Skip to content

Management

To manage platform users, go to the Administration panel and click the following button:

To create a user, you need to have a category and a group created to which the user can be assigned. Therefore, this guide will follow the following order:

Categories

Roles with access

Only administrators have access to this feature.

To manage categories, look for the "Categories" section.

Category Information

For each category we can see the following information:

  • Name: Category name.
  • Description: Category description.
  • Frontend dropdown show: If the category is visible at login, the circle will be green; if not, gray.
  • Bastion domain: If Bastion is enabled for the category, the circle will be green; if not, gray.
  • Allowed domains: Indicates which authentication methods users in the category can use to log in. There can be several.
  • Ephemeral desktops: If the category has ephemeral desktops available, the circle will be green; if not, gray.
  • Maintenance: If the category is in maintenance mode, meaning only administrators can access the platform, the circle will be green; if not, gray.

Info

In the following sections Creating categories and Editing categories, all available options for categories will be explained in detail.

Relevant information

  • A user cannot belong to more than one category.

Creating Categories

To create a category, click the button located in the upper right corner:

A dialog window will appear where you need to fill in the form fields.

  • Name: Category name.
  • Description: Category description.
  • Custom login URL name: You can customize the URL used to access the category (by default it's filled with the name set for the category).
  • UID: This field will generate a unique identifier for the category if left empty (it can be consulted later by editing the category). If you want a specific UUID, you can modify this field.

These are the features that can be applied when creating a category:

  • Automatic recycle bin delete: The recycle bin functionality will be applied to users in the category. When enabled, a dropdown appears where you need to select the time that desktops will persist in the recycle bin before being permanently deleted.

Recycle bin configuration

With this functionality, we can set a specific time for items to stay in the recycle bin before permanent deletion, customized for each category.

If this function is not activated, the recycle bin functionality will be applied as configured for the entire installation. That is, what is configured in the Recycle Bin section.

The priority for applying time configuration will be, first, what is set for each specific category, then the default configuration for all categories, and respectively, groups and users.

The default configured time can be modified by following this guide: Administrator Manual - Recycle Bin.

  • Frontend dropdown show: If this option is selected, the created category will appear in a dropdown menu on the login page, as can be seen in the following images:

Access to hidden categories

If the category is hidden, you can log in by adding the following paths to the installation URL:

  • /login/form/<category_id> : only local authentication will appear.
  • /login/all/<category_id>: both local and OAuth authentication will appear (if configured).
  • Maintenance: This option will set login as installation in maintenance mode for all users except administrators. The information is displayed when attempting to log in.

  • Ephemeral desktops: Enabling this feature allows setting the maximum time a temporary virtual desktop can be used. After the time passes, the desktop will stop and therefore any changes made will be deleted. If not enabled, it will use the default configuration for ephemeral desktops.

To configure the maximum usage time for ephemeral desktops for the entire installation, you can consult the following guide: Configuration - Task Scheduler

  • Add to Storage Pool: All disks generated in this category can be added to a mount point. If this option is not applied, the mount point will be the one configured in the Storage Pool section by default in the installation.

To learn how to create mount points, you can follow the following guide: Infrastructure - Storage Pools

Editing Categories

To edit a category, click the icon next to the category you want to modify, where we can perform various actions:

  • : A dialog window will open with the same fields that appear in the creation window, except for Storage Pool, which once the category is created, can be edited by following this guide: Infrastructure - Storage Pools.

  • : This option allows us to configure access via local and Google. When the button is pressed, this window appears with three available options for each access:

    • Enable auth method: Enables access using this authentication.
    • Disable auth method: Disables access using this authentication.
    • Restrict auth method to the selected domains: Restricts access with this authentication to specified domains. For example: @example.com

  • : This option enables Bastion for the category. This window opens with the following options:

    • Enable bastion access with the default domain: Activates the default domain used by Bastion.

    • Disable bastion access: Deactivates access to Bastion functionality.

    • Enable bastion access with a custom domain: This option allows configuring a custom domain to access the Bastion of virtual desktops in the category. To do this, you need to add records to our DNS server.

