In This Article


Overview

In general, user profiles are a centralized list of users who have successfully signed into Clearlogin.  If a user has a an account in an identity source like Active Directory, and they successfully authenticate against that account, by default Clearlogin will automatically create a user profile for that user.

In addition to automatically creating user profiles, a Clearlogin administrator can manually create user profiles for users that are not included in an identity source.  An example would be creating user profiles for Clearlogin admin accounts.

If you do not want Clearlogin to automatically create user profiles, sign into the Clearlogin Admin Console, navigate to Settings > Advanced, and deselect Auto Create User Profiles.


Changing the Username attribute of a user account in your identity source (e.g. the samAccountName attribute in Active Directory) will cause the Clearlogin user profile to become orphaned.  When a user signs into Clearlogin after you change their username, a new user profile will be created.


User Profiles & License Counts

User Profiles are used to determine the usage of your Clearlogin allocated seat counts, which has an impact on your licensing costs.  If the number of user profiles exceeds your allocated seat count you may see this reflected on your next invoice/bill from Evolve IP.

When you exceed your allocation, Clearlogin will not stop auto-creating new user profiles, and it will not block sign ins.

If you do not want Clearlogin to automatically create user profiles, sign into the Clearlogin Admin Console, navigate to Settings > Advanced, and deselect Auto Create User Profiles.


User Profile Summary

The user profile summary at the top of the page includes counts for the following:

  • Total number of User Profiles
  • Total number of User Profiles with the Admin role
  • Total allocated seats provisioned to your Clearlogin tenant
  • Total remaining allocated seats based on the total number of user profiles

User profiles assigned the Admin role do not count against your total allocated seats.


The following items are also included in your user profile summary page:

  • Clearlogin Tenant ID:  This is a unique number assigned to your Clearlogin tenant
  • Company Name:  This shows the company name used for the subdomain portion of your login page.
  • Account Number:  This is your unique Evolve IP account number.
  • User/Seat Count:  Shows the number of user profiles used against your allocated seat count.
  • License Type:  This shows the type of Clearlogin licenses you have purchased, and determines the features included with Clearlogin.


User Profile Filters & Search

You can Search for a user profile by Name or Email Address, and you can filter using the following categories:

  • Filter by Role: Filter the results by either the User or Admin roles.
  • Filter by Last Seen:  Numerous ways to filter by the last login time stamp.
  • Filter by Phone Number:  Allows you to filter by whether a phone number is present or not.


User Profile Toolbar

IconDescription

Impersonate User - This allows an admin to sign in as the user (impersonate) to view the user's dashboard and settings.  When you click on the icon to impersonate a user, a new browser tab will open and you will see a banner showing that you are impersonating a user (see below screenshot).

Edit User Profile - This allows you to edit user profile properties.  See the next section in this page for a list of properties and their descriptions.

Password Manager Credentials - This allows you to manage a user's Password Manager credentials for each application.  If needed, you can go here to change/reset a user's application credentials.

Reset Sessions - This allows you to recycle/reset the user's login sessions.  When you click on the icon all active sessions will be immediately reset.  There is no confirmation dialog box.

Send Reset Password Email -This allows you to send an email to the user, which gives them the ability to reset their password from Clearlogin.  However, this only works when Clearlogin has the permissions to reset a password in the user's identity source.  For example, if Clearlogin is configured to change passwords in Active Directory, then this will work.

Delete User Profile - This will delete the user's profile including all sign in activity and security settings.

  • You will be prompted to confirm this action. 
  • This will not delete the user's account in an identity source.
  • If you delete a profile for an active user in an identity source, the next time they successfully sign in, a new profile will be created.
  • When a new profile is created the user will need to resubmit their security information (multi-factor authentication, phone number, security question, etc.)


User Profile Properties

Property NameDescription
EmailThe email property comes from the email attribute in the user account.
UsernameThe username property comes from the username field typed into the login page.
Access RulesThis is a list of access rules that apply to the user.
Role

This shows the user's role:

  • User (default)
  • Admin Read Only
  • Admin
Last Seen

Includes the following:

  • Timestamp of the last successful sign in
  • Public IP address
  • Timestamp of the last sign out
CreatedA timestamp for when the user profile was created.



