
In this example, the user that is inviting a new user has the role "Customer manager" and is referred to as "inviter". When inviting a new user, the inviter can select the roles "Customer manager" or "Customer" for the new user. The role "Engineer" cannot be selected and is not even visible, because it contains a permission that the inviter's "Customer manager"-role does not contain (Manage devices). Additionally, if the inviter is part of multiple groups, they can select the group to which they wish to invite the new user.
How can I see which users and devices are in a specific group?

To see which users are in a specific group:

  1. Go to Portal > Users.
  2. Search for the group name.

To see which devices are in a specific group:

  1. Go to Portal > Devices.
  2. Search for the group name.
How can I see what a specific user has access to?
  1. Go to Portal > Users.
  2. Search for the specific user and click on their name.
  3. At the bottom, the Device access summary provides a list of all devices that this user has access to.
  4. If you then click on a device, you'll see the services (VPN, HTTP, and VNC) and device pages that this user can access and use at this specific device.
How do I update my user management?

If your use of the IXON Cloud has outgrown the user management set up that you made a long time ago, it's best to look at it like a blank canvas.

Note that this highly depends on how you have previously set up your user management and how your new situation has changed in comparison, but in general it's best to start with a blank concept of roles and access categories. Then, add roles and access categories as much as your new situation needs. Once this concept is done, check if you can re-use some of the roles and access categories that you already have configured. If you can, this will save you time in updating user's roles and device's access categories.

Once the concept is done, make sure to update all the user's roles to their new roles and also change the access categories at your device's services and pages to suit your new use case.