Users

The user page is the central manager for adding, editing, and deleting users in Pyramid.

The upper panel shows the list of existing users in the system. Click a specific user to show their details in the bottom panel. Use the checkboxes in the top panel and the buttons at the top-right of the user panel to run actions against those users.

User List

The user list at the top of the page shows the following columns:

  • Actions - Edit and delete the user; edit the user's roles and see the audit trail.
  • Status - Enable or disable a user account (without deleting the account).
  • User type - The user type for this user. This indicates the level of access to the app that has been assigned to this user. For more information, see User Type.
  • Cert - The number and level of certificates that the user has earned in the Learning Hub.
  • User Name - The login ID for the user (for database, LDAP, and AD). For SAML, this is merely the matching database ID for the user.
  • Domain - The AD / LDAP domain (only shown if using AD or LDAP).
  • First Name - The user's first name.
  • Last Name - The user's last name.
  • Admin Type - The admin type for this user. This indicates the level of administrative access that has been assigned to this user. For more information, see Admin Type.
  • Tenant - The name of the tenant that the user belongs to. For more information, see Tenancy.
  • Profile - The "profile" that has been set for the user. If this value is blank, the default profile is used. For more information, see Profiles.
  • Phone - The phone numbers for the user.
  • Secondary Phone - The secondary phone numbers of the user.
  • Language - The user's default application language.

Other functions

  • Use the quick search box to find users by username, first name, or last name. For a more refined search, click the search icon at the top of each column in the user list grid.
  • Use the multi-select checkboxes to bulk select users. Once selected:
    • Use the enable / disable macro button to bulk enable / disable users
    • Use the delete macro button to bulk delete users

User Security Buttons

Depending on settings made in the system, various buttons will be presented on a user's security card.

  • Impersonate: This button is available to all admins all the time, to login as a user and impersonate the user's experiences in Pyramid.
  • Clear Token: This button is available if multi-factor authentication has been enabled for one or more web servers. It allows admins to clear the given user's MFA token, forcing them to re-enroll with their authenticator app.
  • Reset Password: This button is available when using the internal authentication provider (database) only. It allows admins to force the user to enter a new password when they next login. Admins can control the strength of the password required in the reset through the internal authentication settings.
  • Revoke Access Cookie: This button is available to admin all the time to revoke and cancel all the current sessions of the selected user - forcing the user to re-login again (see below).
  • Click here for more details about these items.

Adding Users

You can add users from the Admin Console:

  1. In the left-hand menu, select Access > Users.

    2. The Users page opens, showing the current User List in the main body of the page.

  2. From the buttons at the top-right of the page, select the "add" option you require:

    • To add a user, click New User (purple arrow) and select <User Type> from the drop-down. For details of the user types, see User Types. Note: Which options are available on the user type drop-down depend on your licensing.
    • To add users in bulk, click Import (green arrow) and import a list of users as a CSV file.

See below for more details of the Add and Import processes.

Add User

To add a user, you can select a <user type> and provide the details as described in this topic and in the Add Users topic. For more details, see Add Users.

The fields required to setup a user depend on your selected authentication provider.

  • Click here for more details about the Add User form.

Import Users in Bulk

To add users in bulk, you can import a list of users using a CSV file. For more details, see Importing Users

Alternatively, admins can setup provisioning to auto-import and synchronize users with an Active Directory.

Editing Users

Click on the user row in the user list to open the user panel at the bottom of the page for editing.

The fields available for edit depend on the authentication provider chosen. For more detail on the specifics see the Add User help.

Common Settings

The following settings are common to all user setups, regardless of authentication provider.

User Type

The choice of user type indicates the level of access to the app that has been assigned to this user, and what their related capabilities will be. The number of available client licenses purchased determines how many available seats are available for each type. See licensing for more details.

  • Professional Users can access the main client application and usually have access to all its functionalities, except for administrative capabilities. This can be limited by profiles, which can be set at the role or user level.
  • Analyst Users can access a scaled-back "Lite" version of the Discover, Present, Publish, and Tabulate apps. Their capabilities can be further scaled back on a role-by-role or user basis, using profiles.
  • Viewer Users are provided with READ only access to the application through a simplified interface that allows them to view and interact with any visual content (content from the green Discover app), presentation content (the red Present app) and rendered publications (output from the blue Publish app).
  • Basic Users are given access to embedded content items only. The Basic user does not have a profile.

Admin Type

Professional users can be elevated to administrative roles. There must be at least one administrator in the system at all times.

There are two types of admins in the system:

  • Enterprise Admins have complete access to the entire system and its settings.
    • Enterprise Admins can grant roles from any tenant access to content in any other tenant (cross-tenant content).
    • Enterprise Admins can also assign users from different tenants to roles in another tenant (cross-tenant roles).
  • Domain Admins grant each Domain Admin access to specified parts of the system. For more details, see Domain Admin Rights.

Note: that in a multitenant environment, domain admins are limited to actions WITHIN the tenancy they belong to. Enterprise admins can work across tenants.

Tenancy

Every user must belong to a tenant. Initially, users belong to the first tenant in the system - "default". In a single tenant environment, this is the only existing tenant and it will not affect much of the application. In a multitenant environment, there are numerous effects governing both end users and administrators.

Profiles

Profiles are a way to customize the functions of the full client experience for Pro users. As such, the Profile option is available for normal (non-admin) Pro users only. Use the drop down to select a predefined profile for the user. Go to the profile page to add or edit profile definitions

  • User Name: this is the key field for each user, it must be unique in the system. If using an LDAP or Active Directory as the authentication provider, the user name must be unique within each domain of the system.
  • First Name / Last Name: these fields are optional. When integrated with Active Directory or LDAP, these fields are copied from the authentication system.
  • Email: this field is optional, but is HIGHLY RECOMMENDED. Many automated communication systems in the product rely on this email address. When integrated with Active Directory or LDAP, this field is copied from the authentication system.
  • Proxy Account 1: the field is used to inject an alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other single sign-on environments (for example, Azure or Snowflake). Optional.
  • Proxy Account 2: the field is used to inject a second alternative account name to be used with alternative system authentications. For example, the user's Active Directory account needed for Microsoft SSAS authentication, or the user's SAP BW login for onward connection in other single sign-on environments (for example, Azure or Snowflake). Optional.
  • Phone: this field is optional, but is recommended to ensure users receive any phone notifications.
  • Secondary Phone: this field is optional,
  • Language: this field is used to define the user's default application language.