Add new admin accounts that can access Safetica console and set up their permissions.
Safetica allows you to add admin accounts for the console and assign them permissions to view records and modify settings.
The process of adding new admin accounts differs slightly based on whether you have Safetica hosted on-premises or in the cloud.
In on-premises Safetica, you can specify your accounts from scratch and create passwords for them - they are entirely under your management. The cloud-hosted Safetica uses a system of registration emails, and it is the registered person who creates their password.
In this article, you will learn more about:
- Cloud hosting: How to register a new account
- On-premises hosting: How to add a new account
- Access permissions
Cloud hosting: How to register a new account
In cloud-hosted Safetica, you register new accounts via registration emails. Anyone with access to Safetica settings can register new accounts for their colleagues and customers. To register a new account:
- Go to Settings > Accounts and permissions and click Register account.
- Credentials: Enter the email address to which a registration email will be sent and which will be used for signing into the Safetica console.
- Team permissions and General permissions: Assign access permissions to the registered account. Learn more about access permissions here.
4. Click Save. A registration email will be sent to the address, and the account will appear in the list of accounts.
5. The account will become Enabled, after the invited person completes their registration.
The invited person must open the registration email and click the Access Safetica button. They will require a Microsoft account to complete their registration. If their email is not associated with a Microsoft account, they can create one during the registration process.
Confirmation pending: The account will be in a Confirmation pending state, until the invited person completes the registration. You can resend the registration email by clicking Resend registration email on the right.
On-premises hosting: How to add a new account
In the on-premises version of Safetica, you can create admin accounts from scratch, including setting their passwords. Anyone with access to Safetica settings can add new accounts for their colleagues and customers. To add a new account:
- Go to Settings > Accounts and Permissions and click Add account.
2. Credentials: Enter the Email address and Password that will be used for signing in.
Password change: Admins with the Settings and configuration permission can change the password of any account. Admins without this permission can only change their own password by clicking their avatar in the top right corner. You can learn more about password changes here.
3. Personal details: Enter the Full name of the account. This is a user-friendly name used throughout the console for better identification.
4. Team permissions and General permissions: Assign access permissions to the account. Learn more about access permissions here.5. Click Save.
More about access permissions
Permissions for Safetica accounts are divided into two groups - Team permissions and General permissions:
1. Team permissions
Team permissions are bound to the teams selected via the List all teams link (by default, Whole company is selected). The user tree will be filtered so that the account can only display users and records of the team members. You can see an example of how team permission work here.
- User data – accounts with this permission can view user records in the Dashboards and Behavior sections in Safetica console.
- Device management - accounts with this permission can view and manage devices in the Devices section. Includes the Device view permission.
- Device view - accounts with this permission can view devices in the Devices section but cannot manage them (i.e. cannot download installer, move devices to trash, update Safetica Client on devices, etc.).
2. General permissions
General permissions are global and not bound to any particular team. They apply to the Whole company.
- Users and teams - accounts with this permission can view and edit users and teams in the Users section.
- Policies – accounts with this permission can view and edit policies. Includes the Device management permission for the whole company.
- Data destinations, data classification, and categorization – accounts with this permission can view and edit data classifications, app and website categorization, and data destinations.
- Settings and configuration – accounts with this permission can view and edit the Settings, Cloud services, and Scheduled reports sections. Includes the Device management permission for the whole company. This permission is also required to access Safetica Maintenance Console.
Example: User data permission
The admin creates a new account with User data permissions for the Design team.
Such an account will only see users and records from the Design team in the Dashboards and Behavior sections. They will not see the records and users from any other teams, and a grayed-out LIMITED ACCESS label will be displayed in their user tree.
If the account selects such a grayed-out team in the user tree, they will only see records from the Design team.
Example: Device view permission
The admin creates a new account with Device view permissions for the Design team.
Such an account will only have access to the Devises section, where they will only see the devices of the Design team and the users from the Design team in the user tree.
They will not see the users in any other section, and they will not see any of their records. They will not be able to manage devices (i.e. download installer, uninstall or update Safetica Client, move devices to trash, etc).
Read next:
Accounts and permissions: How to disable or enable an account