One of the benefits of LogonBox is the ability to manage users and groups within LogonBox without needing to log into your domain controller. This article shows you how easy it is to manage users from LogonBox itself.
Managing Users
All user management activity is located within the Access Control menu item on the left. From this page, select Users at the top.
Viewing Options
Filters
At the top of the User table LogonBox provides a list of filters from where you can identify specific users, such as users with incomplete profiles.
Password Information
Hitting the plus sign against a user expands to reveal various information about a user.
- Password Policy - LogonBox respects fine grained password policies and from here you can see what has been assigned to the user.
- Password Information - The status of the password assigned to the user can be seen here.
Group Information
Clicking the Groups tab reveals the Active Directory groups the user is assigned to. Entering a value into the input field allows you to assign the user to any AD group. The changes are made instantly against your Active Directory.
Roles Information
Clicking the Roles tab reveals which roles this user belongs to. Roles are defined within LogonBox allowing an admin to determine which permissions are user is granted.
Actions on Users
Against each user are four button which allow you to perform the following.
- Red - The red delete icon allows you to delete the associated user, the user will be removed from Active Directory
- Blue - The blue copy icon allows you to copy the basic attributes of the associated user, useful when you wish to create a new user in your Active Directory
- Purple - The purple edit icon allows you to edit the AD attributes of the associated user, such as email, mobile number etc.
- Green - The green cog icon provides a number of power options as shown in the next section.
Power Actions on Users
Clicking the Green cog icon reveals a number of powerful actions that you can execute against the assoicated user.
- Set Password - This allows the password to be set against the user.
- Impersonate - If encountering any problems you can impersonate the given user and be automatically logged into his account, great for user specific support issues.
- Suspend User - The user will be suspect from LogonBox and not be able to login.
- Ignore Account - User is added to the ignore user list, the user will not be reconciled or visible, useful if you want to hide certain service accounts from LogonBox view.
- Unlock Account - If the user is locked, clicking this will unlock the user with Active Directory.
- Disable Account - The user is disabled from LogonBox and also Active Directory.
- Link Accout - If you have more than one directory connected to your realm, this user can be connected to another user in a different directory, thus, when the user logs into his account, will be able to manage more than one password.
- Set PIN - Set an authentication PIN for this user, if the PIN authentication module is used, this PIN will be used for the user.
Creating a New User
One of the powerful features of LogonBox is the ability to interact directly with your Active Directory, to update users, delete and suspend accounts and so on, but it can also create brand new users within your Active Directory. To do this, click the Create button at the bottom of the User page.
This opens the create user dialog.
From here you can configure various attributes for a user:
- Account - This is account related information such as username, OU, the core of an Active Directory user, all the attributes required to login, Username and Organizational Unit are mandatory fields here.
- General - This is information related to the user's name, Given Name, Display Name and Surname are mandatory fields.
- Office - This tab offers AD attributes pertaining to office information, nothing in here is mandatory.
- Group - From this tab you can assign this new user to any Active Directory group within the OU they have been assigned to, there are no mandatory fields here.
- Password - The final tab requires you to set a password for the new user, this initially uses the default domain policy, the Password is mandatory and can be set to be temporary.
- Address - This tab is located under the Advanced link and allows for additional attributes to be set associated with the users address details.
- Profile - This tab is located under the Advanced link and allows for additonal attributes to be set associated with the user's login profile.
- Telephone - This tab is located under the Advanced link and allows for additonal attributes to be set associated the user's phone number.
- Organization - This tab is located under the Advanced link and allows for additonal attributes to be set associated the user's management details.
Summary
This article has detailed different ways in which LogonBox is able to interact with your Active Dircetory users, from creating new users, to editing and assigning users to different groups and roles.