Admin Users

Learn more about how to create, protect and manage Fusion Administrator Accounts.

Overview

Admin Users have full administrative access to all areas of Fusion and customer identities.

It is strongly advised that you enable Multi-factor Authentication for all Fusion Admin Users after creating them.

See Admin Adaptive MFA to configure the login workflow and choose which Multi-factor Authentication methods to use to protect your Fusion instance.

Learn How To

1) Create an Admin User

2) Change an Admin User Password

3) Setup Multi-factor Authentication for Admin Users

Creating an Admin User

Follow these steps to create a new admin account with Fusion.

1) Log into the Fusion Admin Console, select Tenant Configuration, then Admin Users from the main menu on the left-hand side of the console.

2) Click the Create Account button from the top right hand menu as shown below:

Click to Enlarge

3) You can now create an account by clicking the 'Create Account' button. You will be taken to the Create Account screen as shown below:

Click to Enlarge

4) You will need to populate the following mandatory attributes, Username, First name, Last name, Email and Password. It is highly recommended that you also populate the Phone number attribute since that is used for SMS based Multi-Factor Authentication (see below). See the below table for an explanation on the requirements for these attributes.

5) Once you've typed in your attribute values, click 'Save'.

6) Upon successful account creation, you will be taken back to the Admin Users screen and shown a listing of all Admin accounts.

The table below provides an overview of the rules and requirements for these common attributes used during the account creation process.

Attribute Name

Description and Rules

Username

  • Must be unique since its the primary identifier of the account.

  • Can contain up to 104 characters in length

  • Cannot contain: " / \ [ ] : ; | = , + * ? < >

  • Can contain any of the of these ASCII characters: # $ % & ' ( ) - . @ ^ _ ` { } ~

  • Are case aware (This refers to the storage of a username in the case that it was provided. If a username is entered as ‘UsERname’ then it is stored as ‘UsERname’ and displayed as '‘UsERname’ whenever presented to the customer.)

  • Are not case sensitive (this means that a username match and its uniqueness does not take into consideration any case sensitivity)

First name

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain spaces surrounded by any character

  • Can contain - and ' surrounded by any character

Middle name

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain spaces surrounded by any character

  • Can contain - and ' surrounded by any character

Last

name

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain spaces surrounded by any character

  • Can contain - and ' surrounded by any character

Email

The email address must be in the format of localpart@domain

Localpart:

  • Can contain any uppercase or lowercase Latin characters

  • Can contain any digits 0 to 9

  • Can contain any of these ASCII characters: ! # $ % & ' * + - / = ? ^ _ ` { | } ~

Domain:

· Can contain . if it is not the first or last character or repeated

· Can contain any digits 0 to 9

· Can contain any uppercase or lowercase Latin characters

· Can contain – if it is not the first or last character

Phone number

  • Can contain any digits 0 to 9

  • Can contain + providing that it is the first character

Password

The customer's password will be governed by the Password Policy that has been set on the Identity Store, however, the following allowed and disallowed rules also apply:

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain any digits 0 to 9

  • Can contain any of these ASCII characters: # $ % & ' ( ) - . @ ^ _ ` { } ~

Change the Admin password

To change the password for an Admin account, follow these steps:

1) Log in to the Fusion Admin Console using an admin account.

2) From the top right hand menu, click your admin username and then click My Account from the drop down menu, as shown below.

Click to Enlarge

3) Next, the My Account page will be displayed (for this admin account). Click Change Password from the left hand menu. The Change Password screen will be displayed, as shown below.

Click to Enlarge

4) Once you have provided the current password, and set a new password followed by its confirmation, click Save. The password for this admin account will now have been changed.

Set up Multi-factor Authentication for Admin Users

The security options that protect and govern the authentication workflow for Fusion administrator accounts is configured via the Admin Adaptive MFA Policy.

See Admin Adaptive MFA for more information on how to choose which security options you can use to protect your Fusion Admin Accounts.

To setup and mange Multi-Factor Authentication for Admin users, follows these steps.

) Log in to the Fusion Admin Console using an admin account.

2) From the top right hand menu, click your admin username and then click My Account from the drop down menu, as shown below.

Click to Enlarge

3) Next, the My Account page will be displayed (for this admin account). Click Account Settings from the left hand menu. The Account Settings screen will be displayed, as shown below.

Click to Enlarge

4) Next, choose either an Email or SMS based MFA option (or both) to protect the account. You can do this by clicking the + next to either provider. You will be asked to confirm ownership of either the email address or phone number by verifying an OTP passcode.

5) Once you have added an email or phone number, you can enable or disable any of the provided MFA options. You can also choose to add any other email addresses or phone numbers to provide further back up access to your account.

Click to Enlarge

6) Any changes to MFA methods take immediate effect and will be enforced at next log-in to the Fusion Admin Console