    To learn about configuring a custom domain and other Bastion options, it's recommended to consult the following guide: Administrator Manual - Bastion.

    To start using it as a user, you can follow this documentation: User Manual - Bastion

  • : This button deletes the category. When pressed, this window appears with information about how many elements of each type will be deleted.

    Attention!

    If a category is deleted, all elements, groups and users in the category will be deleted:

    • Desktops
    • Templates
    • Deployments
    • Media
    • Users
    • Groups

Groups

Roles with access

Only administrators have access to all groups. Managers are limited to viewing groups in their category.

To manage groups, look for the "Groups" section.

Group Information

For each group we can see the following information:

  • Name: Group name.
  • Category: Category to which the group belongs.
  • Description: Group description.
  • Linked groups: Shows the secondary groups of the group.
  • Ephemeral desktops: If the group has ephemeral desktops available, it will show information about the configured lifetime; if not, a "false" message will appear.

Relevant information

  • All users must have a primary group.

Creating Groups

To create a group, click the button located in the upper right corner:

And fill in the form fields.

  • Name: Group name.
  • Description: Group description.
  • Parent category: The category to which the group belongs.
  • Linked groups: These are linked groups, and you can add groups from the same category. All resources shared with their linked groups will be automatically inherited by the created group. For example, if Group A is created with Group B as a linked group, all resources shared with Group B will also be shared with Group A, but not vice versa.

  • Ephemeral desktops: Will set a time limit for using ephemeral desktops. If this option is not selected, it will use the configuration set for the entire category or entire installation.

    To configure the maximum usage time for ephemeral desktops for the entire installation, you can consult the following guide: Configuration - Task Scheduler

Editing Groups

To edit a group, click the icon next to the group you want to update, where we can perform various actions:

  • : A dialog window will open with the same fields as the creation window.

  • : This option is explained in the User migration from a group section.

  • : This option is explained in the enrollment key section.

  • : This option allows emptying a group by deleting all users in the group while keeping the group existing. When pressed, this window appears with information about how many elements of each type will be deleted.

  • : This button deletes the group. When pressed, this window appears with information about how many elements of each type will be deleted.

Difference between Empty and Delete buttons

The main difference is that with the "Empty" button you delete everything the group contains, except the group itself. The "Delete" option will also delete the group.

User Migration from a Group

To move all users from one group to another, click the following button:

Users

Roles with access

Only administrators have access to all users. Managers are limited to viewing users in their category.

To manage platform users, access the "Users" subsection:

User Information

For each user we can see the following information:

  • Active: In this column we can see if the user is active () or not (). This will depend on the user editing.
  • Name: User's name.
  • Provider: Authentication method.
  • Category: Category to which the user belongs.
  • Uid: Unique user identifier.
  • Username: Name the user has on the platform (with which they connect).

  • Role: User's role. This will define what features the user will have access to and what permissions they will have.

    To learn about roles and their capabilities, you can consult: Users - Roles

  • Group: Primary group to which the user belongs.

  • Secondary Group: The user's secondary groups.
  • Verified: If the circle is green, it means the user has been validated by their email.
  • Address: The user's email address.
  • Disclaimer acknowledged: If the circle is green, it means they have activated a warning message.
  • Vpn: If the user has their personal vpn active, the circle will be displayed in green.
  • Last access: The user's last access to the platform.
  • : User selector button. If checked, it selects all users that appear in the column.

Relevant information

  • A user cannot belong to more than one category.
  • All users must have a primary group.

The existing buttons in this section are divided into:

Creating Users

To create users in IsardVDI we have several alternatives:

Individually

To create a user, click the following icon:

A dialog window will appear with the following form:

And you need to fill in the following fields:

  • Name: User's name.
  • Username: Name the user has on the platform (with which they connect).
  • Email: The user's email address.
  • Email verified: Checkbox to mark the user's email validation.

  • Password: User's password.

    Depending on how the password policy is configured, it will have some requirements or others. To learn more about how to configure this: Users - Policies

  • Repeat password: You need to repeat the entered password.

  • Role: User's role. This will define what features the user will have access to and what permissions they will have.

