Skip to main content

Users

Users can be added by any user administrator in the organization.

Learn more
PDF linkXClarity One: Users management

Hover over an icon in the Status column on the Users panel to see details about the status of the user. Hover over an entry in the Last Activity column to see a time stamp for when the activity occurred.

You can update your personal information, change your password, and manage your authentication applications by clicking Account settings from the user-account drop-down menu in the upper-right corner, and then clicking Account security > Signing in.

Username

The username is the same as the user’s email address. The email address is formatted as {local-part}@{domain}. The maximum length, including the local part and domain, is 320 characters.

The local part is case-sensitive and can contain hyphens, underscores, plus signs, and spaces in addition to letters and numeric characters in supported languages. If the local part contains special characters, you can enclose the local part in double quotes (for example, “John Doe”@company.com). You can also add a comment in parentheses (for example, john(some comment)@company.com).

The domain for all users (except service agents) in the same organization must be the same as the organization owner. Only service agents can have a different domain (see Service agents).

User roles

Each user can perform actions based on the roles that are assigned to them in the organization. Each user is assigned one or more of the following roles.

You can enable the View only toggle to give users read-only privileges, meaning that they can only view information. If this toggle is disabled, users can view information and perform actions on those resources.

Important
If you change roles for a user that is currently signed in, that user must sign out and then sign in again to see the correct privileges.

  • User administrator

    User administrators can perform the following actions.

    • Manage users in the organization, including inviting new users, resending invitations, assigning roles, resetting passwords and multifactor authentication, and enabling or disabling users

    • View the external identity provider configuration

    • View and dismiss todos

    An organization must have at least one active user administrator; however, at least two user administrators is highly recommended for redundancy and security.

  • Hub administrator

    Hub administrators can perform the following actions.

    • Manage hubs in the organization, including adding (connecting), removing (disconnecting), and enabling or disabling hubs

    • View devices that are discovered or managed by the hubs

    • Migrate devices from XClarity Administrator

    • Manage todos and jobs

  • Device administrator

    Device administrators can perform the following actions.

    • View hubs

    • Discover and manage devices

    • View managed devices in the organization, including viewing inventory and health, usage metrics, warranties

    • Power off and restart devices

    • (Cloud only) Remotely access the management controller and server console

    • Manage the repository of firmware, device setting configurations, and operating systems

    • Manage device-configuration templates, and deploy templates to devices

    • Deploy specific firmware, device setting configurations, and operating systems to devices

    • Manage device collections, and view health and usage metrics for the entire collection

    • Manage events and alerts, todos, jobs, service tickets, and vulnerabilities for the device

    • Manage scheduled jobs

    • Manage external certificates for device

    • View data forwarders

    • Export data as a report

    • Collect and upload device service data to Lenovo Support

    • (On premises only) View and manage device service data

    • Manage Call Home configurations and contacts

  • Service agent

    The service agent role can be assigned to users that are members of a service-provider organization (see Organizations). This role permits users to be added to other organizations, even though their email domain is different than the email domain of the other organization owners. Note that the email domain for service-agent email addresses must be in the same domain as the service-provider organization owner.

    This role does not give users the ability to perform any actions. When you add service-agent users to your organization, you assign additional roles to those users to determine what actions they are allowed to perform.

    If the service-provider organization is disabled, all service agents in that organization are blocked from all other organizations to which they have access.

    If the organization owner or user administrator of the service-provider organization removes the service-agent role from a user, that user is automatically blocked from all other organizations to which they have access.

    If a service-agent user is disabled or removed from a non-service-provider organization, that user is disabled or removed from only that organization. If a service-agent user is disabled or removed from a service-provider organization, that user is automatically disabled or removed from all organizations, including non-service-provider and service-provider organizations.

    Service agents are identified by the Service Agent icon (Disable user icon) icon on the Users panel.

Organization owners

The user that submits the new-organization request becomes an organization owner. Organization owners, identified by the owner icon (Organization owner icon), can manage users and configure organization-specific settings. In addition, the first organization owner also has full access to the organization by default, including hub and device administrator roles.

Each organization must have at least one active owner; however, at least two owners is highly recommended for redundancy and security.

You can enable the View only toggle to give organization owners read-only privileges, meaning that they can only view information. If this toggle is disabled, organization owners can view information and perform actions on those resources.

Important
If an organization owner leaves the company before assigning ownership to another user, you may contact XClarity One support using the Contact Us webpage to request that the owner account be immediately disabled for 24 hours.
Organization owners can perform the following actions.

  • Configure an external identity provider

  • Manage users in the organization, including inviting new users, assigning roles, reset passwords and multifactor authentication, and enabling or disabling users.

    Note
    Only organization owners can create local user accounts when your organization uses a corporate identity provider for authentication.

  • Add or remove the owner property from other users. Owners cannot remove the owner property from their own user account.

    If you add or remove the owner property from a user that is currently signed in, that user must sign out and then sign in again to see the correct privileges.

  • View licenses and (on premises only) manage licenses

  • Manage todos and jobs

  • View events and alerts, licenses, service tickets, and vulnerabilities for the device

  • Manage custom alerts

  • Manage data forwarders

  • Manage Call Home configurations and contacts

  • Manage API keys used to for authentication when running scripts

  • (On premises only) Configure the portal, including network, web proxy, date and time, SMTP email server, usage thresholds, and security certificates

  • (On premises only) Mange portal update packages and update the portal

  • (On premises only) Collect and upload XClarity One service data to Lenovo Support

Disabled versus blocked users

A user administrator can disable any users (except themselves) in an organization. A disabled user is prevented from accessing that organization. Disabled users are identified by the Disabled status icon (Disable user icon) icon on the Users panel.

In certain circumstances, Lenovo can block users in the portal. Blocked users are prevented from accessing all organizations in the XClarity One portal. Blocked users are identified by the Blocked status icon (Block user icon) icon on the Users panel.