Users and Permissions
Controlling what users can see and do in the Ardexa Web App
Access to data stored in the Ardexa's Cloud API can be controlled via User Permissions. This can be managed via the menu: Admin -> Access -> Users tab
Ardexa users and API tokens can be granted one or more permissions to dictate what functionality they can access on the Ardexa Cloud.
Permissions are set when you
[INVITE A NEW USER]or alternatively you edit an existing user via the
[OPTIONS]button at the end of the user's record.
If new users need to be added the list, then an "invite" needs to be sent so they can access your workgroup. Invites can only be performed by Workgroup Owners or users with the Manage access permission.
To invite new users to a workgroup navigate to the menu item: Admin -> Access -> Invites tab
Invite new user.
Note: To invite a new user, you only need their email address.
When invite emails are blocked:
There are rare cases where an invite email has been blocked completely. In which case you will need to add
[email protected]as a "Safe Sender" in your email client, or check your spam folder for the invite email.
If the User has an existing Ardexa account, the new permissions will be added to their existing account once they accept the invitation. If the User does not have an existing account, they will be asked to create one when they accept the invitation.
To view your outstanding invites that have yet to be actioned by the invitee, navigate to: Admin -> Access -> Invites tab
You may also resend invites from this page where the original invite has been lost.
When a user logs in, their browser receives an implicit token which is used to access the Ardexa Cloud for 10 hours. When this token expires, they will have to log in again.
Workgroup access and permissions are set in this token when the user logs in. Therefore, changes to a user's permissions will not take effect until the user logs in again. Keep this in mind when changing a user's permissions:
- 1.If you are increasing a user's permissions, they will need to log in again to utilise the new set of permissions
- 2.If you are reducing a user's set of permissions, or revoking their access to a workgroup entirely, they may retain their current level of access to the system for up to 10 hours
ownershave the ability to mandate all users in the workgroup enable MFA on their accounts.
USERSview will now report the status of MFA for the workgroup. Where MFA is not enabled workgroup-wide the following banner will appear:
To set mandatory MFA for all workgroup users simply click on the
[ENABLE MANDATORY MFA]button. Confirming the dialog will:
- Force all workgroup users to set up MFA on their next login.
- Send an email advising of the new requirement to each user.
- Setting MFA on a workgroup is not easily reversible.
- When MFA is enabled for a user it will apply to all their workgroups.Why? Because MFA applies at user's login, not when they move within workgroups once they are logged into the application.
Once MFA is enabled the banner will report the status as follows:
NB: Once workgroup mandatory MFA is enabled:
- A user cannot disable MFA for their account.They can continue to reset their MFA by going through the standard
[DISABLE]steps within their profile page, which is a necessary requirement. However, at their next login they will be presented with the same step-through wizard to set up MFA.