Add Users

The fields required to setup a user depend on the authentication provider chosen. The following explains these settings for the different providers.

Note: The details below can be used to navigate the "edit user" process as well.

Add a User

  • Click here to access the Users page in the Admin Console
  • Click here for details describing how to bulk import users

Internal (Database) Authentication

As described, configure the common settings: Admin Type, Tenant, and Profile.

Enter the following user information:

  • User Name: the user's username. This is the LOGIN ID of the user. Required.
  • Password: the user's password. Required.
  • Email: the user's email address. Required.
  • First Name: the user's first name. Required.
  • Last Name: the user's last name. Required.
  • Proxy Account 1: the field is used to inject an alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other single sign-on environments (for example, Azure or Snowflake). Optional.
  • Proxy Account 2: the field is used to inject an alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other Single Sign-on environments (for example, Azure or Snowflake). Optional.
  • Phone: the user's phone number (optional). If a phone number is added, it should be formatted with its international prefix. Optional.
  • Secondary Phone: the user's phone number (optional). If a phone number is added, it should be formatted with its international prefix. Optional.
  • Language: the user's default application language.

SAML Authentication

As described, configure the common settings: Admin Type, Tenant, and Profile

Enter the following user information:

  • User Name: the user's username. Required.
    • This is the NOT the official login ID of the user since they will be using SAML. However, the SAML account needs to be associated with an internal username.
  • Password: the user's password. Required.
    • This is the NOT the official password of the user since they will be using SAML. However, the password (which can and should be kept secret) can be used by admins to login to the user's account using the internal password with the internal username.
  • Email: the user's email address. Required.
  • Principal Name: the user's SAML user account name. Required.
    • This is the master key to matching up the SAML token with the user account in Pyramid.
  • First Name: the user's first name. Required.
  • Last Name: the user's last name. Required.
  • Proxy Account 1: the field is used to inject an alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other Single Sign-on environments (for example, Azure or Snowflake). Optional.
  • Proxy Account 2: the field is used to inject an alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other Single Sign-on environments (for example, Azure or Snowflake). Optional.
  • Phone: the user's phone number (optional). If a phone number is added, it should be formatted with its international prefix. Optional.
  • Secondary Phone: the user's phone number (optional). If a phone number is added, it should be formatted with its international prefix. Optional.
  • Language: the user's default application language.

Active Directory Authentication

The Active Directory add process starts with a form to SEARCH for an existing user in the attached Active Directory.

In the search bar:

  • Select a domain that the user belongs to from the drop down
  • Enter a search string
  • Decide if you are searching users (username) or searching groups (group name)
  • Select the appropriate search operation

Click the search button to show the results in the grid below. Select the one or more users to add into the system either by clicking the plus signs or using the checkboxes for bulk selections.

In the last panel "User Settings" make the common selections (which will apply to all the chosen users)

  • Admin Type: (Pro Users only) assign the users to the required admin type.
  • Tenant: assign the users to the required tenant.
  • Profile: (Pro Users only) assign the users to the required user profile.

Click Continue to Edit Roles to go to the Edit Roles panel and assign the selected users to the relevant roles.

Settings Roles

Optionally, after inputting the details for the new users, click the Edit Roles tab to configure and set roles for the newly added users.

  • Click the blue plus signs to add a roles for the user (into the right hand grid).
  • Use the checkboxes to bulk assign roles instead.

Save

Click the green save button to add the users to the system.

Edit a User

To edit an existing user, click on the user from the Users list; the Edit User panel will open. The settings are the same as those described in the Add process above.

When editing a user, there are also several security-based operations available. See below for more.

User Settings

Common Settings

  • User Type: select Professional or Viewer.
  • Admin Type: if the user type is set to Professional.
  • Tenant: select whichever tenant the user should be assigned to.
  • Profile: select the user profile that will be used for the user's experience (Pro, non admin users only)

Other Settings

For Database and SAML systems, all fields can be edited for the user.

For Active Directory most fields are locked, since they were imported from the AD. If corrections need to be made, the changes should be made in the AD and then synchronized into Pyramid.

Extra Settings

Secondary Phone: the phone number in the "Phone" field is the value in the Active Directory. Another phone number may be added in the "Secondary Phone" field; in this case, the secondary phone number will override the phone number imported from the Active Directory. The given phone number must be formatted with its international prefix.

User Security Operations

Admins have several user-centric security operations at their disposal when they open a user's configuration card. Some of these options may only apply depending on the chosen authentication provider and / or authentication method.

User Impersonation

The Impersonate capability allows admins to impersonate a user's account and login to the application as that user. By clicking on the Impersonate button, the admin is re-logged in to the application as that user - showing all the rights, capabilities, settings and access.

To exit the impersonation, the admin should formally log out of the application and then re-login as themselves as normal.

Note: User impersonation is available with an Enterprise license only.

Multi-Factor Authentication Token Reset

If Pyramid's internal Multi-Factor Authentication has been enabled, this button is available for admins to clear any authentication tokens that may have been set for a given user. This capability is useful if the user has somehow lost their settings on their authentication device.

Once cleared, the user will be auto-prompted to reset their authenticator token at their next login.

Force Password Reset

When using Pyramid's internal (database) authentication provider, this button allows admins to force a user to reset their password on their next login to the system. Working with this feature is the option to set the minimum password strength for all new passwords. There is also an option to automatically force a password reset for each and every user on the chosen time-cadence.

Revoke Access Cookie

This button revokes all existing and current sessions on Pyramid for the selected user. The user is then forced to re-login to the application. This powerful capability allows admins to resolve different access scenarios. For example:

  • A user's details have changed (roles, license type, tenant, admin access) , and admins want those changes to take immediate effect - they can revoke the access cookie.
  • If admins want to disable a user's access, they can revoke the access cookie to revoke system access.
  • If an admin wants to reset the MFA token, they can revoke access to force the user to re-enroll in the MFA.
  • If the admin wants a user to reset their password, they can revoke access and force the user to supply a new password (when used in tandem with the force password reset).

Get Authentication Token

This button copies the Authentication key for the selected user to your clipboard. You can use this authentication key during the following processes:

Note: If you are an Enterprise Admin, you can copy the Authentication Key for any user. If you are a Domain Admin, you can only copy the Authentication Keys for users at your tenant. If you are a Basic User you can only authenticate as yourself; go to the System Info page and click the Copy icon alongside the Authentication token.