Users and Permissions
    • Dark
      Light
    • PDF

    Users and Permissions

    • Dark
      Light
    • PDF

    Article Summary

    Add users to your DEX environment in app.controlup.com and control their level of access. 

    • To perform user management, you need the Manage Users permission.
    • To set roles and permissions, you need the Manage Roles permission.

    If you created the DEX organization, you have the default Admin role with these permissions assigned.

    Note for ControlUp for VDI & DaaS users

    ControlUp VDI environments have a different user management and permission system. If you use ControlUp for VDI & DaaS, you need to:

    1. Add your users to your DEX environment using the methods in this article.
    2. Set up your VDI environment. To learn how, click here.
    3. Create a VDI user account for each user so they can access your VDI environment from the DEX web application. To create this user account:
      • Each user can register by downloading and running the Real-Time Console, and signing in to your organization.
      • You can add users with a CSV file from your Active Directory. We have a script action that you can use to generate the CSV file. Users added with this method do not need to download the Real-Time Console. To learn more, click here.

    To learn about setting VDI environment permissions, visit Security Policy Overview.

    User management

    Add users
    SAML SSO users
    If you use SAML SSO authentication, you don't need to add users with this method.

    To invite users to your DEX environment:

    1. Go to Global Settings > User Settings > Invite Users.SettingsUsersInviteUsers
    2. Enter the email addresses of the users to invite and assign their roles. You can add multiple email addresses on a single row, separated by a space or a semicolon. You can invite up to 100 users at a time.
      InviteUsersByEmailPage
    3. Click Send Invites.

    The users receive an email with an invitation to access your DEX environment. A user's status changes from Pending to Active once they accept the invitation. The invitation link is valid for 72 hours.InvitedUserStatus

    To resend the invitation link:

    Next to the user's status, click the arrow menu and select Resend Invite.ResendInvitationLink

    Delete users

    Delete a user to remove them from your DEX environment. Note that if you use SAML SSO authentication, then deleted users can create their user account again when they sign in via SAML. To block users from accessing your environment with SAML SSO, you can disable their user accounts.

    To delete a user:

    1. Go to Global Settings > User Settings.SettingsUserSettings
    2. In your list of users, find the user who you want to delete. You can use the search bar at the top of the page.
    3. Click the user's name to open their user settings.
    4. Click Delete User.DeleteUser
    Disable users

    If you disable users, they are temporarily blocked from accessing your DEX environment. Their user settings are saved, and you can activate the user again at any time. You can check the current status of a user by looking at the Status column.

    To disable or activate a user:

    1. Go to Global Settings > User Settings.SettingsUserSettings
    2. In your list of users, find the user who you want to disable or activate. You can use the search bar at the top of the page.
    3. Next to the user's status, click the arrow menu and select Disabled or Active to set the new status of the user.DisableUserFromList

    Roles and permissions

    DEX uses role-based access control (RBAC) to grant user permissions. This means that you assign permissions to roles, and then you add roles to individual users. Individual users can have multiple roles, and they can perform a certain action as long as at least one of their roles includes the permission for that action.

    DEX also lets you set permissions for only specific device groups. For example, you can give a help desk employee permission to perform actions only on devices used by the finance department. To do this, you create a role and limit the permissions in the role to devices in the 'Finance' device group. You then add the role to the help desk employee. Learn more about organizing devices into device groups.

    See details about a role

    To see the permissions in a role, and which users have that role:

    1. Go to Global Settings > Roles.SettingsRoles
    2. Click on a role to open the list of permissions for that role.RolePermissionDetails
    3. To see the users who are assigned the role, click on the Users tab.
    Change a user's role
    There must be one Admin user
    If there is only one user with the Admin role, then you aren't able to change that user's role. There must always be at least one Admin.

    To add or remove user roles:

    1. Go to Global Settings > User Settings.
    2. Click on a user's name.
    3. Click the Roles dropdown and select a role to be added to the user.AddRoleToUser
    4. To remove a role from the user, click the X button on a role.
    5. Click Save.

    To add a role to multiple users at the same time: 

    1. Go to Global Settings > Roles.
    2. Click on the name of a role that you want to add to users.
    3. Go to the Users tab and click Edit Users.RolesEditUsers2
    4. Select the users that you want to give this role using the checkboxes. You can search for users with the search box.
    5. Click Save
    Create a custom role

    Create a custom role and set the permissions for the role.

    1. Go to Global Settings > Roles > New Role:SettingsRolesNewRole
      1. You can also make a copy of an existing role if you only have a few changes to make, and don't want to start from scratch. To do this, click the copy icon on the role you want to copy.
    2. Give the new role a Name and a Description.
    3. Select the permissions you want to add to the role. You can add an entire category of permissions (for example, Access Control), or click the plus icon to add specific permissions within each category.SetPermissionsForNewRole
    4. If you want to limit permissions to only devices in certain device groups, select the Device Groups from the dropdown next to the Device Permissions category. By default, permissions apply to all devices. 
    5. If you want to give the new role to users right away:
      1. Go to the Users tab and click Edit Users. The dropdown shows a list of all of your users.RolesEditUsers2
      2. Select the users that you want to give the new role using the checkboxes and click Apply. Search for users with the search box.
    6. Click Save.

    Block access to a section of the DEX platform

    To completely block a user's access to a section of the DEX platform (for example, User Sentiment or Synthetic Monitoring), you can create a custom role and deselect all permissions in that category. The button to access that section of the DEX platform will be grayed out and unclickable.


    Was this article helpful?