Set Up Initial Accounts and Access Rights

The installing account (example: fnms-admin) defaults to having administrator privileges in your new implementation. An account (such as that installing account) with administrator privileges must do three things to make other operators functional in FlexNet Manager Suite:
  • Gather records of users from Active Directory. For your on-premises implementation, each of your operators must first be known to FlexNet Manager Suite as a user within your enterprise. Since authentication in FlexNet Manager Suite is based on Active Directory accounts, the user must be known within the Active Directory domain where your central application server is located (or a domain that is trusted by the application server's domain).
  • Create an account in FlexNet Manager Suite for each operator, referencing their Active Directory user account.
  • Assign each operator account to the appropriate role(s). All access rights are controlled by roles, and individual operator accounts are assigned to the appropriate role(s) for the access rights they require.

To set up accounts and access rights:

  1. Import data from Active directory:
    1. Log into an inventory beacon in the same domain as your central application server using an account that has local Windows administrator privileges, and open the FlexNet Beacon interface.
      Tip: This may be a convenient time to schedule regular imports from Active Directory. For more information, see the help on Creating a Data Gathering Schedule.
    2. In the Data collection group, click Active Directory, and select the default connection for Current domain.
      Tip: If you do not have an Active Directory connection listed, or you need to import users from a different domain, click the help button and see Inventory Beacons > Importing from Active Directory.
    3. Click Execute Now.
      The Active Directory data is gathered, uploaded to your central application server, saved in the inventory database, and shortly thereafter imported into the compliance database. This process may take some time (in the order of 30 minutes for each 10,000 users recorded in the Active Directory domain).
    4. Return to the web interface for FlexNet Manager Suite and navigate to License Compliance > Reconcile.
      The Reconcile page displays.
    5. Select the Update inventory for reconciliation check box and click Reconcile.
      The Reconcile pending: A license reconcile has been scheduled for processing message displays and the manual reconcile commences.
    6. Press F5 or use your browser's refresh control to update the display until the Status field displays the Success message.
    7. Navigate to Enterprise > All Users, and validate that the user accounts have been imported from Active Directory.
    Once displayed, this listing is not refreshed automatically. Press F5 or use your browser's refresh control to update the display until the data appears.
  2. Ensure that appropriate roles are ready to assign to the future operators:
    1. Navigate to the system menu ( in the top right corner), choose Accounts, and select the Roles tab.
    2. For each unique set of access rights that you need to assign to operators, ensure that there is (or create) a distinct role, and set its rights by expanding the various headings in the accordion and using the controls inside. (For advanced combinations, start by selecting Custom from the drop-down list in each section.) Remember to scroll down and click Save (or Create) when you make any changes.
      For more information, see the online help.
  3. Set up the account for each operator:
    1. Switch to the All Accounts tab.
      This tab lists all existing operator accounts permitted to log in to FlexNet Manager Suite. At this stage, you should expect to see only the installing user's operator account.
    2. Click Create an account.
    3. Enter part of the Active Directory user name in the search field, and click Search.
    4. In the search results list, select the desired user account, and click Get account details.
      FlexNet Manager Suite populates the Name, Email, and Job title (if known) into the respective fields. If desired, you can add further information about this operator's account.
    5. Ensure that the Status is set to Enabled.
      This setting is mandatory to allow the operator to log in. (Conversely, you can disable an account here, if necessary for any reason.)
    6. From the Role drop-down list, select the first role for this operator. You can add additional roles for each operator as required.
      The net effect of all roles on permissions for this account is displayed in read-only mode in the accordion below as you make changes. (Remember that a 'deny' in one role over-rides an 'allow' in another role when the same account is assigned to both roles.)
    7. Click Create.
      A FlexNet Manager Suite operator account is created for the existing Active Directory user. Repeat the account creation process for each operator.