¶ Introduction
Users are the key components of a SASE deployment since security policies are applied to users (or to their devices). At a high level the steps to setting up users are:
- Create users in the Admin Console (which this page focuses on). This creates users in the system but does NOT push the end-user agent (aka “Exium client") to them; that is a later step after policies are configured.
- Configure security policies (see next steps at the bottom of the page)
- Install the Exium Speerity client on the user’s devices (also under next steps)
Let's start with creating groups and users.
¶ Create Groups
Before you create users, setup the Groups that you will assign users to. Groups are important since you can assign policies to entire groups of users rather than individuals. To create Groups,
- Navigate to the MSP admin console : Go to "Companies" and select the desired company name, or access the Customer/ Client Workspace Sign In directly.
- Click on “Users and Devices” followed by “Groups”
- Click on “Add User Group” on the top right of the page
The admin and readonly groups exist by default. We recommend creating groups for “AllEmployees”, “Executives”, and for departments or locations as needed. A user can be a member of multiple groups. Pay attention to the relative priority of the groups; a lower number means that policies for that group have a higher priority when being applied to a single user.
For example, if a user is a member of “Test Group Exium” and “US Team” in the image below then the “US Team” policies will take precedence if there is a conflict.
¶ Creating Users: Three Options
Before you create any users make sure that the customer level settings are setup correctly, especially the Default User Subscriptions and Welcome Email settings (https://docs.exium.net/en/public/Admin_Console/Customer_Setup).
There are three different ways to create users in the admin console. Pick the one that works best for this specific customer.
|
|
User Creation Method |
How it works |
When to Use |
|---|---|---|---|
| 1 | Manual | Create each user manually one by one in the Admin Console. | Use for small customers with less than 30 users. |
| 2 | Spreadsheet Upload | Create multiple users at once by uploading a spreadsheet. | Use for any customer that does not have an IAM system. |
| 3 | Azure AD Integration (or other IAM system) | Link the customer’s Exium account to their Azure AD instance for auto user creation. | Use for any customer that has Azure AD (or other IAM system). |
¶ Manually Create Users
To manually create a user, go to Users in the left navigation and then click on “Add User” on the top right of the tab.
Fill out the form that appears with the user’s information.
The email and mobile phone number will be used to authenticate the user during the agent install process (if the manual install process is used).
User Groups: assign the user to a group if you have setup groups already. You can also do this later by editing the user after it is created.
Very Important. Select the security services for this user. Remember that SIA is Internet security while SPA is for remote access to private networks. Users that do not have SPA turned on will not be able to access internal resources using Exium.
¶ Spreadsheet Upload
To create users in bulk by uploading a spreadsheet, first download the sample CSV file by going to Users in the left navigation and then clicking on the little question mark next to Upload Users.
Find the downloaded file (it is called User_Upload_UserFlow.csv) and fill it out. Some helpful hints:
Phone number: include the country code. For example, (214) 111-1999 for the US (country code +1) will be entered into the spreadsheet as 12141111999.
Groups: populate the group(s) you want the user to be a member of, otherwise you will have to do this manually later.
Security Services: all users created using this method will be assigned the “Default User Subscriptions” that are set at the customer level. You can manually edit these if needed.
Once the spreadsheet is filled out save it as a CSV file and then upload it using “Upload Users” button. The users should populate in the table. Click on a user to verify information and settings.
¶ IAM/Azure AD Integration
If the customer has an Identity and Access Management (IAM) solution such as Azure AD then it is best to link Exium with it to automatically import users from it. Instructions for linking with Azure AD are here. Instructions for other IAM platforms can be found here.
¶ Initiate Welcome Email to the Users
When you add users using one of the methods described above and like to use the User Install method for Client installation and activation, you need to initiate an invite email to the users. You can do this by clicking on the “mail” sign icon against the user (s) name or send in bulk to all users by clicking on the “re-invite users” icon on the top-left as highlighted in the picture below.
The email invite has one hour expiry. In case the client download link in the email expires, admins can re-initiate invite for the users or users can log in via https://service.exium.net/exium/sign-in to download and activate the client.
To learn more about implementing SASE, XDR, IAM/ MFA, and GRC for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.