    To learn about roles and their capabilities, you can consult: Users - Roles

  • Category: Category to which the user belongs.

  • Group: Primary group to which the user belongs.

  • Secondary Group: The user's secondary groups.

    Resource sharing

    • All resources that have been shared with the user's secondary group will be inherited automatically by the created user.
    • The user will be added to all deployments created in any of their secondary groups.

Bulk Creation

To perform bulk creation, that is, create more than one user at a time, click the button:

A dialog window will appear with the following form, where you can download a sample file by pressing the button, and/or upload the CSV file to perform user creation.

Instructions

  • You can create up to 200 users per CSV file.
  • Passwords will be generated automatically (afterwards a file will appear for download).
  • If we create existing users, they will be ignored; new ones will be created.

  • The CSV file must contain the following columns: username / name / email / group / category / role

  • The role can be manager, advanced or user. Administrators cannot be created this way.

  • Other fields like secondary groups or email verification can be configured once the CSV file is uploaded.

Avoiding errors

  • The "category" and "group" fields must be written exactly with their name
  • Unicode (UTF-8) encoding is recommended
  • The csv file must be separated by tabs Tab ↹
  • It's highly recommended to use the sample csv

Once filled, it can be uploaded with the following button:

And if uploaded correctly, a user preview table will appear:

Set other extra fields

Before proceeding with creation, we can add secondary groups to users and mark their email as validated. This action will affect all users.

To export users with the generated password in a CSV file, click the button

Password export

Until the user file with passwords is downloaded, users cannot be created.

Errors

If the csv file hasn't been uploaded correctly, an error will be shown indicating the reason.

And we could then create the users by pressing:

Generate CSV to Create Existing Users

To generate a CSV file with information from existing users, select the desired users and press the button

This action will export a CSV file with basic data from selected users.

Info

The CSV file will not include user passwords, they will be generated when performing bulk creation.

Once you have the file, you can perform bulk creation, as explained in the previous section: Bulk creation

This CSV can be useful if you want to recreate the same users in the same system or environment (use it as a backup) or in another system or environment. In case some users already exist, they will remain unchanged and only new ones will be created.

If instead of creating new users you want to update existing user information, you need to use the CSV for update button, explained in the user editing section: User updates.

Editing Users

To edit users we have several alternatives:

Individually

To edit a user individually, click the icon next to the user you want to update, and then click

A dialog window will open with the same parameters as the creation window.

Important notes regarding fields

  • The "username" and "category" fields cannot be modified.
  • The password can be modified in the user configuration options.
  • Changing the user's primary group will cause the stopping of all their virtual desktops and emptying of the recycle bin. Additionally, it could have problems with the new group's permissions. For more information, read: Migrate users from primary group

Bulk Editing

You need to select one or more users and click the button

And a dialog window will appear with the following form:

Fields

- Update active/inactive: Updates the user's status on the platform. This user can be active, has access to the platform, or inactive, does not have access to the platform.

- Update email verification: Updates the user's email verification. This user can be verified, meaning they are validated, or unverified, their identity has not been verified on the platform.


- Update secondary group: You can update the secondary groups of several users at once. To update secondary groups, write the group name and select one of these options:
- Overwrite: Overwrites the secondary group that was assigned to the user.
- Add: Adds the secondary group to the user.
- Delete: Removes the secondary group that the user had assigned.

User Updates

To update users through a .csv file, you first need to download the file with user information. To do this, click the button

Then, click the button

A dialog window will appear with the following form where you can upload the file or download a sample:

Important notes regarding fields

  • The "provider", "category" and "uid" fields cannot be modified. The rest of the fields will be updated.
  • If you leave a field empty, it will not be updated.
  • The "Active" column must have a "true" or "false" value
  • To add more than one secondary group to users, you need to separate the groups in the "secondary_groups" column with "/", example "test/Test"
  • To update the password we modify the password field; if we want to use the one already configured, leave blank.

Avoiding errors

  • The "username", "category" and "group" fields must be written exactly with their name to update the user
  • Unicode (UTF-8) encoding is recommended
  • The csv file must be separated by tabs Tab ↹

If what you want is to generate a CSV to create existing users as a backup or recreation in another installation, you need to use the CSV for create button.

