Skip to main content
日本語 简体中文 繁體中文

[Access Control] New User Creation / Edit

Target

  • Access Control Administrator

Purpose

  • This page explains the procedure to create/edit a user from the Access Control Administration screen.

Notes

  1. This article is based on the product specifications as of March 2025 and may change without notice.
  2. Global administrator privileges for Access Control are required to verify the actual screen and change settings.
  3. Please refer to the following article for how to access the Administration screen.
    How to access the HENNGE Access Control Administration screen
  4. If you are synchronizing users from Active Directory to Access Control, this task is not necessary.

Procedure

Create/Edit a user individually

1. Access the [User] - [Users] from the Access Control administration screen.

2. Click [+ Add User] in the upper right, or select the user you want to edit from the user list.
For how to search for registered users, please refer to the article below.
Search for a user

3. Enter/edit required items and click the [Save] or [Set as Expiring] button in the lower right.
※ For an explanation of each item, please check Items (Create/Edit User).

Create/Edit users in bulk

For details, please refer to the following articles.
User Batch Registration
Access Control User Batch Update

Items (Create/Edit User)

When creating/editing a user, please confirm and prepare the following information in advance.

Item Description Description
Username A unique value to identify the user in Access Control This is the value the User will enter on the Access Control Login screen.
The Username can be up to 64 characters and the following strings are available.
  • Half-width alphabet (a-z, A-Z)
  • Half-width numbers (0-9)
  • Underscore (_)
  • Dash (-)
  • Period (.)
  • At mark (@)
Initial password The password the user will use for the first Login Displayed only when creating a new User.
Password Change Policy The expiration date of the user's password
  • Force password change: Requires a forced password change at the next Login.
  • Password never expires: No expiration date is set for the Password.
  • Follow Domain Configuration: Follows the expiration settings within [Domain Settings] under [Password Related Settings].
Family name User's [Family name] information Can be set up to a maximum of 256 characters.
Given name User's [Given name] information Can be set up to a maximum of 256 characters.
(Only when integrated with Microsoft 365) Display Name User's [Display Name] information Can be set up to a maximum of 256 characters.
(Only when integrated with Microsoft 365) UserPrincipalName User's [UserPrincipalName] Attribute

Set the same value as the username (UserPrincipalName) in this user's Microsoft 365.

(Only when integrated with Google Workspace) Email Address (SAML UID) User's [Email Address] information Set the same value as the email address in this user's Google Workspace.
(Only when integrated with Google Workspace) Google Provisioning Provisioning settings to Google Workspace for creation, editing, and deletion related to this user

When user provisioning or password provisioning is enabled in [Domain Settings], set whether to provision to Google Workspace for creation, editing, and deletion related to this user.

  • Include: Creation, editing, and deletion related to this user will be provisioned to Google Workspace.
  • Exclude: Creation, editing, and deletion related to this user will not be provisioned to Google Workspace.

If a user who was [Excluded] is set to [Include] when there is a surplus of licenses in Google Workspace, the relevant user information in Access Control will be provisioned immediately.
If there is no surplus of licenses in Google Workspace, "An error occurred during creation. Please try again" will be displayed.
Note that even if a user who was [Included] is set to [Exclude], the user on Google Workspace will not be suspended or deleted.

Custom Attributes User's [custom attributes] 

If a custom attribute is created in advance, this item can be edited.
Up to 256 characters can be set.

For information on how to create custom attributes, please refer to the following article.
Create Custom Attributes

Account Status
User's account status settings

Displayed only on the user information edit screen.

  • Enabled: The user can log in.
  • Disabled: The user cannot log in.
  • Locked Out (cannot be set manually, only displayed when the user is locked out): The user is locked out due to multiple incorrect password entries.
    ※ To unlock, the admin can set this value to "Enabled" to unlock.
Role Access Control permission settings for accessing the Administration You can select from the following.
※ All administrators have viewing rights to all pages and can download log files (CSV).
1. User: Cannot access the Administration menu.
2. Global Admin: Has editing rights to all menus.
3. Device Certificate and Secure Browser Admin: Has both the rights of ④ and ⑤ below.
4. Device Certificate Admin: Has the rights to issue, deny, and edit Device Certificates.
5. Secure Browser Admin: Has the rights to approve, deny, and edit Secure Browsers.
6. Read Only Admin: Does not have editing rights to any menu.
Self Password Reset Setting up an email address for Self Password Reset

If the Self Password Reset feature is enabled, set up an email address for Self Password Reset.
※ If the User sets up the email address, please configure it individually from the User Portal under [Password Settings] - [Configure Password Reset].

For an overview of the Self Password Reset feature, please refer to the following article.
HENNGE Access Control Self Password Reset Feature Overview

Force logout
Force this User to log out from Access Control ※ This does not log out from services linked with Single Sign-On.
OTP type
OTP type settings

Displayed only in the User Information edit screen.

You can select from HENNGE Lock or Email.
In [Domain Settings], you can configure whether to allow this User to use the services for which Single Sign-On has been set up.

  • Not configured: OTP is not set.
  • Email: OTP is set via Email.
  • OTP via Smartphone: OTP is set via an Authenticator app other than HENNGE Lock.
  • HENNGE Lock for Android: OTP is set via HENNGE Lock for Android.
  • HENNGE Lock for iOS: OTP is set via HENNGE Lock for iOS.
  • Unknown - OTP via Smartphone or Not Configured: OTP is available, but the registration method cannot be confirmed. This may be displayed when Users are registered in bulk.
OTP Emergency Token Issuance of OTP emergency token -
Access Policy Groups Specification of the access policy group to which the user belongs By selecting [View policy group details], you can check the setting details of the access policy group assigned to the user.
For information on how to create an access policy group, please refer to the following article.
Create a new access policy group
Allowed Services Set whether to allow this user to use the services for which single sign-on settings have been made in [Edit Connected Service] You can also set whether to display links to the services for which link settings have been made in [Edit Connected Service] on this user's Access Control User Portal.
Device Certificate
Check the device certificate information issued to the user being viewed (Non-Downloaded, Downloaded, In Use, Expiring Soon) By clicking on each device certificate column, you can transition to the certificate editing screen of the selected device certificate.
※ Only the user information editing screen is displayed.