Category Filter

Configuring Custom Technician Roles

You can have your Hexnode MDM portal managed by multiple admins. The user who signs up for the portal is the Super Admin. You can then add multiple technicians. Each new technician can be assigned any of these roles – Admin, Reports Manager or Apps, and Reports Manager.

  • Admin: Admins have full privileges, and access to all the features in the portal.
  • Reports Manager: Reports managers can access only the dashboard, reports tab and the features in there.
  • Apps and Reports Manager: Apps and Reports managers have access to the features in both the Apps and Reports tabs. They can also view the dashboard.
Notes:

  • Hexnode MDM restricts the technician to only log in on a single machine or browser at a time.
  • If a technician proceeds to log in to the Hexnode portal that is already logged in from a different browser or machine, the technician will be prompted to log in by terminating the currently active session on the portal.
    concurrent login for a single technician in hexnode

Create technicians in Hexnode MDM

To create a technician,

  1. On your Hexnode MDM console, navigate to Admin > Technicians and Roles.
  2. Click on Add Technician this opens a pop-up tab.
  3. Enter the name of the technician in the field Display Name.
  4. Enter the Username/Email for the technician. If you are enabling SSO login for the technician, the username should match the User Principal Name or the email ID of the user.
  5. Enter the Phone Number of the technician.
  6. Choose a specific technician role: Admin, Reports Manager, or Apps and Reports Manager.
  7. Enable Google, Microsoft, or Okta as the Allowed SSO logins for the new technician. Technician sign in with local credentials is enabled by default.
    Note:


    SSO login via Google, Microsoft, or Okta can only be enabled if the corresponding option is enabled in the Global SSO Login Settings.

  8. Enable two-step verification: Enabling this option would initiate log in via a two-step verification process. The first step involves the technician to enter the username and password. The second step is to enter a verification code sent to the email address/mobile number provided by the technician. This option is enabled by default.
    Notes:

    1. The verification code is valid for a duration of 3 minutes. After the 3 minutes duration, a new verification code should be sent to enable log in to the portal.
    2. Ensure to configure SMS Settings on your portal, to enable technician login using OTP via SMS.

  9. Enable CAPTCHA after ___ failed login attempts: Choose the maximum failed login attempts for a technician after which CAPTCHA will be enabled. It can take values between 1 and 10.
  10. Click Save.


This will send an email invitation link to the technician. The link will automatically expire in a day or if it is used. The technicians can activate the account by clicking on the Setup account in the email invitation. They will then be asked to set up signing in with Google, Microsoft, or Okta or to set a local password.

On enabling SSO login for technician’s with Microsoft, Google and Okta authentication, the Hexnode MDM sign-in page will look like this.
SSO login enabled sign in

Notes:

  • If the new technician tries to log in to the portal using Google, Microsoft or Okta authentication without setting up login via the email activation link, a message will be displayed asking them to set up signing in.
    Message displayed while signing in without setting up the Google account
  • If you log in to your Hexnode account via Okta, you will be asked to enter your email on clicking on Sign in with Okta. Enter the email and click on Submit; this will redirect you to the Okta sign-in page to authenticate your Okta credentials. Sign in to Hexnode via Okta

Global SSO Login Settings

SSO login settings can be applied globally to all the technicians using the Global SSO Login Settings.

  1. On your Hexnode MDM portal, head on to Admin > Technicians and Roles.
  2. Enable Google, Microsoft, or Okta and as the Allowed SSO logins under Global SSO Login Settings. Technician sign in with local credentials is allowed by default.

Global captcha settings

Global captcha settings can be applied globally to all the technicians within the portal.

  1. Login to Hexnode portal.
  2. Navigate to Admin > Technicians and Roles.
  3. Under Global CAPTCHA settings, provide the maximum failed login attempts after which CAPTCHA will be enabled. It can take values between 1 and 10.
  4. Click on Save.
Note:

CAPTCHA will be enabled based on the least value configured irrespective of individual CAPTCHA/Global CAPTCHA settings.

Edit Technician

For an admin or super admin to edit the details of a technician,

  1. Go to Admin > Technicians.
  2. Click on the more icon and select Edit Technician corresponding to the technician you want to edit.
  3. You can change the Display Name, Username/Email, Phone Number fields and the two-step verification configuration.
  4. Alter the Role of the other technicians if you want. But an Admin can neither change his own role nor the role of a Super Admin.
  5. Enable Reset SSO to remove all the linked authentication accounts. The technician needs to set up SSO login again or use the local credentials to log in.
  6. If a technician wants to reset his own local password, check Reset local password. If checked, they will be asked to enter the old password, configure and confirm the new password.
  7. You can also change the maximum failed login attempts before enabling CAPTCHA if required.
  8. Click Save.


