Helpdesk Configuration Guide

From Swivel Knowledgebase
Jump to: navigation, search


Overview

This document outlines how to setup and configure Swivel Helpdesk Users. Helpdesk users can be setup to manage users in a number of ways, such as to manage all users or will only be able to view the users that are in the same repository or the repository they can manage. Additional restrictions may also be in place such as resetting PIN numbers, administering local repositories and Admin user accounts. Accounts with administrator rights can manage all user accounts. Helpdesk accounts cannot manage or create administrator or other helpdesk accounts.

The Helpdesk Operations User Guide provides information for Helpdesk users to manage users within the Swivel Administration console.


Prerequisites

Swivel 3.x


Creation of Helpdesk Users and Groups

Creating Helpdesk Groups

On the Swivel Administration Console select Repository/Groups, then enter a name for the Group and enter under the Definitions, then the repository for the users to be assigned these permissions, and tick the method to login to the Swivel Administration console, together with the Helpdesk check box . Click Apply to save the settings. Create multiple helpdesk groups as required.


Swivel 393 Groups Helpdesk.jpg


Assigning Helpdesk groups management

Granular Helpdesk management is available from Swivel 3.9 onwards. On the Swivel Administration Console select Policy/Helpdesk, and set allow Helpdesk Users can manage other repositories: to Yes, then select Repository/Groups, scroll down and click on Group Rights. On the Helpdesk Group Management page select Type:

Admin users only - only administrators can manage editable repositories. Helpdesk users have no rights.

Helpdesk users all groups - all helpdesk users (and admin users) can manage all non- admin accounts.

Helpdesk groups - helpdesk users have restricted rights as indicated below. If this option above is selected, then the group rights matrix comes into effect. Across the top of the matrix is a list of repository groups with helpdesk rights. Down the left of the matrix is a list of repository groups without helpdesk or admin rights. Tick checkboxes to indicate which helpdesk groups can manage which user groups." The Swivel groups that can be managed by the Helpdesk groups can be selected. Click on Apply to save the settings. Users will be assigned helpdesk rights when their repository synchronisation occurs.

In the below example, all the helpdesk users can manage the PINsafeUsers, but Group I can only be managed by members of helpdesk Group A and helpdesk Group B


Swivel 393 Groups Helpdesk Group Management.jpg Swivel 393 Groups Helpdesk Group Management configured.jpg


Helpdesk user configuration

Swivel version 3.9.3 onwards contains all the configuration options within one menu. On the Swivel Administration Console select Policy\Helpdesk. Options available are listed below.

Helpdesk Users can manage other repositories: Options: Yes/No, Default: No, This determines if Helpdesk users can manage other repositories.

Helpdesk can reset PINs: Options: Yes/No, Default: Yes, this option can be used to prevent the helpdesk user to setting a PIN number to a known value and they can only use the resend PIN to send the user a new PIN.

Helpdesk Users can administer editable repositories: Options: Yes/No, Default: No, this option can allow or deny the helpdesk user to manage users in a repository which Swivel can write data to.

Helpdesk can view Status page: Options: Yes/No, Default: Yes, this option can allow or deny access to the status page.

Helpdesk can view Log Viewer page: Options: Yes/No, Default: Yes, this option allows or denies access to the log viewer. The log viewer may contain troubleshooting information, but may also provide information on users in differing repositories.

Helpdesk can view reports: Options: Yes/No, Default: No, this option specifies whether or not helpdesk users are allowed to run and view reports.

Helpdesk can manage OATH tokens: Options: Yes/No, Default: Yes, this option specifies whether or not helpdesk users are allowed to allocate OATH tokens to users.

Helpdesk can edit user policy: Options: Yes/No, Default: Yes, this option specifies whether or not helpdesk users can view and alter the Policy settings for individual users in User Administration.

Testing

Known Issues

After an upgrade of Swivel from an older version the Helpdesk user may not be able to see any users until the correct permissions are set.

Swivel versions 3.9 and 3.10 had the ability to manage other Helpdesk users removed, but after popular demand, this feature was added back again in Swivel version 3.10.1. A Patch exists to add the Helpdesk rights for 3.9.6 and 3.10, see Versions FAQ.

Swivel version 3.9.7 When searching for username and logged in as a Helpdesk user, then the search may crash. May affect other versions. Upgrade to resolve.


Troubleshooting

Helpdesk role only allows only sees accounts that have been directly created on Swivel.

Either create helpdesk accounts in the same data source as the users (e.g. AD) or enable the Global helpdesk option, on the Swivel Administration console under Policy > Helpdesk (or Policy > General on older versions).

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=Helpdesk_Configuration_Guide&oldid=5634"