Product Documentation

Defining Users and Groups

Dec 21, 2015
User account objects represent the users of the mobile devices managed by Device Manager. User accounts are associated to devices by Device Manager as part of the authentication process. Maintaining an accurate roster of users improves mobile device and service management. Groups are logical collections of users that serve as targets for management tasks, such as applying settings, implementing policies, and deploying software.
Note: Device Manager manages group of users, not individual user accounts.

User Account Information

Device Manager supports the following sources of user account information:

  • LDAP directory. You can configure Device Manager to read an LDAP-compliant directory, such as Active Directory to import groups, user accounts, and related properties.
    Note: Device Manager retains the source of user accounts. As a result, certain operations are not permitted on user accounts that you source from LDAP directories.
  • Manual entry. You can use group maintenance forms in Device Manager to quickly create user accounts.
  • Importing a provisioning file. You can develop a file outside of Device Manager containing user accounts and properties and then import the file. Device Manager automatically creates objects and sets properties values.

User accounts appear in the user table within the main display area of the Users tab. The table depicts each user account associated with the group that you select in the Group pane. The User toolbar provides available tasks to perform on user accounts. You can manipulate the table appearance.

The groups in which a user account is a member appear in the Groups column. Note that multiple groups appear as a multi-line entry. User accounts also appear in the Devices table. The user associated with a particular device appears in the User column. The user account shown in the User column represents the user that enrolled on that device.

Group Information

The group structure in Device Manager is flexible. Users may belong to multiple groups, groups may be nested inside of other groups, and the number of groups is not limited. You can create permanent or ad-hoc groups to suit any purpose. Device Manager supports the following sources of group information:

  • LDAP directory. You can configure Device Manager to read an LDAP-compliant directory, such as Active Directory to import groups, user accounts, and related properties.
  • Manual entry. You can use group maintenance forms in Device Manager to quickly create groups.

Groups appear in the Group pane, the area to the left on the Users tab. The pane depicts groups in a hierarchical arrangement with the number of members in each group given as a number in parenthesis after each group name. A default group is automatically created during Device Manager installation to serve as the top-level node for the group hierarchy; all other groups appear as children of this node. Groups imported from LDAP-compliant directories also appear in the group hierarchy, with the LDAP directory name as the primary node. The individual groups of the LDAP directory appear as children of the primary node.

Groups may be nested in the hierarchy without limit. Fully-qualified group names use periods as delimiters. For example, a group of name Corporate.Sales.SalesSupport.Admin implies a nesting model based on organizational structure.
Note: User accounts may exist at any level. Thus, on a parent node, the count of group members represents the user accounts associated with that discrete node, and not the sum of the accounts associated with the nodes children.

Groups also appear in the User table. The groups a user belongs to appear in the Groups column.