Creating and Managing User Accounts

This chapter describes how to create and manage user account in Lucidum.

Changing the Admin Password #

To create the first user account, you must sign in with the default Admin account. Your Lucidum sales representative can provide you with the default password for the Admin account.

You should immediately change the password for the default Admin account.

To do this:

1. Log in to Lucidum with the user name “Admin” and the default password.
2. Navigate to Settings > User Management.
3. In the User Management page, find the Admin user.

   

4. Click on the Change Password link (…)for the Admin user.

   

5. In the Change Password modal, click Send. Lucidum will send an email to the user with a password reset link.

Viewing the List of User Accounts #

To view the list of user accounts in your Lucidum system:

1. Navigate to Settings > User Management.
2. The User Management page appears, with a list of user accounts:

   

3. The User Management page displays the following about each user:
   • Email Address. Email address associated with the user account.
   • First Name. First name of the user.
   • Last Name. Last name of the user.
   • Roles. Roles assigned to the user account.
   • Status. Enabled (green checkmark) or disabled (red x).
   • Type. Either local authentication or SSO authentication.
   • Created. Date and time the account was created.
   • Last Login. Date and time the user last logged in to Lucidum.
   • Actions. Icons to perform the following actions:
     • Lock icon. Unlock an account that has been locked out.
     • Pencil icon. Edit an account.
     • Asterisks. Re-set a password for an account.
     • Trash. Delete an account

Creating a New User Account #

Lucidum uses roles to assign permissions to users. You can assign each user one or more roles. Lucidum includes default roles. You can also create custom roles.

To create a new user account in Lucidum:

1. Navigate to Settings > User Management.
2. In the User Management page, click the plus-sign (+) in the upper right corner.

   

3. The Add User page appears.

   

4. In the Add User model page, enter the following:
   • First Name. Name of the new user.
   • Last Name. Last name of the new user.
   • Email Address. Email address of the new user.
   • Account Type. Select how the new user account will be authenticated. Choices are Local or SSO. For details on enabling SSO in your Lucidum system, see Enabling SSO.
   • Roles. Select and assign one or more roles for the new user. For details on Roles, see For details, see Creating and Managing Roles. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:
     • Api_Users. This role is allows access to the Lucidum API.
     • Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.
     • Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.
     • IT Operations. This role is for IT and security operations staff.
     • Custom roles. You can define custom roles. For details, see Creating and Managing Roles.
5. If you selected Account Type of Local, Lucidum will send a secure password reset email to the user’s email. address.
6. Click Confirm to save the new user.

Editing a User Account #

To edit an existing user account:

1. Navigate to Settings > User Management.
2. Find the user account you want to edit and click the Edit (pencil) icon.
3. In the Edit User modal page, you can edit one or more fields.

   

4. In the Edit User model page, you can edit:
   • Active toggle. In the upper right, you can toggle users to active or inactive. Inactive users cannot log in to Lucidum. This applies to user accounts that use SSO and user accounts that use basic authentication.
   • First Name. Name of the new user.
   • Last Name. Last name of the new user.
   • Email Address. Email address of the new user.
   • Account Type. Select how the new user account will be authenticated. Choices are Local or SSO. For details on enabling SSO in your Lucidum system, see Enabling SSO.
   • Roles. Select and assign one or more roles for the new user. For details on Roles, see For details, see Creating and Managing Roles. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:
     • Api_Users. This role is allows access to the Lucidum API.
     • Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.
     • Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.
     • IT Operations. This role is for IT and security operations staff.
     • Custom roles. You can define custom roles. For details, see Creating and Managing Roles.
   • Generate Token. Value required for API access. Click Generate Token to generate this value.
   • View Tokens icon. Displays a list of Action Tokens. Action Tokens allow you to authenticate with the /CMDB/v2/data/ldg endpoint and make API requests to the endpoint. For details on creating Action Token, see Generating a Bearer Token for /CMDB/v2/data/ldg Endpoint.
5. Click Confirm to save your changes.

Unlocking a User Account #

If a user attempts to log in three times with the incorrect user name or password, Lucidum locks that user’s account.

Users with the role “Admin” can unlock user accounts. To unlock a user account:

1. Go to Settings > User Management.
2. In the User Management page, find the user account you want to unlock.

   

3. Click on the lock icon. The lock icon is cleared.
4. A popup displays the message “User was unlocked successfully.”

Generating a Bearer Token #

To authenticate with the Lucidum API v2, use a bearer token. The bearer token allows a Lucidum account to access the Lucidum API. You can generate the bearer token from the Lucidum UI.

To generate the Token:

1. Go to Settings > User Management.
2. Find your account. Click its Edit link.

   

3. Ensure that your account is assigned the Role Api_Users.
4. In the Edit User page, in the Roles field, click API_Users and click the right arrow button.
5. In the Edit User page, click the button Generate Token.

   

6. The Token field appears, populated with a value. Copy and paste the value. Save it somewhere safe, like in a password manager.

Deleting a User Account #

To delete an existing user account:

1. Navigate to Settings > User Management.

   

2. Find the user account you want to delete.
3. Click the Delete (trash can) icon.

Logging In to Lucidum #

To log in to Lucidum:

1. When newly created users log in to Lucidum, they will see:

   

   • To use basic authentication, select Sign In.
   • To use SSO, select Sign In With Azure SAML.
2. If you choose Sign In with Azure SAML, you are prompted to sign in to your SSO provider. If you have already logged in to your SSO provider, you are automatically logged in to Lucidum, with no further action required.
3. If you choose Basic authentication, you will see something like this:

   

4. If you have enabled MFA for Basic authentication, you will see this:

   

Inactive Users #

Inactive users cannot log in to Lucidum. This applies to user accounts that use SSO and user accounts that use basic authentication.