Users
User administrators can manage users that are authorized to sign in to the portal and the activities that the users can perform.
You can view users in the organization from the Users panel on the Organizations management view. Hover over an icon in the Status column on the Users panel to see details about the status of the user. Hover over an entry in the Last Activity column to see a time stamp for when the activity occurred.
You can update your personal information, change your password, and manage your authentication applications by clicking Account settings from the user-account drop-down menu in the upper-right corner, and then clicking .
Username
The username is the same as the user’s email address. The email address is formatted as {local-part}@{domain}. The maximum length, including the local part and domain, is 320 characters.
The local part is case-sensitive and can contain hyphens, underscores, plus signs, and spaces in addition to letters and numeric characters in supported languages. If the local part contains special characters, you can enclose the local part in double quotes (for example, “John Doe”@company.com). You can also add a comment in parentheses (for example, john(some comment)@company.com).
When running XClarity One in the cloud or on premises without LDAP configured, any users that you invite to your organization must share the same email domain as the organization owner. Inviting users from different email domains is supported only for XClarity One on premises where LDAP is configured.
Local vs corporate users
User administrators can manually add users to their organization using the portal’s local identity-management system. These are called local users.
Users that sign in using an identify provider are referred to as corporate users.
When an identity provider other than LDAP is configured, user accounts are not created automatically. You must manually add each IDP user to XClarity One and assign the appropriate roles.
When the organization is configured to use an LDAP server, XClarity One uses LDAP user groups to determine which users are allowed to sign in. You must manually create LDAP user groups in XClarity One that match the user-group names defined on the LDAP server. XClarity One automatically creates user accounts for users who sign in through LDAP and belong to one or more of the matching user groups. For more information about LDAP user groups, see User groups.
After your company’s external IDP is set up for your organization, local users might also have a corporate user account in the external IDP (using the same email address). The first time a user with both local and corporate user accounts attempts to sign in, the user is prompted to link the two accounts. Those users can then choose whether to authenticate using their local or corporate user account. If you chose to use your corporate user account, and later you want to use your local account, click the link to sign in locally from sign in page.
When using the XClarity One cloud portal, an email is sent to you to link your corporate and local user accounts.
When using a XClarity One local portal, the web interface prompts you to sign in again using your credentials and one-time passcode to link your corporate and local user.
After signing in to the corporate IDP, corporate users can access the XClarity One portal without providing additional credentials. In addition, XClarity One requires multifactor authentication by providing a one-time passcode (OTP) from an authenticator application that is connected to XClarity One.
If the corporate IDP is disabled or removed, all corporate users are disabled. Users with local user accounts can still sign in using local XClarity One credentials.
Organization owners
The user that submits the new-organization request becomes an organization owner. Organization owners, identified by the owner icon (
), can manage users and configure organization-specific settings. In addition, the first organization owner also has full access to the organization by default, including hub and device administrator roles.
Each organization must have at least one active owner; however, at least two owners is highly recommended for redundancy and security.
You can enable the View only toggle to give organization owners read-only privileges, meaning that they can only view information. If this toggle is disabled, organization owners can view information and perform actions on those resources.
Configure an external identity provider
Manage users in the organization, including inviting new users, assigning roles, reset passwords and multifactor authentication, and enabling or disabling users.
NoteOnly organization owners can create local user accounts when your organization uses a corporate identity provider for authentication.Add or remove the owner property from other users. Owners cannot remove the owner property from their own user account.
If you add or remove the owner property from a user that is currently signed in, that user must sign out and then sign in again to see the correct privileges.
View licenses and (on premises only) manage licenses
Manage todos and jobs
View events and alerts, licenses, service tickets, and vulnerabilities for the device
Manage custom alerts
Manage data forwarders
Manage Call Home configurations and contacts
Manage API keys used to for authentication when running scripts
(On premises only) Configure the portal, including network, web proxy, date and time, SMTP email server, usage thresholds, and security certificates
(On premises only) Mange portal update packages and update the portal
(On premises only) Collect and upload XClarity One service data to Lenovo Support
Disabled versus blocked users
A user administrator can disable any users (except themselves) in an organization. A disabled user is prevented from accessing that organization. Disabled users are identified by the Disabled status icon (
) icon on the Users panel.
In certain circumstances, Lenovo can block users in the portal. Blocked users are prevented from accessing all organizations in the XClarity One portal. Blocked users are identified by the Blocked status icon (
) icon on the Users panel.