- Created by John Dougherty, last modified on Jan 06, 2021
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 2 Next »
In This Article
Overview
In general, user profiles are a centralized list of users who have successfully signed into Clearlogin. If a user has a an account in an identity source like Active Directory, and they successfully authenticate against that account, by default Clearlogin will automatically create a user profile for that user.
In addition to automatically creating user profiles, a Clearlogin administrator can manually create user profiles for users that are not included in an identity source. An example would be creating user profiles for Clearlogin admin accounts.
If you do not want Clearlogin to automatically create user profiles, sign into the Clearlogin Admin Console, navigate to Settings > Advanced, and deselect Auto Create User Profiles.
User Profiles & License Counts
User Profiles are used to determine the usage of your Clearlogin allocated seat counts, which has an impact on your licensing costs. If the number of user profiles exceeds your allocated seat count you may see this reflected on your next invoice/bill from Evolve IP.
When you exceed your allocation, Clearlogin will not stop auto-creating new user profiles, and it will not block sign ins.
If you do not want Clearlogin to automatically create user profiles, sign into the Clearlogin Admin Console, navigate to Settings > Advanced, and deselect Auto Create User Profiles.
User Profile Summary
The user profile summary at the top of the page includes counts for the following:
- Total number of User Profiles
- Total number of User Profiles with the Admin role
- Total allocated seats provisioned to your Clearlogin tenant
- Total remaining allocated seats based on the total number of user profiles
User profiles assigned the Admin role do not count against your total allocated seats.
The following items are also included in your user profile summary page:
- Clearlogin Tenant ID: This is a unique number assigned to your Clearlogin tenant
- Company Name: This shows the company name used for the subdomain portion of your login page.
- Account Number: This is your unique Evolve IP account number.
- User/Seat Count: Shows the number of user profiles used against your allocated seat count.
- License Type: This shows the type of Clearlogin licenses you have purchased, and determines the features included with Clearlogin.
User Profile Filters & Search
You can Search for a user profile by Name or Email Address, and you can filter using the following categories:
- Filter by Role: Filter the results by either the User or Admin roles.
- Filter by Last Seen: Numerous ways to filter by the last login time stamp.
- Filter by Phone Number: Allows you to filter by whether a phone number is present or not.
User Profile Toolbar
Icon | Description |
---|---|
Impersonate User - This allows an admin to sign in as the user (impersonate) to view the user's dashboard and settings. When you click on the icon to impersonate a user, a new browser tab will open and you will see a banner showing that you are impersonating a user (see below screenshot). | |
Edit User Profile - This allows you to edit user profile properties. See the next section in this page for a list of properties and their descriptions. | |
Password Manager Credentials - This allows you to manage a user's Password Manager credentials for each application. If needed, you can go here to change/reset a user's application credentials. | |
Reset Sessions - This allows you to recycle/reset the user's login sessions. When you click on the icon all active sessions will be immediately reset. There is no confirmation dialog box. | |
Send Reset Password Email -This allows you to send an email to the user, which gives them the ability to reset their password from Clearlogin. However, this only works when Clearlogin has the permissions to reset a password in the user's identity source. For example, if Clearlogin is configured to change passwords in Active Directory, then this will work. | |
Delete User Profile - This will delete the user's profile including all sign in activity and security settings.
|
User Profile Properties
Property Name | Description |
---|---|
The email property comes from the email attribute in the user account. | |
Username | The username property comes from the username field typed into the login page. |
Access Rules | This is a list of access rules that apply to the user. |
Role | This shows the user's role:
|
Last Seen | Includes the following:
|
Created | A timestamp for when the user profile was created. |
Edit a User Profile
When you edit a user profile, the following properties are available to edit.
General Properties
Property Name | Description |
---|---|
The email property comes from the email attribute in the user account. | |
Full Name | The full name property comes from a user's display Name. |
Phone Number | This is defined by the user in their settings. |
Role | This is the user's role, and can be changed to one of the following:
|
Avatar | Manually upload a profile picture for the user.
|
Alternate User IDs
Associate a user profile with multiple user IDs (aliases). This allows you to associate multiple user accounts in an identity source with the same user profile.
- Add one or more user IDs and a description
- You are limited to 5 alternate user IDs
Make sure you click the Update User Aliases button before continuing.
Account Lockout
Determine the lockout status of the user profile. This will list the lockout status of the Clearlogin user profile and each identity source regardless of whether the user has an account in the identity source. If the user account is not in an identity source, then it will be listed as Not Applicable.
The Unlock button will be shown in the Action column when a user profile has been locked out. To unlock a user profile click the Unlock button, which will allow the user to sign into Clearlogin.
One-Time Password (MFA Enrollment)
The Enroll in One-Time Password button is used to start the MFA enrollment process for the user profile. This allows an admin to perform the MFA enrollment process on behalf of the user. For example, enrolling a company-owned mobile phone before providing it to the user.
The Remove One-Time Password button is used to remove the current MFA configuration for the user profile. This allows an admin to reset the user's MFA configuration, and force the user to re-enroll the next time they sign in.
The Skip MFA on Next Login button will suppress the MFA sign in process the next time the user signs in.
Help Desk Challenge
The Help Desk Challenge feature is an additional security layer that allows your support team to verify an end-user by using a call-and-response process. Depending on the type of challenge process set you will see a question/answer challenge or a passphrase challenge.
You can view the challenge data, or edit the fields to change/update the challenge data on behalf of the user.
Reset Admin Password
This section is only shown for user profiles with the Admin role or the Admin Read Only role. This allows you to reset the profile's password with an auto-generated password. The password will be emailed to the email address assigned to the admin profile with instructions on how to log in. For more information, refer to the Manage Admin Profiles article.
If a user profile with the admin or admin read only role is associated with a user account in an identity source, resetting the user profile's password will have no effect.
Change Admin Password
This section is only shown for user profiles with the Admin role or the Admin Read Only role. This allows you to change the profile's password.
If a user profile with the admin or admin read only role is associated with a user account in an identity source, changing the user profile's password will have no effect.
Alternate Email
The alternate email address is defined by the end user and it's used in the account recovery process. You can update this field on behalf of the user.
Security Question
The security question section is defined by the end user and it's used in the account recovery process. You can view the question/answer combination, or update the fields on behalf of the user.
Access Rules
The access rules section shows which access rules have been assigned to the user's profile. From here you can manually add/remove access rules to the user profile.
Identity Source Attribute Report
From here you can run a report against all of the active identity sources to retrieve all of the available attributes for this user profile. Depending on the identity source the report may return just a few attributes, or it may return a large number of attributes.
If the user profile is not associated with an identity source, no results will be returned.
- No labels