This page provides a comprehensive list of users who were added through the configuration of both the local Seqrite Identity Provider and prominent external Identity Providers (AD/ADFS/Azure/Google) during the site setup process.
The following details for each user are displayed.
| Column Name | Description |
|---|---|
| User Name | Username as per the IdP details. You can sort the users alphabetically by clicking on this label. |
| First Name | First name of the user. |
| Last Name | Last name of the user. |
| Email ID | Email ID of the user. |
| Dynamic Tags | Dynamic tags assigned to the user. |
| Static Tags | Static tags assigned to the user. |
| Add Filter | To add a filter. |
When you click any user, the above information is displayed in the right panel as shown in the following screenshot.
Actions Available with Users
You can perform the following actions on users.
Seqrite Identity Provider
-
Enable
After a user signs up for Seqrite ZTNA, administrator can enable the user using this option. The user can access the portal they are authorized to access.
-
Disable
To disable a user.
-
Send Invite
If a user added in HawkkEye appears in Seqrite ZTNA for the first time, administrator can send that user an invite to register for Seqrite ZTNA. The user will receive an email with a link to register and log in.
External Identity Providers
-
Enable Two Factor Authentication (2FA)
As a security enhancement, the aministrator has the ability to enable 2FA for users. This feature requires a two-step verification process, thereby providing a higher level of security for the user’s account.
Customers using On-Prem AD (2012/2016/2019) can now integrate a Two-Factor Authentication (2FA) system for end users within their portal. With this setup, end users are required to provide a correct password and subsequently enter a One-Time Password (OTP) to gain access.
Admin Settings
This feature can be enabled or disabled per tenant, providing flexibility and control over the authentication process.
Experience
When 2FA is enabled, end users will follow a two-step login process. First, they enter their username and password. Then, they will be directed to a screen where they are prompted to input the OTP received via email or SMS.If 2FA is disabled, the authentication process remains the same as it is currently. End users can log in using their username and password without an additional OTP requirement.
Real-Time Updates
Any changes made to the Active Directory server will be reflected in the 2FA system. For instance, if a user's mobile number is updated, the OTP will be sent to the newly updated mobile number.
Additional Features- The system provides an option to resend the OTP after 20 seconds, ensuring convenience for end users.
- In cases of repeated failed attempts (5 times), the user account will be automatically blocked for 10 minutes, enhancing security measures.
- All failed login attempts are displayed on the Seqrite ZTNA dashboard, allowing admins to monitor potential security threats effectively.
Compatibility
These capabilities are applicable for users imported through AD 2012, AD 2016, and AD 2019, ensuring a seamless experience across different versions of Active Directory. -
Force Logout
As a Seqrite ZTNA Administrator, you can manage user sessions and enforce immediate logouts across all applications within your account. This guide outlines the steps required to revoke live user sessions, block user access, and configure policies for user management. The web help is designed to ensure a smooth and efficient user management experience.
Revoking Live User Sessions with Force Logout Functionality
The Force Logout functionality is applicable for all Identity Providers (IDPs) including Google, Local, On-prem AD, ADFS, and Azure. For the Seqrite Identity Provider, it is possible to deactivate only enabled users.Note ☛
The Force Logout action ensures that the user is logged out within a maximum of 2 minutes from all active sessions.The Administrator has the capability to revoke active user sessions via both the User Management page and the Visibility page.
User Management Page:
To Force Logout a user from the User Management Page, follow these steps:- Navigate to the ‘User Management’ section within the Admin console.
- Identify and select the specific user whose session needs to be revoked.
- Click ‘Logout’ to initiate a logout for the user.
- This functionality permits a simultaneous logout of up to 10 users at a time.
- If the user’s identity profile is active, a new session can be generated after the current one is revoked.
Visibility Page:
To Force Logout a user from the Visibility Page, follow these steps:- Access the 'Visibility' page within the Admin console.
- Find and select the user for whom you want to revoke the session across all applications.
- In the right panel, navigate to the 'Quick Actions' section and click 'Logout' to terminate all active sessions linked to the user.
Blocking User Access Permanently
Policy Configuration to Disable/Delete Users: Admins have the authority to permanently block user access by adjusting policy configurations or by disabling/deleting a user account.Audit Trail Logging
- All activities related to revoking live user sessions are automatically logged in the audit trail.
- Ensure that you regularly monitor the audit trail for any important updates or changes made to user sessions.