ACCOUNTS AND PERMISSIONS
      Back to home
      1. Safetica
      2. SETTINGS
      3. ACCOUNTS AND PERMISSIONS

      How to add a new account

      Add new admin accounts that can access Safetica console and set up their permissions.

      In this article, you will learn more about:

       

      Introduction: Admin accounts in cloud and on-premises hosted Safetica 

      Safetica allows you to add admin accounts for the console and assign them permissions to view records and modify settings.

      The process of adding new admin accounts differs slightly based on whether you have Safetica hosted on-premises or in the cloud.

      In on-premises Safetica, you can specify your accounts from scratch and create passwords for them - they are entirely under your management. The cloud-hosted Safetica uses a system of registration emails, and it is the registered person who creates their password.

       

       

      Cloud hosting: How to register a new account

      In cloud-hosted Safetica, you register new accounts via registration emails. Anyone with access to Safetica settings can register new accounts for their colleagues and customers. To register a new account:

      1. Go to Settings > Accounts and permissions and click Register account.
      2. Credentials: Enter the email address to which a registration email will be sent and which will be used for signing into the Safetica console.
      3. Team permissions and General permissions: Assign access permissions to the registered account. Learn more about access permissions here.

        4.  Click Save. A registration email will be sent to the address, and the account will appear in the list of accounts.

        5.  The account will become Enabled, after the invited person completes their registration.

      The invited person must open the registration email and click the Access Safetica button. They will require a Microsoft account to complete their registration. If their email is not associated with a Microsoft account, they can create one during the registration process.

       

      Confirmation pending: The account will be in a Confirmation pending state, until the invited person completes the registration. You can resend the registration email by clicking Resend registration email on the right.

       

       

      On-premises hosting: How to add a new account

      In the on-premises version of Safetica, you can create admin accounts from scratch, including setting their passwords. Anyone with access to Safetica settings can add new accounts for their colleagues and customers. To add a new account:

      1. Go to Settings > Accounts and Permissions and click Add account.

        2.  Credentials: Enter the Email address and Password that will be used for signing in.

      Password change: Admins with the Settings and configuration permission can change the password of any account. Admins without this permission can only change their own password by clicking their avatar in the top right corner. You can learn more about password changes here.

        3.  Personal details: Enter the Full name of the account. This is a user-friendly name used throughout the console for better identification.

        4.  Team permissions and General permissions: Assign access permissions to the account. Learn more about access permissions here.

        5.  Click Save.

       

       

      More about access permissions

      Permissions for Safetica accounts are divided into two groups - Team permissions and General permissions:

      1. Team permissions

      Team permissions are bound to the teams selected via the List all teams link (by default, Whole company is selected). The user tree will be filtered so that the account can only display users and records of the team members. You can see an example of how team permission work here.


      • User data –  accounts with this permission can view user records in the Dashboards and Behavior sections in Safetica console. 
        • Shadow copy management - accounts with this permission can create new shadow copies and request and download already created shadow copies. Learn more about shadow copies here.
      • Device management - accounts with this permission can view and manage devices in the Devices section. Includes the Device view permission.
      • Device view - accounts with this permission can view devices in the Devices section but cannot manage them (i.e. cannot download installer, move devices to trash, update Safetica Client on devices, etc.).

       

      2. General permissions

      General permissions are global and not bound to any particular team. They apply to the Whole company.


      • Users and teamsaccounts with this permission can view and edit users and teams in the Users section.
        • Privileged access management - accounts with this permission can grant and revoke the Privileged access for individual users. learn more about privileged access here.
      • Reports and shared layouts - accounts with this permission can create shared layouts, share their private layouts, and delete shared layouts. They can also create, modify, and delete reports.  
      • Policies – accounts with this permission can view and edit policies. Includes the Device management permission for the whole company.
      • Data destinations, data classification, and categorization – accounts with this permission can view and edit data classifications, app and website categorization, and data destinations.
      • Settings and configuration – accounts with this permission can view and edit Accounts and permissions, Settings, and Cloud services. Includes the Device management permission for the whole company. This permission is also required to access Safetica Maintenance Console.

       

      Example: User data permission

      The admin creates a new account with User data permissions for the Design team.

      Such an account will only see users and records from the Design team in the Dashboards and Behavior sections. They will not see the records and users from any other teams, and a grayed-out LIMITED ACCESS label will be displayed in their user tree.

      If the account selects such a grayed-out team in the user tree, they will only see records from the Design team.

       

      Example: Device view permission

      The admin creates a new account with Device view permissions for the Design team.

      Such an account will only have access to the Devises section, where they will only see the devices of the Design team and the users from the Design team in the user tree.

      They will not see the users in any other section, and they will not see any of their records. They will not be able to manage devices (i.e. download installer, uninstall or update Safetica Client, move devices to trash, etc).

      DevisePermssion1

       

      Read next:

      Accounts and permissions

      Accounts and permissions: How to disable or enable an account

      Accounts and permissions: How to change account permissions

      General

      Subscription and license management