Users

The Users panel is the primary panel for managing user identities and the policies attached to them. All changes in this panel require either the builtin-tg-acess-admin policy or similar permissions.

Adding or Inviting Users

Users can either be invited to the Trustgrid portal and utilize Trustgrid’s native authentication system, or be added and be authenticated by a customer configured Identity Provider (IdP).

Inviting Users

For users that will utilize Trustgrid’s native authentication system, you will need to invite them with a valid email address.

1. Navigate to User Management → Users
2. Under Actions select Invite User

   

3. Enter the user’s valid email address and select the desired base policy (more can be attached later).

   

4. Click Send Invite. You should see a confirmation that the invite was sent like the one below.

   

5. The user will receive an email with a link to the Trustgrid Portal or similar. They will need to click said link.

   

6. Once at the Portal, the user will need to click the Start a free trial option. The user must use the same email address that was invited to get access to your account.

   

7. The user will be prompted for their email, name, password, and company. The user must use the same email address that was invited to get access to your account.
   

   

8. A verification email will then be sent to the invited user’s email address. They will need to click the link in the email to verify their email and complete registration.
9. After verifying their email address the user will be prompted to configure Multi-Factor Authentication (MFA). Trustgrid recommends using a one-time password MFA such as Authy or Google Authenticator.
   1. Scan the QR code with your app.
   2. Enter the passcode and click the Submit button.

      

10. The user is returned to the login screen. Login with the newly created email, password, and MFA code. You will then be redirected back to the Trustgrid portal.

Adding Users (with Identity Providers)

If your account has an Identity Provider (IdP) configured as a Portal Auth Provider, you use the Add User button to create an identity for them within Trustgrid.

1. Navigate to User Management → Users
2. Click the Add User button

   

3. Enter in the user’s email address. This must be the same email address the IdP sends back to Trustgrid, if unsure consult with your IdP Admin.
4. Select your Identity Provider (if more than one)
5. Select the desired base policy. More can be attached later.
6. Click Save

   

7. The user can then navigate to the portal authentication domain associated with the IdP. They will be redirected to the IdP page and required to enter their username, password and MFA (if configured), then automatically sent back to the Trustgrid portal.

Manage User Policies/Permissions

Attaching Policies

To attach/detach policies attached to a user:

1. Under User Management → User search for the target user and click their name.
2. To add a new policy:
   1. Click the Attach Policy button

      

   2. Search for the desired policy then select it.

      

   3. Click Attach

Removing Policies

To remove a policy from a user:

1. Under User Management → User search for the target user and click their name.
2. Click Detach located to the right of policy you wish to remove.

   

View Effective Permissions

To see what permissions a user currently has and what policy is providing that permission:

1. Under `User Management` → `User search` for the target user and click their name.
2. In the right `Effective Permissions` pane, find the permission in question. These permissions are grouped by category. Each entry will show:

   

   1. If the permission is allowed ✅, explicitly denied ❌, or not defined (both icons gray)
   2. The action name
   3. A short description of what the permission allows
   4. what policy grants/denies the user the permission

Change a User Landing Page

The Landing Page allows you to designate where a user is directed within the portal on initial login.

This is most useful for users that only need access to ZTNA Remote Access application at the /apps page or if you want them to automatically land on a specific page like /nodes.

1. Under User Management → User search for the target user and click their name.
2. Enter in the desired landing page path (e.g. /apps) and click Save

   

Managing Group Membership

View a User’s Group Membership

You can view all the Groups a user is a member of from the Groups panel. To change memberships you will need to use the User Management → Groups page. To view:

1. Under User Management → User search for the target user and click their name.
2. Select the Groups panel on the left.
3. Groups will be listed in a table in the main panel.

Adding a User to Groups

You can add a user to one or more group by:

1. Navigate to User Management > Users and click on the name of the user to add to groups.
2. Select the Groups panel from the left navigation bar.
3. Click the “Add to Group(s)” button.
4. From the prompt select the group or groups you want to add the user to. If there are many groups you can start typing the name to filter the options.

   

5. Click Save

Removing a User from Groups

You can remove a user from a group by:

1. Select the radio checkbox next to the group you wish to remove.
2. From Actions, select Delete.

   

3. When prompted confirm you want to delete the user.

View a User’s Associated Identity Provider (IdP)

If an Identity Provider is configured a user maybe associated with one or more IdP.
To view:

1. Under User Management → User search for the target user and click their name.
2. Select the Identity Provider panel on the left.
3. The identity Providers will be listed in a table in the main panel. If no IdP is listed this indicates the user is using the Trustgrid native authentication system.