Note:


If you change the Username/Email of a logged in technician, you will be asked to log out of the Hexnode portal and log in again using the new username. Click on Yes, Log Me Out to proceed.

Delete Technician

If an admin or a super admin want to delete a technician,

  1. Go to Admin > Technicians.
  2. Click on the more icon and select Delete Technician corresponding to the technician name.
  3. Click on Yes.
  4. Complete the user authentication and confirm the deletion process.

Resend account activation link

For an admin or super admin to resend the account activation link of another technician,

  1. Go to Admin > Technicians.
  2. Click on the more icon and select Resend account activation link corresponding to the required user.

This will resend the activation link to the technician’s email account.

Reset Password

If a super admin or admin wants to reset the password of another technician,

  1. Go to Admin > Technicians.
  2. Click on the more icon and select Reset Password corresponding to the technician whose password you want to reset.
  3. Click on Proceed.


A password reset link will be sent to the technician at the specified email ID. The email will expire in a day. The technician has to set up a new password using this link to sign in.

Note:


This option will not be available for a technician who has not set up his login.


Warning:


Suppose an SSO logged in technician has disabled the pop-up notification for the Hexnode MDM portal on the device browser, the Hexnode actions that enforces technician authentication, cannot be completed.

For authentication, technicians must be redirected to the Google/Microsoft/Okta authentication page in a new tab. This will be blocked if you have disabled pop-up notifications for the Hexnode portal. So, actions like device wipe, edit technician, etc. that requires technician authentication will be blocked.

Deactivate Technician

A technician can be deactivated without removing his account from the portal. An Admin can deactivate the account of other technicians except a Super Admin. To deactivate a technician:

  1. Go to Admin > Technicians and Roles.
  2. Among the list of technicians, disable the toggle button corresponding to the technician whose account is to be deactivated.
  3. Complete user authentication to confirm the deactivation process.

temporarily deactivate a technician

Note:


If the technician is having a current active session, he will receive a session expiry prompt once the account deactivation is initiated. Any further sign-in from the deactivated account raises an error message ‘User is inactive! Please contact your administrator’ on the log-in window.


A deactivated technician account can be activated by re-enabling the toggle button and completing the user authentication.

Different Technician Roles in Hexnode MDM

Super Admin

Super Admin has complete access over the portal and is an all-time active technician. They can edit, create or delete other technicians. They can edit their own details but can’t change their role. They can also deactivate other active technicians. A Super Admin cannot be deleted or disabled.
Technician with super admin privileges

Admin

Admin can access all the tabs in the portal. He can deactivate, add, edit or create other technicians. Admin can also edit his own details but can’t change his role or delete himself.

Apps and Reports Manager

Apps and Reports manager can access both the Apps and Reports tabs as well as the dashboard. However, he doesn’t have any other privileges on the portal.

Reports Manager

Reports Manager can access only the Reports tab and the dashboard.

Limiting the number of technicians as per the pricing plan

The number of technician roles that can be configured depends on the pricing plan you have subscribed.

For Express plan,

  • Only Super Admin is allowed.

For Pro plan,

  • Two active technicians are allowed – Super Admin and one active technician. Deactivate the technician to add another one.

For Enterprise plan,

  • Super Admin and 2 other Active technicians are allowed. Other technicians can take the role of Admin, Reports Manager or Apps and Reports Manager. Deactivate any of the added technicians to add more technicians.

For Ultimate plan,

  • Super Admin and 3 other Active technicians are allowed. Other technicians can take the role of Admin, Reports Manager or Apps and Reports Manager. Deactivate any of the added technicians to add more technicians.

For Ultra plan,

  • Super Admin and 4 other Active technicians are allowed. Other technicians can take the role of Admin, Reports Manager or Apps and Reports Manager. Deactivate any of the added technicians to add more technicians.

When the number of active technicians reaches the maximum limit allocated to each plan you have to either deactivate any of the active technicians or upgrade your pricing plan. You can also purchase additional technicians, if required, while subscribing or renewing the Hexnode license.

Maximum technician limit attained

Note:

When you downgrade the pricing plan (change from a higher plan to lower one) some of the technicians in the higher plan will be deactivated automatically while others remain activated depending on the number and role of the active technicians allowed in the new plan with priority to the ones who appear first in the list.