Advanced User Management

Charles_Blum · January 23, 2024, 8:55pm

We would like to have better user management in the InControl suite. We setup a “group” for each customer that we have. We can then give access to the sales reps and any customer into the InControl platform. The issue with the current user management is that if a Sales Rep has 50 customers and leaves the company, there is no good way to remove the Sales Rep from InControl unless you navigate all groups to make sure they have been removed. There isn’t even a way to run a report to see what groups a Sales Rep or email address are linked to.

It would make more sense to have a location in InControl that you Add Users, and then you would assign the Sales Reps to the needed groups and select the appropriate permissions for each group. Another thought would be to have a Global User list where you add Users and then when you want to assign them to a group in the current fashion, it would require you to select the users from the Global User list. If the user was deleted out of the Global User list, they would be removed from all groups.

bryn.loftus · January 24, 2024, 6:17am

We do this with some automation using the IC2 API.

When an organisation is created the account used by our automation is added and then it runs on a schedule in the background, for every organisation it can access it creates all users based on a group membership in Azure AD (we use the microsoft sso integration).

So all staff get automatically created or removed based on Azure AD group memberships.

MartinLangmaid · January 24, 2024, 9:53am

This is the way to do it.

Charles_Blum · January 24, 2024, 1:28pm

We are looking for an out of the box solution, not something that needs to be developed or created. I like the idea of the solution that you have in place, but we don’t have the resources to implement something like that.

bryn.loftus · January 24, 2024, 11:38pm

I hear you, but that would essentially mean IC2 would need to support SAML+SCIM, which I would love but Peplink have noted in the past it is hard to do multi-tenant at scale.

From an automation perspective, we use N8N as the middleware to do the link, utilising the IC2 API on the Peplink side and the Microsoft Graph API on the AAD side.