Search

4 - User Management (End-User Portal)

Doug Chanin
Doug Chanin
  • Updated

Topic

This article explains how to manage users via the NinjaOne End-User Portal.

Environment

NinjaOne SaaS Backup

Description

You can use the User Management page on the NinjaOne End-User Portal to allow specific users to have elevated access. These users can then interact with the organization and other user accounts or grant permissions to external users who do not have an active backup within the organization. Review the sections below for instructions on granting and managing access.

How to Manage User Access

To manage user access, follow these steps:

  1. Log in to the NinjaOne SaaS Backup End-User Portal.
  2. Select User Management.
  3. Navigate to the Grant Permission tab. This tab displays all users currently included in the backup.

  4. From the Grant Permission tab, you can assign the role to each user from the drop-down menu and activate or deactivate login ability.

    For information on the individual roles, refer to the User Access Levels section below or the attached document at the end of this article.

You can only assign a user a role that is below your own. If you select Group Supervisor, you must also select the department they are an administrator of in the box that will appear just below the role.

User Access Levels

The NinjaOne SaaS Backup End-User Portal has ten access levels for the Business Archiving + Backup product and five access levels for Business Backup. The levels are as follows:

  • Full Admin
    • Full Admins have access to all areas and capabilities. They can view, download, restore, migrate, and search emails from all email accounts. Full Admins can also set user permissions, compliance policies, and legal holds. Full Admins can view logs and set up review processes as well.
  • IT Admin
    • IT Admins can view information, and delete, and deactivate email for all accounts. They can also set up all user settings, but they can't access the Compliance tab. IT Admins can also restore emails from other accounts.
  • Restricted IT Admin
    • This role grants access to nearly all features available to an IT Admin, with specific restrictions to ensure data privacy. Users with this role can:
      • View the list of backed-up accounts.
      • Access account details, including status and the last backup date.
      • Deactivate or reactivate accounts.
      • Add new backups.
      • Configure all user settings. However, they cannot access any metadata, and their permissions exclude the ability to use the Advanced Search and Insight tabs
  • Group Supervisor
    • Group Supervisors have full access to users within the departments in which they are a supervisor. They can restore, migrate, download, search, and view all email accounts within their allotted department. Group Supervisors can set user permissions, but can't access all compliance policies.
  • User
    • Users can only view, download, restore, migrate, and search their own emails. They can't access other accounts or the Compliance tab.
  • User View and Restore
    • Users can only view, restore, and search their own emails and no one else's email account. They cannot access the compliance tab or download or migrate emails.
  • Compliance and Review Officer (NinjaOne SaaS Backup Archiving + Backup Product only)
    • Compliance and Review Officers can access eDiscovery Search, Alerts, View Audit Logs, Retention Policy, Legal Hold, and Review Process tabs. Additionally, they have access to view email, Microsoft OneDrive, and Google Drive for all accounts.
  • Reviewer (Archiving + Backup product only)
    • Reviewers can access the Review Process tab to review emails. However, they cannot set up a new review process.
  • Limited Reviewer (Archiving + Backup product only)
    • Limited Reviewers have access to the Review Process menu but can only review emails within the selected list in the review process.
  • Data Protection Officer (Archiving + Backup product only)
    • Data Protection Officers can access the Review Process Tab and delete messages marked for deletion. The Data Protection Officer can also create tags to classify messages. They can add notes to messages marked for deletion for the audit log. Additionally, Data Protection Officers have access to view email for all accounts.

Enabling Access for External (Delegated) Users

If you have users you are not backing up who want to access your organization, you can add them as an external (also called delegated) user. An external user is someone from outside the organization or someone who is part of the organization, but is someone you have not included in the backup. Only administrators who have access to the User Management page can give access to external users.

  1. From the User Management page, navigate to the Grant Permission tab
  2. Select Add User
  3. Enter the email address of the user you want to invite, and then select a role for the user.
  4. Select the box stating I agree with these Terms and then choose Invite.

The user you added will receive an email with a link to log in and reset their password. 

Important Notes

Keep the following points in mind when adding users:

  • The invitation link will expire 24 hours after you send it.
  • You can check whether the user has accepted the invitation by reviewing the Invitation List tab on the User Management page. You can also resend or cancel the invitation from this same page.
  • Once the user has accepted the invitation and has logged in, NinjaOne SaaS Backup will add them to the user list on the Grant Permissions tab.

When adding external users, be aware of the following:

  • Depending on what level of access you granted them, Users may be able to view your backed-up data.
  • You cannot transfer ownership of the organization to an external user.
  • NinjaOne SaaS Backup captures all activity in the audit log. This information includes external users.
  • Once added, you can revoke access for an external user and inactivate the login permission, but you cannot delete the user from the list. To remove an external user, contact support@dropsuite.com for assistance.

Deactivating Login for a User

  1. Navigate to the User Management page and select the Grant Permission tab
  2. From the list of users, locate the user you want to deactivate.

  3. In the Login Status column, deativate the Login Status toggle switch

    You can reactivate a user by activating the Login Status toggle again.

Enabling Microsoft Azure AD (Entra ID), or Google SSO

Microsoft has recently renamed Azure AD to Entra ID. However, since the NinjaOne SaaS Backup User interface still refers to Azure AD, we have kept that naming convention in this article.

You can now activate Microsoft 365 (M365) Azure AD Single Sign-On (SSO) or Google SSO, which allows users to log in to their backup dashboard using their M365 or Google credentials. This way, users don't have to keep a separate password for the backup End-User portal. When you activate Azure AD or Google SSO in the Grant Permissions tab of the End-User Portal, it activates all users who have access granted to log in.

  1. Navigate to the User Management page and select the Grant Permission column.
  2. Activate Enforce Azure AD SSO Log In or Enforce Google SSO Log In access for all users.
  3. Once activated, all users will have to use their M365 or Google credentials to log in to their backup dashboard. The user would select the option to sign in with either M365 or Google Workspace (GWS) instead of entering their NinjaOne SaaS Backup username and password. You can also inactivate the user login from this same page.
Azure AD or Google SSO will not be activated for external owners by default and will not be affected by the SSO setting options found within the portal. We can activate SSO for the owner per request to support@dropsuite.com.

Assigning Users to Departments

Assigning users to departments can be helpful when you have a lot of users and want to manage them based on specific groups you set up. For example, you could set up a finance department and then add all your finance users to that department so that you can manage them all at once. To do this, follow the steps below:

  1. From the User Management page, select the Assign Department tab.
  2. Select Department Management.
  3. If a needed department is not already on the list, you can add it as follows:
    • Choose Add More.
    • Choose Save Changes.
  4. In Assign Department, assign one or more departments to a user.

To sync the existing departments from your tenant, follow these steps:

  1. On the Assign Department page, you will have an option for each tenant domain to enable Azure AD Department sync. This option will be off by default.
  2. Select the Enable Azure AD Department Sync option to enable it. A dialog box warning will appear, letting you know that the departments will be automatically synced and assigned to the user accounts. Select either Yes, Continue, or Cancel.
  3. Once enabled, NinjaOne SaaS Backup will show a syncing status while it scans the tenant and retrieves the information.
  4. After syncing is complete, the newly added departments will have a blue icon (circle with an i) next to them, indicating that NinjaOne SaaS Backup synced them automatically.
  5. As long as Azure AD Department sync is enabled, NinjaOne SaaS Backup will check weekly for new departments or changes to users' department assignments. If you need to force a sync, you can use the Sync Now option to have it run immediately.

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request