User Configuration Options

In addition to editing users, we have several options to perform individually

  • Enable/Disable user

    You can edit a user's parameters by clicking the icon next to the user you want to enable/disable, then click

    A user's status can be seen in the user table, in the Active column (user information).

    Be careful!

    If the user is disabled while accessing the platform, session errors may occur.

  • Change password

    You can edit a user's parameters by clicking the icon next to the user whose password you want to change, then click

    And a dialog window will appear with the following form:

    Policies

    If the user, or category or group they belong to, has a password policy applied, a box will appear with the enumeration of characteristics that the password must meet.

    Suggestion

    The user can change their password through their profile.

  • Recreate/Restore VPN

    You can edit a user's parameters by clicking the icon next to the user whose personal vpn you want to recreate/restore, then click

    Function

    This function is useful if for some reason the personal VPN doesn't work, you can generate the VPN configuration file again.

    For more information about user personal VPN, you can consult the following guide: User Manual - VPN

  • Individual user editing

    The operation of this button can be consulted at: Individual user editing

  • Migrate user

    The operation of this button can be consulted at: Migrate user

  • Impersonate

    You can edit a user's parameters by clicking the icon next to the user you want to impersonate, then click .

    Disclaimer warning

    Impersonating a user provides access to all their data and desktops and carries inherent risks. Before continuing, it's important to consider the sensitivity of the information that will be accessed.

  • Log out user

    You can log out a user by clicking the icon next to the user you want to log out, then clicking .

  • Delete user

    This functionality is explained in the following section: User deletion

Migrate User

You can migrate from local accounts to Google accounts (vice versa or any other type of account) all elements from one user to another (as long as they have the same role or lower) by clicking the icon next to the user you want to migrate, then click

A dialog window will open showing if the user has any created items (desktop, template, deployment or media), along with a series of warnings when migrating these items from one user to another.

Warning

  • Any desktop that is running will be stopped.
  • The user's recycle bin will be emptied.
  • The user's bookings will be deleted.
  • Non-persistent desktops will be DELETED.
  • The co-owner listing in deployments will be removed.
  • Desktops belonging to other users in migrated deployments will remain intact.
  • Resources not allowed for the new user will be deleted or restricted.

After reading the warnings, we can search for the user to whom we want to transfer the items by name:

And then you can click the button

User Deletion

To delete users we have 2 ways:

Attention

You cannot delete administrator users from the Default category.

Individually

You can delete a user or delete all their elements, by clicking the icon next to the desired user, then click

And a box will appear with information about the user's elements:

Before deleting, you need to choose an option:

  • Delete user AND their items: Delete the user and all their elements.
  • Keep user but delete their items: Keep the user, but delete all their elements.

Bulk Delete

To bulk delete, that is, more than one user at a time, you need to select the users and click the button:

OAuth Access

Roles with access

Only administrators have access to this feature.

To modify the authentication method and platform access we use categories as a classification method.

By clicking the button next to the category you want to modify, you'll find the button which allows us to configure access via local and Google:

When the button is pressed, this window appears with three options available in a dropdown for each access:

  • Enable auth method: Enables access using this authentication.
  • Disable auth method: Disables access using this authentication.
  • Restrict auth method to the selected domains: Restricts access with this authentication to specified domains. For example: @example.com

For more information about category-level configurations, consult the following section of this guide: Editing categories

Enrollment Key

The enrollment key is used to complete authentication and login for users who enter for the first time and use authentication via OAuth or via Saml and is managed by groups.

In the Groups table you need to find the group from which you want to obtain the code and click the button to see the group details:

The group expands with various options, you need to click the button

A dialog window will open where you can generate enrollment keys for each role that appears by clicking on the different checkboxes. The code of the role we choose is the role that user will become when they log in.

Once the enrollment key is generated, it can be copied and shared with users.

Attention

  • When registering, users will be assigned the role of the shared enrollment key. For example, teachers will be assigned the "Advanced" code and students the "Users" code.
  • An unlimited number of users can register using the provided enrollment key. Therefore, it's recommended to deactivate them once used.