IT Asset Accounts
Accounts Are Not Users
An “operator” should not be confused with a “user” (in the language of IT Asset Management). IT Asset Management maintains separate records for operator accounts and users:
| • | A user is a computer user, a person engaged in your main line of business who uses one (or more) of your computing assets in the course of business. Users appear in the All IT Asset Users page. |
| • | An operator is a person with privileges to use some or all of IT Asset Management. Every operator must have an account (although some accounts may not be for people, as discussed below). |
Clearly there are many users who never access IT Asset Management, so that those people are in the first group only. If your software asset management (SAM) is contracted out to a service company, then all the operators (the second group) may be employees of the service company; and in this case, there is no overlap between your users and their operators. However, if you manage your software assets in house, then the people in your SAM team may be both users and operators, so that the two groups can overlap.
Types of Account
IT Asset Management supports two types of account:
| • | Account—The account that you can use for interactive access to IT Asset Management pages in Flexera One. This is also called an operator account, as discussed above. |
| • | Service Account—Required to access IT Asset Management through its web API interface. Service Accounts will only be assigned the Administrator role if the IAM account has the common:org:own privilege. Any other service account will need to be assigned a role in the IT Asset Management UI. Service accounts cannot be used to log in to the IT Asset Management web interface, as they are non-interactive accounts. |
Service accounts cannot be created through the UI; they must be created using the Flexera One IAM API. Once a service account is created, visiting the All Accounts page triggers a sync process that creates corresponding compliance operator records.
For details on IAM API endpoints that support service accounts, refer to the Identity and Access Management API documentation. To make requests against IAM API endpoints, a service account must have one or more of the following privileges (as listed in the API documentation):
| • | fnms:application:index |
| • | fnms:asset:index |
| • | fnms:device:create |
| • | fnms:file:show |
| • | fnms:inventory:index |
| • | fnms:license:index |
| • | fnms:operator:index |
| • | common:org:own (grants access to all endpoints) |
For guidance on using service accounts with Flexera One APIs, see Using a Service Account With the Flexera One APIs.
Managing Employee Changes
An employee may leave your company, or be reassigned out of your SAM group.
If you need to have the employee removed from the list of authenticated operators to prevent future logins to the cloud instance of IT Asset Management, please alert your Customer Success Manager or Support.
However, this does not clean up the operator account record in IT Asset Management. In fact, accounts cannot be deleted: instead, you disable the account, as mentioned below. Records of disabled accounts are maintained for historical tracking.
Accounts Page Actions
This page displays all accounts (with or without assigned roles). This page enables you to perform the following activities:
|
Action |
Description |
|
Search for an existing account |
You can search for an existing account. For more information on using the filters and other UI controls, see the topics under Using Lists in IT Asset Management |
|
Enable an account |
Only enabled accounts are allowed to log in to IT Asset Management. To enable an account, select it and click Enable. |
|
Disable an account |
You can disable an account if you want to prevent it using IT Asset Management, or if an operator has left your enterprise. To disable an account, select it and click Disable. |
|
Open an account |
You can click the Name link to view the account details. For more information about account details, see Account Properties. |
|
Create an account |
You can create an operator account, as described in Creating an Account. |
Accounts Page Properties
The IT Asset Accounts page lists the following properties of accounts. Some of these properties are visible by default whereas others are available through Choose Columns.
|
Property |
Description |
|
|
The email ID of the account. Editable in the account properties. |
|
Job title |
The job title of the person using this account. Editable in the account properties. |
|
Last login |
The date and time of the last login by this operator. Not editable. |
|
Login |
The login name or ID of the account. Editable in the account properties. Service accounts in this list are identified by the prefix sa-. |
|
Login duration |
The duration of a login session in days, hours, minutes, and seconds. Not editable. |
|
Name |
The name of the account. The account can be a personal or group account. For example, QA_Group. Editable in the account properties. |
|
Role |
The role assigned to this account. A role determines the features accessible to an account. The Web Service role is by default selected for a service account. For service accounts, roles will need to be manually assigned after the service account is created using the Flexera One IAM API. Editable in the account properties. |
|
Status |
The current status of the account. To use the features of IT Asset Management, an account must be Enabled and assigned with at least one role. Editable in the account properties. |
|
Type |
The type of the account. It can be either a Web service account or an Operator account. The Web service accounts are used to access IT Asset Management through the Flexera web service, and the Operator accounts are used to access IT Asset Management through its user interface. Editable in the account properties. |