Technicians

Technicians are end users with specific privileges that allow them to carry out product-related administrative tasks. To log in to the ADSelfService Plus portal and perform administrative tasks, technicians need to be assigned an ADSelfService Plus license. The Technician Settings report (Configuration > Administrative Tools > Technician) enables you to monitor the licenses assigned to technicians from the Licensing Status column, which shows the licensing status of each technician.

technician-rolesettings

There are two types of ADSelfService Plus technicians:

  1. Domain-based Technicians: These are technicians who have an account in AD. Domain-based Technicians only have control over the domain to which they belong.
  2. Product-based Technicians: These technician accounts are created in ADSelfService Plus and technicians use their product account credentials for authentication. Product-based Technicians have control over all the domains configured in ADSelfService Plus.

Technicians can be assigned one of the two roles:

  1. Super Admin: Has full control over the entire application by default.
  2. Operator: Can audit operations and view reports in the application by default.
Note: You can configure MFA and Password Policy settings for product technicians under the Advanced section in the Technicians tab. To do so, go to Configuration > Administrative Tools > Technician > Advanced. To configure MFA and password policy settings for Domain-based Technicians, go to Configuration > Self-Service > Multi-factor Authentication and Configuration > Self-Service > Password Policy Enforcer, respectively.

How to assign permissions to Technician roles

  1. Go to  Configuration > Administrative Tools > Technician.
  2. Select Role Settings. 
  3. Select the required role from the drop-down. 
  4. technician-rolesettings
  5. You can now choose to assign or remove the displayed permissions. 
  6. technician-rolesettings
Note:
If a Product-based Technician with the Super Admin role configures particular settings associating multiple domains or policies, any modifications to that setting will get replicated across the selected domains or policies. Domain-based Technicians may make changes to these settings unaware of the implications since their visibility is restricted only to the domain they are part of. It is therefore recommended that Product-based Technicians configure settings affecting multiple domains or policies (mentioned below) only if absolutely required.

Configurations affecting multiple domains

  • Azure AD MFA
  • FIDO Passkeys
  • Duo Security
  • RADIUS Authentication
  • SAML Authentication
  • YubiKey Authenticator
  • Smart Card Authentication
  • Custom TOTP Authenticator
  • Password Expiration Notification
  • Password Sync/Single Sign-On
  • Conditional Access
  • Self-Update Layout
  • Employee Search
  • Manage Custom Attributes
  • Data Sources in Import Enrollment Data from External Database
  • GINA/Mac/Linux Customization
  • Updating Cached Credentials over VPN
  • APNs Configuration (Mobile App Deployment)

In addition to these configurations, changes made by Domain-based Technicians to configurations in the Admin tab will also get replicated across other associated domains.

How to create a Technician

  1. Go to Configuration > Administrative Tools > Technician.
  2. Click the + Add new Technician button. 
  3. Select the technician type, role, domain, and users/groups from the respective drop-downs.
  4. add-new-technician
    Important: When Domain-based Technician is selected, the created technician can use their Windows login credentials to log in to ADSelfService Plus. 
  5. If you select Product-based Technician in the Technician Type field, you will be required to enter the login credentials for that technician.
  6. add-new-technician
  7. Cick Add
  8. Important:  When Product-based Technician is selected, this only creates an account in ADSelfService Plus. The technician will not have an AD account and needs to use the credentials that you configure. 

Advanced Settings

The Advanced option on the Technician Settings page allows you to configure login MFA and password policy settings for technicians who use product authentication.

Advanced settings

Login MFA

You can configure specialized MFA for technicians using this section.

Password Policy

General

Copyright © 2024, ZOHO Corp. All Rights Reserved.