Skip to main content
日本語 简体中文 繁體中文

[Access Control] New User Creation / Edit

Target

  • Access Control Admin

Purpose

  • This article explains the procedure for creating or editing users from the Access Control Administration.

Notes

  1. The content of this article is based on the product specifications as of February 2026 and may be changed without prior notice.
  2. Global admin privileges for Access Control are required to view the actual screens or make configuration changes.
  3. For instructions on how to access the Administration, please refer to the following article.
    How to Access the Access Control Administration
  4. If you are synchronizing users from Active Directory to Access Control, this procedure is not required.

Procedure

Create / Edit Users Individually

1. From the Access Control Administration, go to [Users] - [User List].

スクリーンショット 2026-02-26 14.13.10.png

2. Click the [+ Add User] button at the top right, or select the user you want to edit from the user list.
For instructions on how to search for registered users, please refer to the following article.
Search for a user

スクリーンショット 2026-02-26 14.55.20.png

3. Enter or edit each item, then click the [Save] or [Save Changes] button at the bottom right.
* For details on each item, please refer to Items (User Creation / Edit).

Create / Edit Users in Bulk

For more details, please refer to the following articles.
User Batch Registration
Access Control User Batch Update

Items (User Creation / Edit)

Please check and prepare the following information in advance when creating or editing users.

Item Description Notes
Username A unique value to identify the user in Access Control

This is the value the user enters on the [Access Control] Appearance.
The username can be up to 64 characters and may contain the following characters:

  • Alphanumeric (a-z, A-Z)
  • Numbers (0-9)
  • Underscore (_)
  • Dash (-)
  • Period (.)
  • At sign (@)
Family name User's [Family name] information Up to 256 characters can be set.
Given name User's [Given name] information Up to 256 characters can be set.
Display name User's [Display name] information Up to 256 characters can be set.
Login ID
UserPrincipalName
*Only when linked with Microsoft 365		 User's [UserPrincipalName] information

This is the login ID used to log in to HENNGE One.

Set the same value as the UserPrincipalName in Microsoft 365 for this user.
Login ID
Email Address (SAML UID)
*Only when linked with Google Workspace		 User's [Email Address] information

This is the login ID used to log in to HENNGE One.

Set the same value as the email address in Google Workspace for this user.
Note:Only authentication domains for Access Control can be registered.
Please refrain from registering unauthenticated domains or free email addresses.
Dry run and synchronization Setting to exclude the user from groupware user synchronization

If you are synchronizing users with Google Workspace or Microsoft 365 in [Provisioning Settings], you can set whether this user is included in the synchronization.

  • Exclude this user from Microsoft synchronization
  • Exclude this user from Google provisioning

In Google provisioning, if there are available Google Workspace licenses and you uncheck Exclude, the user information in Access Control will be provisioned immediately.
If there are no available Google Workspace licenses, "An error occurred during creation. Please try again" will be displayed.
Note that even if you set a user as Exclude from provisioning, the user in Google Workspace will not be suspended or deleted.
Custom User Attributes User's [Custom User Attributes] information

If [Custom User Attributes] have been created in advance, you can edit this item.
Up to 256 characters can be set.

For instructions on how to create custom user attributes, please refer to the following article.
Create Custom User Attributes
Account status Setting for the user's account status

Displayed only on the user information edit screen.

  • Enabled: The user can log in.
  • Disabled: The user cannot log in.
  • Locked out (cannot be set manually, displayed only when the user is locked out): The user is locked out after multiple incorrect password attempts.
    * To unlock, the admin can set this value to "Enabled".
Password setup Whether to set an initial password

* Displayed only when creating a new user.

  • Set initial password: The created user can log in using their ID and password.
  • No initial password: The created user must set their own password using the self password reset feature or log in using a passwordless device certificate.
Initial password Password used by the user at first login Displayed only when creating a new user.
Password Expiration Password expiration for the user
  • Force password change: Requires the user to change their password at the next login.
  • Password never expires: No expiration date is set for the password.
  • Follow Domain Settings: Follows the expiration settings in [Domain Settings] under [Password Related Settings].
Self Password Reset Setting for the email address used for self password reset

If the self password reset feature is enabled, set the email address for self password reset.
* If the user sets the email address, please set it individually from the User Portal [Password Settings] - [Configure Password Reset].

For an overview of the self password reset feature, please refer to the following article.
Access Control Self Password Reset Feature Overview
Role Setting for permissions to access the Access Control Administration You can select from the following.
* All admins have permission to view all pages and can download log files (CSV).
For details on roles, please refer to the following article.
[Access Control] What can users do by role?
Force Logout Force this user to log out from Access Control * This does not log the user out from services linked via single sign-on.
OTP type Setting for OTP type

Displayed only on the user information edit screen.

You can select from HENNGE Lock or Email.
For services configured for single sign-on in [Domain Settings], you can set whether this user is allowed to use them.

  • Not configured: OTP is not set.
  • Email: OTP via Email is set.
  • OTP via Smartphone: OTP is set via an Authenticator app other than HENNGE Lock.
  • HENNGE Lock for Android: OTP is set via HENNGE Lock for Android.
  • HENNGE Lock for iOS: OTP is set via HENNGE Lock for iOS.
  • Unknown - OTP via Smartphone or Not Configured: OTP is available, but the registration method cannot be confirmed. This may be displayed when users are registered in bulk, etc.
OTP emergency token Issuance of an emergency OTP token -
Access Policy Groups Specify the Access Policy Groups to which the user belongs By selecting [View policy group details], you can check the details of the Access Policy Groups assigned to the user.
For instructions on how to create Access Policy Groups, please refer to the following article.
Create a New Access Policy Group
Allowed services Set whether this user is allowed to use services configured for single sign-on in [Connected Services] You can also set whether to display links to services configured in [Connected Services] in this user's Access Control User Portal.
Device Certificates Check the device certificate information (Non-Downloaded / Downloaded / In Use / Expiring Soon) issued to the user being viewed By clicking on each device certificate column, you can transition to the certificate edit screen for the selected device certificate.
* Displayed only on the user information edit screen.