Skip to main content

Users

Users can be added by any user administrator in the organization.

Hover over an icon in the Status column on the Users panel to see details about the status of the user. Hover over an entry in the Last Activity column to see a time stamp for when the activity occurred.

You can update your personal information, change your password, and manage your authentication applications from the Account settings menu in the upper-right corner.

Username

The username is the same as the user’s email address. The email address is formatted as {local-part}@{domain}. The maximum length, including the local part and domain, is 320 characters.

The local part is case-sensitive and can contain hyphens, underscores, plus signs, and spaces in addition to letters and numeric characters in supported languages. If the local part contains special characters, you can enclose the local part in double quotes (for example, “John Doe”@company.com). You can also add a comment in parentheses (for example, john(some comment)@company.com).

The domain for all users (except service agents) in the same organization must be the same as the organization owner. Only service agents can have a different domain (see Service agents).

User roles

Each user can perform actions based on the roles that are assigned to them in the organization. Each user is assigned one or more of the following roles.

Note
The first user that is created by Lenovo for the organization is assigned all three roles by default, in addition to the organization-owner property.

  • User administrators

    User administrators manage users in the organization, including inviting new users, assigning roles, and enabling or disabling users.

    An organization must have at least one active user administrator; however, at least two user administrators is highly recommended for redundancy and security.

  • Hub administrators

    Hub administrators manage management hubs in the organization, including adding (connecting), removing (disconnecting), and enabling or disabling hubs.

  • Device administrators

    Device administrators can manage devices in the organization, including viewing inventory and health, monitoring and forwarding events and alerts, monitoring jobs, collecting service data, and opening and monitoring service tickets related to those devices. They can also create and manage collections of devices, and monitor health and usage metrics for the entire collection.

    Device administrators also have read-only access to the list of organization users and their associated roles and status.

  • Service agents

    The service agent role can be assigned to users that are members of a service-provider organization (see Organizations). This role permits users to be added to other organizations, even though their email domain is different than the email domain of the other organization owners. Note that the email domain for service-agent email addresses must be in the same domain as the service-provider organization owner.

    This role does not give users the ability to perform any actions. When you add service-agent users to your organization, you assign additional roles to those users to determine what actions they are allowed to perform.

    If the service-provider organization is disabled, all service agents in that organization are blocked from all other organizations to which they have access.

    If the organization owner or user administrator of the service-provider organization removes the service-agent role from a user, that user is automatically blocked from all other organizations to which they have access.

    If a service-agent user is disabled or removed from a non-service-provider organization, that user is disabled or removed from only that organization. If a service-agent user is disabled or removed from a service-provider organization, that user is automatically disabled or removed from all organizations, including non-service-provider and service-provider organizations.

    Service agents are identified by the Service Agent icon (Disable user icon) icon on the Users panel.

Organization owners

The first user that is created by Lenovo for the organization is designated as the organization owner. Organization owners can configure organization-wide settings, such the default Call Home contacts.

Organization owners always have the user-administrator role. You cannot remove the user-administrator role from an owner.

Each organization must have at least one active owner; however, at least two owners is highly recommended for redundancy and security.

Only an owner can add or remove the owner property from another user. Owners cannot remove the owner property from their user account.

If an owner leaves the company before assigning the ownership to another user, you may contact Lenovo XClarity Support (XC1_Support@lenovo.com to request that the owner account be immediately disabled for 24 hours.

Disabled versus blocked users

A user administrator can disable any users (except themselves) in an organization. A disabled user is prevented from accessing that organization. Disabled users are identified by the Disabled status icon (Disable user icon) icon on the Users panel.

In certain circumstances, Lenovo can block users in the portal. Blocked users are prevented from accessing all organizations in the XClarity One portal. Blocked users are identified by the Blocked status icon (Block user icon) icon on the Users panel.