login ixkio.com

Multiuser

Flex Pro Flex Alpha

Ixkio can support multiple user logins. As with all ixkio features, it's a flexible system to allow for a range of use cases.

Multiuser features are only available on the Flex Pro and Flex Alpha accounts.

Basic Multiuser Concepts

Users

Account Master

Every account has an Account Master which is the primary user account and one which is created when the account is set up. This User cannot be removed.

Account Administrators

Account Admin users have the same full permissions over tag management as the Account Master. Each Account can have up to 5 Admin Users.

Controlled Users

Each Account can have up to 25 Controlled Users. Controlled Users must be members of a User Group. Depending on permissions, Controlled Users can access ixkio with a user/password login on the Console, with a user/password login on Locus or with an Authentication Card.

User Groups

Each Account can have to 5 User Groups. Each User Group has :

  • Permission Settings Controls permission to either view, edit, edit & create or edit, create & delete (full control).

  • Access Settings Controls access to the system by either Console & Locus or Locus only.

Access Cards (Beta)

Users can access either Locus or the Console by first scanning an Access Card instead of, or as well as, using a username and password. Access Cards are authentication grade (usually NTAG424) keyfobs or cards that can be provided associated with a Controlled User.

This feature is currently undergoing beta testing with a limited number of customers for a planned full release later in Q4 2022.

Setting Up Multiusers

Overview

The ixkio multiuser system allows access via both user sign-on and Access Cards. Because of this multi-access facility, management of users is slightly different.

One important aspect is that the only User that can set or change all passwords is the Account Master. Account Admin users can only change Controlled User passwords - they cannot change their own password or other Account Admin passwords.

If a Controlled User loses or wishes to change their password, then they must do so via the Account Master or an Account Admin. If an Account Admin User wishes to change their password, then they must do so via the Account Master only.

Account Admin Users

Admin Users have the same complete level of access and control over Tag Management as the Account Master. However, Admin Users have different rights over Users :

Admin Users cannot

  • Create or delete other Admin User accounts

  • Change the Account Master or other Admin Users login/passwords

  • Change the status of other Account Admin Users

Admin Users can

  • Create new User Groups

  • Edit User Groups

  • Add, remove or modify Controlled Users

  • Change login/passwords on any Controlled Users

  • Change the status of Controlled Users

Because Admin Users have complete control over the platform and over all Controlled Users, be very careful when creating and distributing Admin User Accounts.

To create an Admin User, navigate to Account Management on the main menu, then Users. Click 'Add User' to access the 'Add User' screen. The settings :

User's Name For your internal use only. This will allow you to manage users but is also the name that will appear on Event logs so that you can monitor which users have made changes.

User's Type Admin or Controlled > Set to Admin

Logout Period You can change the amount of time a user will be logged in before having to re-enter login details. If you do not see this option, the login timeframe is 12 hours. This setting applies to both manual login and Access Card login. Additional notes on logout period.

Login Name / Email Users cannot reset their own passwords so there's no requirement to use an email address - but it can be if you feel it easier to manage.

Password As always, ensure you use the most secure password you can.

Administrative Users cannot change their password. Only the Account Master can change Admin User passwords. Admin Users can change passwords for Controlled Users.

Controlled Users

Controlled Users have an adjustable amount of access and control over the Account.

Each Controlled User must be a member of a User Group, therefore you need to create a User Group first and then create a Controlled User.

Create a User Group

Navigate to Account Management on the main menu, then 'User Groups'. Click 'Add User Group' to launch the Add User screen. You can edit your User Group at any time.

User Group Name For your internal use only. This will allow you to manage users but is also the name that will appear on Event logs so that you can monitor which users have made changes.

Group Permissions Controls the amount of access the user will have. Full permission includes the ability to delete elements. Edit Data only allows the user to change element data such as a Tag Name, CUID or Extended Data data. Edit All allows the user to change the names of the elements themselves as well as settings such as Rules.

Group Permission Level This changes the level to which the user has permission. For example, users with Tag Group level permission can make changes (as authorised by their Group Permissions) at the Tag Group, Batch and Tag Code levels. Whereas, a user with Tag Code level permissions can only make changes at the Tag Code level.

Group Permission only applies to edits, moves and deletes. All Controlled Users can view all data at all levels.

Group Access This controls whether the user has access to both the Console and Locus, or just Locus.

Create a Controlled User

Once you have created a User Group, you can create a Controlled User. Navigate to Account Management on the main menu, then Users. Click 'Add User' to access the 'Add User' screen. The settings :

User's Name For your internal use only.

User's Type Admin or Controlled > Set to Controlled

User Group The User Group to which this User should belong. You can edit a User at any time and transfer them to another User Group.

Logout Period You can change the amount of time a user will be logged in before having to re-enter login details. If you do not see this option, the default login timeframe is 12 hours. This setting applies to both manual login and Access Card login. Additional notes on logout period.

Login Name / Email Users cannot reset their own passwords so there's no requirement to use an email address - but it can be if you feel it easier to manage.

Password As always, ensure you use the most secure password you can. Account Masters or Account Admins will need to provide passwords to Controlled Users. The ixkio platform will not email or provide it to them automatically.

Managing Users

Once a user has been created, Account Masters can change all users passwords, user groups and status. Account Admins can change all Controlled Users passwords, user groups and status.

Changing Status

It's possible to change the Status of any single user or a User Group. The 'inactive' status will prevent any user login. If you change a User or User Group status to inactive while the User is logged in, they will instantly be restricted from any further actions.

Deleting Users

You can delete a User by changing their status to 'Delete' from their User Details screen (navigate to Account Management on the main menu, then 'Users', then click on the User's Name). You will be prompted to confirm and then you can delete.

Deleting User Groups

To delete a User Group, you must first delete all Users within that Group. Then change the status to 'Delete' and confirm.

Additional Notes

Logout Period

The logout period is set in hours. However, the actual hours for 1 day is 22 hours and the actual hours for 5 days is 110 hours.

This is so that a user effectively being asked to log in each day wouldn't accidently pick up the last minutes of the previous day if the log in time was slightly different.

The 5 day period assumes a Monday morning log in which would last until late on Friday. Therefore, the hours are less than a full 5 x 24 hour period.

PreviousTapStartNextManagement API

Last updated

Copyright TabDesk Ltd 2023