Add a User Profile

User profiles are a centralized list of users who have successfully signed into Clearlogin.  If a user has a an account in an identity source like Active Directory, and they successfully authenticate against that account, by default Clearlogin will automatically create a user profile for that user.

However, as a Clearlogin administrator you can manually create user profiles for users that are not included in an identity source.

To manually add a new user profile, click the Add New User Profile button.

Property NameDescription
Username

This is required.  It must have a minimum of one character, and it must be unique.  Spaces and special characters are allowed.

After the user profile is created you cannot change the username.  You must delete the user profile and create it again.


Email AddressThis is required, and it must be unique.  You cannot have multiple user profiles with the same email address.
Full NameThis is an optional display name for the user profile.
Phone NumberThis is optional.
Role

This is the user's role, and can be changed to one of the following:

  • User (default)
  • Admin Read Only
  • Admin
Avatar

Manually upload a profile picture for the user. 

  • Recommended size is 196 x 196 pixels
  • Must be less than 1 MB in size.
  • Supported file formats:  JPEG, PNG, GIF



Edit a User Profile

When you edit a user profile, the following properties are available to edit.

General Properties

Property NameDescription
EmailThe email property comes from the email attribute in the user account.
Full NameThe full name property comes from a user's display Name.
Phone NumberThis is defined by the user in their settings.
Role

This is the user's role, and can be changed to one of the following:

  • User (default)
  • Admin Read Only
  • Admin
Avatar

Manually upload a profile picture for the user. 

  • Recommended size is 196 x 196 pixels
  • Must be less than 1 MB in size.
  • Supported file formats:  JPEG, PNG, GIF

Alternate User IDs

Associate a user profile with multiple user IDs (aliases).  This allows you to associate multiple user accounts in an identity source with the same user profile. 

  • Add one or more user IDs and a description
  • You are limited to 5 alternate user IDs

Make sure you click the Update User Aliases button before continuing.

Account Lockout

Determine the lockout status of the user profile.  This will list the lockout status of the Clearlogin user profile and each identity source regardless of whether the user has an account in the identity source.  If the user account is not in an identity source, then it will be listed as Not Applicable.

The Unlock button will be shown in the Action column when a user profile has been locked out.  To unlock a user profile click the Unlock button, which will allow the user to sign into Clearlogin.

One-Time Password (MFA Enrollment)

The Enroll in One-Time Password button is used to start the MFA enrollment process for the user profile.  This allows an admin to perform the MFA enrollment process on behalf of the user.  For example, enrolling a company-owned mobile phone before providing it to the user.

The Remove One-Time Password button is used to remove the current MFA configuration for the user profile.  This allows an admin to reset the user's MFA configuration, and force the user to re-enroll the next time they sign in.

The Skip MFA on Next Login button will suppress the MFA sign in process the next time the user signs in.

Help Desk Challenge

The Help Desk Challenge feature is an additional security layer that allows your support team to verify an end-user by using a call-and-response process.  Depending on the type of challenge process set you will see a question/answer challenge or a passphrase challenge.

You can view the challenge data, or edit the fields to change/update the challenge data on behalf of the user.

Reset Admin Password

This section is only shown for user profiles with the Admin role or the Admin Read Only role.  This allows you to reset the profile's password with an auto-generated password. The password will be emailed to the email address assigned to the admin profile with instructions on how to log in.  For more information, refer to the Manage Admin Profiles article.

If a user profile with the admin or admin read only role is associated with a user account in an identity source, resetting the user profile's password will have no effect.

Change Admin Password

This section is only shown for user profiles with the Admin role or the Admin Read Only role.  This allows you to change the profile's password.

If a user profile with the admin or admin read only role is associated with a user account in an identity source, changing the user profile's password will have no effect.

Alternate Email

The alternate email address is defined by the end user and it's used in the account recovery process.  You can update this field on behalf of the user.

Security Question

The security question section is defined by the end user and it's used in the account recovery process.  You can view the question/answer combination, or update the fields on behalf of the user.

Access Rules

The access rules section shows which access rules have been assigned to the user's profile.  From here you can manually add/remove access rules to the user profile.


Identity Source Attribute Report

From here you can run a report against all of the active identity sources to retrieve all of the available attributes for this user profile.  Depending on the identity source the report may return just a few attributes, or it may return a large number of attributes.

If the user profile is not associated with an identity source, no results will be returned.