Multiuser
Last updated
Last updated
Ixkio can support multiple user logins. As with all ixkio features, it's a flexible system to allow for a range of use cases.
Multiuser features are only available on the Flex Pro and Flex Alpha accounts.
Users can be found under Management > Users
Every account has an Account Master which is the primary user account and one which is created when the account is set up. This User cannot be removed.
Account Admin users have the same full permissions over tag management as the Account Master. Each Account can have up to 5 Admin Users.
Each Account can have up to 25 Controlled Users. Controlled Users must be members of a User Group. Depending on permissions, Controlled Users can access ixkio with a user/password login on the Console, with a user/password login on Locus or with an Authentication Card.
Each Account can have to 5 User Groups. Each User Group has :
Permission Settings Controls permission to either view, edit, edit & create or edit, create & delete (full control).
Access Settings Controls access to the system by either Console & Locus or Locus only.
Users can access either Locus or the Console by first scanning an Access Card instead of, or as well as, using a username and password. Access Cards are authentication grade (usually NTAG424) keyfobs or cards that can be provided associated with a Controlled User.
The ixkio multiuser system allows access via both user sign-on and Access Cards. Because of this multi-access facility, management of users is slightly different.
One important aspect is that the only User that can set or change all passwords is the Account Master. Account Admin users can only change Controlled User passwords - they cannot change their own password or other Account Admin passwords.
If a Controlled User loses or wishes to change their password, then they must do so via the Account Master or an Account Admin. If an Account Admin User wishes to change their password, then they must do so via the Account Master only.
Admin Users have the same complete level of access and control over Tag Management as the Account Master. However, Admin Users have different rights over Users :
Admin Users cannot
Create or delete other Admin User accounts
Change the Account Master or other Admin Users login/passwords
Change the status of other Account Admin Users
Admin Users can
Create new User Groups
Edit User Groups
Add, remove or modify Controlled Users
Change login/passwords on any Controlled Users
Change the status of Controlled Users
Because Admin Users have complete control over the platform and over all Controlled Users, be very careful when creating and distributing Admin User Accounts.
To create an Admin User, navigate to Account Management on the main menu, then Users. Click 'Add User' to access the 'Add User' screen. The settings :
User's Name For your internal use only. This will allow you to manage users but is also the name that will appear on Event logs so that you can monitor which users have made changes.
User's Type Admin or Controlled > Set to Admin
Logout Period You can change the amount of time a user will be logged in before having to re-enter login details. If you do not see this option, the login timeframe is 12 hours. This setting applies to both manual login and Access Card login. Additional notes on logout period.
Login Name / Email Users cannot reset their own passwords so there's no requirement to use an email address - but it can be if you feel it easier to manage.
Password As always, ensure you use the most secure password you can.
Administrative Users cannot change their password. Only the Account Master can change Admin User passwords. Admin Users can change passwords for Controlled Users.
Logout Period You can change the amount of time a user will be logged in before having to re-enter login details. If you do not see this option, the login timeframe is 12 hours. This setting applies to both manual login and Access Card login. Additional notes on logout period.
Status You can Deactivate or Delete an account from the status dropdown.
Controlled Users have an adjustable amount of access and control over the Account.
Each Controlled User must be a member of a User Group, therefore you need to create a User Group first and then create a Controlled User.
Navigate to Account Management on the main menu, then 'User Groups'. Click 'Add User Group' to launch the Add User screen. You can edit your User Group at any time.
User Group Name For your internal use only. This will allow you to manage users but is also the name that will appear on Event logs so that you can monitor which users have made changes.
Access This controls whether the user has access to both the Console and App, or just App.
Check Function This controls whether the user has access to the Check Function in the ixkio mobile app.
Locus This controls whether the user has access to the Locus tool suite in the ixkio mobile app.
Console Permissions Controls the amount of access the user will have. Full permission includes the ability to delete elements. Edit Data only allows the user to change element data such as a Tag Name, CUID or Extended Data data. Edit All allows the user to change the names of the elements themselves as well as settings such as Rules.
Console Permission Level This changes the level to which the user has permission. For example, users with Tag Group level permission can make changes (as authorised by their Group Permissions) at the Tag Group, Batch and Tag Code levels. Whereas, a user with Tag Code level permissions can only make changes at the Tag Code level.
Group Permission only applies to edits, moves and deletes. All Controlled Users can view all data at all levels.
Status You can Deactivate or Delete an account from the status dropdown.
Once you have created a User Group, you can create a Controlled User. Navigate to Account Management on the main menu, then Users. Click 'Add User' to access the 'Add User' screen. The settings :
User's Name For your internal use only.
User's Type Admin or Controlled > Set to Controlled
User Group The User Group to which this User should belong. You can edit a User at any time and transfer them to another User Group.
Login Name / Email Users cannot reset their own passwords so there's no requirement to use an email address - but it can be if you feel it easier to manage.
Password As always, ensure you use the most secure password you can. Account Masters or Account Admins will need to provide passwords to Controlled Users. The ixkio platform will not email or provide it to them automatically.
Logout Period You can change the amount of time a user will be logged in before having to re-enter login details. If you do not see this option, the default login timeframe is 12 hours. This setting applies to both manual login and Access Card login. Additional notes on logout period.
Status You can Deactivate or Delete an account from the status dropdown.
Once a user has been created, Account Masters can change all users passwords, user groups and status. Account Admins can change all Controlled Users passwords, user groups and status.
It's possible to change the Status of any single user or a User Group. The 'inactive' status will prevent any user login. If you change a User or User Group status to inactive while the User is logged in, they will instantly be restricted from any further actions.
You can delete a User by changing their status to 'Delete' from their User Details screen (navigate to Account Management on the main menu, then 'Users', then click on the User's Name). You will be prompted to confirm and then you can delete.
To delete a User Group, you must first delete all Users within that Group. Then change the status to 'Delete' and confirm.
The logout period is set in hours. However, the actual hours for 1 day is 22 hours and the actual hours for 5 days is 110 hours.
This is so that a user effectively being asked to log in each day wouldn't accidently pick up the last minutes of the previous day if the log in time was slightly different.
The 5 day period assumes a Monday morning log in which would last until late on Friday. Therefore, the hours are less than a full 5 x 24 hour period.