Once you click in the Users list view on a certain user

The User detail view will be displayed for the clicked user:

Profile

In the Profile section you can view/edit the profile picture and user details.

In case the user has added Recovery email addresses or Phone numbers, then you are able to view them and also able to remove them by using the Trash icon in the Edit profile mode.

Profile picture

1. Click on the pencil icon in order to set a profile picture for the user:

   

   Once you choose a picture, you can remove it by using the trash can if you wish to choose another one, or you can keep it and Save in order to apply it for the user profile.

Edit profile

1. Click on Edit profile in order to enter in edit mode:

   

   Now you can edit the values for the details of this user. See Validation list for the rules of validation First name, Last name and Email address.  

   If you change the Email address, the change will be done instantly without the user needing to confirm it. If you have more than one domain registered, you can also choose to only change the domain part of the email address. Once you do the change, the user needs to use the new email address value to sign in.

Security

If your Policy does not allow Visma as Identity Provider, then the  Security section will display this information:

If your Policy allows Visma as Identity Provider, then you have much more information and several actions available for first level support for your users.

The available information and possible actions depend on the state of the user.

• Login

  • Last login: displays the UTC timestamp of the last login into any application or it says “Never logged in“

  • Login count: displays the number of logins of the user into any application

• Passkeys

  • If the user has not registered any passkey, it displays: “No passkeys registered”;

  • If the user did register passkeys, then you will see when a passkey was last used and the number of registered passkeys:

    

• Password

  • If the user has never set a password, it displays: “Password not set“

  • Otherwise this section will show:

    • Last used: the UTC timestamp of the last password authentication

    • Last changed:: the UTC timestamp of the last password change. Note: the one-time password action is also a password change.

    • Last password reset requested: the UTC timestamp of the last password change request as in using the Forgot password feature.

• 2-Step Verification

  • Enabled: If the user did never enable 2-Step Verification , then it displays the value ” Not enabled”, otherwise it displays the UTC timestamp of the last 2-Step verification activation. When 2-Step Verification is enabled the user needs to use 2-Step Verification if the device is not remembered for 30 days or whenever an application requests again for own security reasons the 2-Step Verification on certain actions which need more security like for example approving a payment.

  • Enforced: If the Policy enforces users to use 2Step Verification, the this is set to “Yes“, Otherwise it is set to “No“. If the user is enforced to use 2-Step  Verification, then after using the password he will be prompted to enable 2-Step verification if not already done. 

  • Last generated one-time emergency code: displays the UTC timestamp of the last generated one-time emergency code.  

    • This can be generated when:

      • 2-Step Verification is enabled;

      • by the user from his account settings,

      • by an authorized user when the user lost the one-time emergency code

    • or whenever a one-time emergency code is used as2-Step verification, then a new one-time emergency code is also generated.

Applications

In this section you can view the list of applications where the user has access or has signed in.  There are applications which are called “supporting applications“ which are not shown by default and you need to click on “Show <count> supporting applications“. This type of application does not store any user information or is basically available due to another application that the user is accessing.

The applications which are not set as supporting applications require the user to get access or they store user related information.

Sessions

In this section you can view the current sessions of the user and you can also log the user out from all connected apps of a session by using the “ Logout“ action on each session.

On each session, you can view all applications used. Only one of them is directly displayed.

Audit logs

In this section you can view the audit logs for the user.

In this section you can:

1. filter for certain event types by using the “ Filter events“.

2. select all events or all filtered or from page

   

3. click on the … icon on the right side to export them.

   

4. Choose the exported information:

   

5. Once you click on Export audit logs, the Export users job will start and you can see the progress:

   

6. When it’s completed, you can download the report in JSON or CSV Format.

   

List of events

The list of event we display is:

• Login failed: it shows when the user tried to login and it failed. The Payload shows this information:

  

• Login succeeded: it shows when the user has logged in with success. The Payload shows this information:

  

  By checking same SessionId in the event “ Application authorized” you can trace which applications the user has accessed based on this login.

• Logout succeeded: it shows when the user has logged out or when the logout was triggered and for which reason. The Payload shows this information:

  

• Application authorized: it shows when the user was authorized to access an application wither via sign in or via single sign on ( when he had already logged into another application from before and switched to this one and the authentication method and criteria was accepted). The Payload shows this information: