Forum Discussion

Tisch's avatar
Tisch
Icon for Neophyte rankNeophyte
29 days ago

Managing Users And Their Settings

So I finally stumbled across the setting where you can now disable descriptions in UI v4's resource tree, which is a huge improvement, but it's kind of kicked me back to another pain point we've had with the software since becoming a customer. Is there any current way for system administrators to actually configure a user's settings/experience, either as an individual or at a group level? I've not seen anything thus far, which means we need to create a lengthy document for all the things a user needs to do to their portal settings so they match what they've seen in our training sessions and/or documentation we create. Even something like a "Test User Permissions" button to temporarily grant you access to their configuration would be a great help.

In a similar vein, shouldn't there be a way to tie Roles to User Groups, rather than manually applying Roles to each user? Someone at LM recently told me in a call that this is generally done by applying Roles to AD groups, but we aren't managing group membership that way. It seems there should be an option for doing this outside of AD membership in the event that's not the primary control mechanism being used.

What are other people doing to manage their users' experiences?

1 Reply

Sort By
  • Joe_Williams's avatar
    Joe_Williams
    Icon for Professor rankProfessor
    29 days ago

    We utilize our identify management system (Okta) to provision users into the portal. Our automation creates the client's role and sets that role's specific permissions. When the client then logs in via Okta, it Just In Time (JIT) provisions the user, pushing their groups with them. This then places them in their specific and proper Role.

    Groups, really are just a way of visually breaking up users in LogicMonitor. We have an out of band automation that runs daily, that places all client users into a specific group, all employees in another and then all API only in their own and lastly the Impersonation Accounts into their own.

    As for impersonation, this has been a thing we have asked for, for a long time. The way around it for us was to automate creation of an account, that is added into the client's role. Then as needed the CSM can login as if they are the client. We prevent client's from creating private dashboards, but they can create dashboards in their specific folder, so there isn't much left that a CSM can't see other then user specific settings.