The Account Manager tool in Filevine is an Advanced tool that gives Account Admins the ability to manage the MFA status, passwords, and activity of other users, as well as their own.
Account Admins can disable MFA and set temporary passwords for other users in the Users section. In the Activity section, they can view login attempts, password and multi-factor authentication activity, and products to which their tenant and users have access.
Users with the Account Admin permission can view the Account Manager tool. To navigate to the Account Manager tool, click Main Menu > Advanced > Users and Activity. You will be taken to the Account Manager tool in a new tab.
Note: If you receive an error, it may be because you are not an Account Admin. Ask another Account Admin to elevate your privileges.
Account Admin
The Account Admin permission grants Admin rights at the account level. An account includes all Filevine Orgs included in your instance. The account is the URL that contains your Orgs.
An Account Admin user can view the Account Manager tool and see other users’ activity at the account level.
When FVID is enabled, the Account Admin permission is granted to a user in your firm. When FVID is enabled, Org owners and Org Admins will be granted the Account Admin permission. Any Account Admin can promote other users to account admins. Typically, the permission is granted to the Org owner of the oldest Filevine Org in your account. This Account Admin user can access the Account Manager tool and grant and revoke Account Admin access to other users.
Profile Section
In the Profile section, you can edit your first and last name and theme selection. You can choose from three themes in Filevine: light, classic, and dark. Select the theme you’d like. You can change your theme at any time.
Security Section
On the security page, you can change your password and set up two-factor authentication for your account.
Users Section
The Users section in the Account Manager tool displays a complete list of all users who have access to log in to your Filevine account. This does not mean that the user has permissions in an Org within your account, just that they can log in.
The top of the section displays the number of users, the number of products assigned to the account, and the number of accounts that have multi-factor authentication (MFA) enabled.
The user table below displays a list of users and the following information:
- name
- products that the user has access to
- login type (password or SAML)
- Admin status
- Active status
- MFA status
Clicking the edit icon at the right side of this table opens the User Details flyout, where you have options to grant and revote Account Admin status, disable MFA, set a temporary password, or enable/disable the user.
You can also perform each of these actions for multiple users at once. Select the users you would like to perform an action for, and then click Action to open the bulk actions dropdown. Each action in the dropdown also includes an indication of how many users the action will apply to.
For example, if you select three users, and one is already an Account Admin, then the Grant Admin Access action will affect two of the three users.
Grant and Revoke Account Admin
Users with the Account Admin permission will have a shield icon in the Admin column of the table.
To grant Account Admin access, click on the edit icon in the last column of the table. In the User Details flyout, click Grant Admin Access. When access is granted, a shield icon appears in the Admin column for that user.
To revoke access, follow the same steps: click on the edit icon and select Revoke Admin Access. The shield icon no longer displays for that user.
Disable MFA
Account Admins can disable multi-factor authentication for users. Disabling MFA is useful when the authentication device is unavailable. As soon as the user can log back in, Filevine recommends re-enabling MFA.
To disable MFA, click on that user’s edit icon and select Disable MFA in the flyout.
Set Temporary Password
When Account Admins want to require rotating user passwords, they can use the “set temporary password” option. This option will require the user to set a new password the next time they log in.
To set a temporary password for a user, click on that user’s edit icon and select Set Temporary Password in the flyout.
Disable/Enable User
Disabling a user prevents a user from logging in again without affecting any of their permissions in the Filevine application. This aciton does not disable active sessions, but it will prevent an employee from being able to log in next time they are required to.
To disable, click on that user’s edit icon and select Disable This User in the flyout.
Activity Section
The Activity section of the Account Manager tool is used to audit user activity at the account level. This activity includes sign-in attempts, password and MFA changes, who accessed the Account Manager tool, and activity around assigning and disabling a Account Admin.
Account Activity Filters
When you first access the Activity section, you can view all activity in your account. The filters on the left-hand side provide more targeted results if looking for a specific event or type of event. View the list below for more information about each filter:
- Sign-In Attempted: The Sign-In Attempted filter records all sign-in attempts for users in your account. This view displays whether the sign-in was successful, the date and time of the sign-in attempt, the name of the user if they successfully logged in, and the email of the user.
- Forgot Password: This filter is used to show if a user requested a Forgot Password reset link from the Filevine login page.
- Password Changed: This filter shows which users attempted to reset their passwords, the date and time of attempt, and whether the attempt was successful.
- MFA Changed: This filter shows the users that have made changes to their MFA, including if they enabled or disabled MFA.
- Required Password Change: This filter shows which users were required to reset their passwords and the date and time.
- Audit Data Accessed: This filter shows a list of all Account Admins who have accessed the Activity section in the Account Manager tool.
- Tenant Admin Changed: This filter shows records of Account Admin access being granted or revoked. The result column will show if it was enabled or disabled.
- Email Address: This filter can be used in conjunction with any of the Activity Type filters. This filter provides a way to target a specific user to see their account access activity. If the All Activity filter is selected, it shows a comprehensive list of all account access activity. More targeted results for an individual user can be achieved by combining the Email Address filter with the specific Activity Type you are searching for. For example, if you are looking to see if a user changed their password and when, then you could enter their email address into the Email Address filter and select the Password Changed filter.
- Date Range: The Date Range filter allows you to focus the results to a specific timeframe. Like the Email Address filter, the Date Range filter can be used to narrow results on any Activity Type.
Access Tokens
In the Access Tokens section, you can create personal access tokens (PAT) for authenticating API gateway requests.
To create a PAT, click New in the top right corner. Enter a unique name that indicates what you will be using it for, and select a user. Click Create.
When you click create, you can view and copy the token. You will not be able to see the token again. Copy the token and store it in a safe place.
Created tokens appear in the list. Click the edit icon at the far right to view a flyout with the token’s details, like its expiration date. Here, you can also revoke a PAT, which deletes it and removes it from the list.
Comments
0 comments
Article is closed for comments.