Target
- Access Control Administrator
Purpose
- This page explains the procedure to create/edit a user from the Access Control Administration screen.
Notes
- This article is based on the product specifications as of March 2025 and may change without notice.
- Global administrator privileges for Access Control are required to verify the actual screen and change settings.
- Please refer to the following article for how to access the Administration screen.
How to access the HENNGE Access Control Administration screen - If you are synchronizing users from Active Directory to Access Control, this task is not necessary.
Procedure
Create/Edit a user individually
1. Access the [User] - [Users] from the Access Control administration screen.
2. Click [+ Add User] in the upper right, or select the user you want to edit from the user list.
For how to search for registered users, please refer to the article below.
Search for a user
3. Enter/edit required items and click the [Save] or [Set as Expiring] button in the lower right.
※ For an explanation of each item, please check Items (Create/Edit User).
Create/Edit users in bulk
For details, please refer to the following articles.
User Batch Registration
Access Control User Batch Update
Items (Create/Edit User)
When creating/editing a user, please confirm and prepare the following information in advance.
Item | Description | Description | |
Username | A unique value to identify the user in Access Control |
This is the value the User will enter on the Access Control Login screen. The Username can be up to 64 characters and the following strings are available.
|
|
Initial password | The password the user will use for the first Login | Displayed only when creating a new User. | |
Password Change Policy | The expiration date of the user's password |
|
|
Family name | User's [Family name] information | Can be set up to a maximum of 256 characters. | |
Given name | User's [Given name] information | Can be set up to a maximum of 256 characters. | |
(Only when integrated with Microsoft 365) Display Name | User's [Display Name] information | Can be set up to a maximum of 256 characters. | |
(Only when integrated with Microsoft 365) UserPrincipalName | User's [UserPrincipalName] Attribute |
Set the same value as the username (UserPrincipalName) in this user's Microsoft 365. |
|
(Only when integrated with Google Workspace) Email Address (SAML UID) | User's [Email Address] information | Set the same value as the email address in this user's Google Workspace. | |
(Only when integrated with Google Workspace) Google Provisioning | Provisioning settings to Google Workspace for creation, editing, and deletion related to this user |
When user provisioning or password provisioning is enabled in [Domain Settings], set whether to provision to Google Workspace for creation, editing, and deletion related to this user.
If a user who was [Excluded] is set to [Include] when there is a surplus of licenses in Google Workspace, the relevant user information in Access Control will be provisioned immediately. |
|
Custom Attributes | User's [custom attributes] |
If a custom attribute is created in advance, this item can be edited. For information on how to create custom attributes, please refer to the following article. |
|
Account Status |
User's account status settings |
Displayed only on the user information edit screen.
|
|
Role | Access Control permission settings for accessing the Administration | You can select from the following. ※ All administrators have viewing rights to all pages and can download log files (CSV). 1. User: Cannot access the Administration menu. 2. Global Admin: Has editing rights to all menus. 3. Device Certificate and Secure Browser Admin: Has both the rights of ④ and ⑤ below. 4. Device Certificate Admin: Has the rights to issue, deny, and edit Device Certificates. 5. Secure Browser Admin: Has the rights to approve, deny, and edit Secure Browsers. 6. Read Only Admin: Does not have editing rights to any menu. |
|
Self Password Reset | Setting up an email address for Self Password Reset |
If the Self Password Reset feature is enabled, set up an email address for Self Password Reset. For an overview of the Self Password Reset feature, please refer to the following article. |
|
Force logout |
Force this User to log out from Access Control | ※ This does not log out from services linked with Single Sign-On. | |
OTP type |
OTP type settings |
Displayed only in the User Information edit screen. You can select from HENNGE Lock or Email.
|
|
OTP Emergency Token | Issuance of OTP emergency token | - | |
Access Policy Groups | Specification of the access policy group to which the user belongs | By selecting [View policy group details], you can check the setting details of the access policy group assigned to the user. For information on how to create an access policy group, please refer to the following article. Create a new access policy group |
|
Allowed Services | Set whether to allow this user to use the services for which single sign-on settings have been made in [Edit Connected Service] | You can also set whether to display links to the services for which link settings have been made in [Edit Connected Service] on this user's Access Control User Portal. | |
Device Certificate |
Check the device certificate information issued to the user being viewed (Non-Downloaded, Downloaded, In Use, Expiring Soon) | By clicking on each device certificate column, you can transition to the certificate editing screen of the selected device certificate. ※ Only the user information editing screen is displayed. |