Add or manage User

This guide shows you how to add individual users to Nodinite and assign them to Roles for role-based access control. Individual users provide granular, person-by-person access for external partners, executives, or anyone requiring special permissions.

New to Users? See What is a User to understand when to use individual users vs Windows AD Groups.

Before You Begin

• Administrator access required - You must be assigned to the Administrators Role
• Valid Windows account - User must have a Windows domain account (or local account in Workgroup mode)
• Know the user name - Format: DOMAIN\username (e.g., CONTOSO\alice.smith)

Step 1: Open the Add User interface

Navigate to Administration → Access Management → Users in the Nodinite Web Client sidebar.

Click the Add/New button to create a new User.

Example of the Add/New button location in the Users interface.

To edit an existing User, click on the user name from the list in the Users Overview.

Step 2: Enter user details

Configure the user's Windows account name and optional metadata.

Example of the User configuration form showing required and optional fields.

Mandatory Fields

User Name

The User name field is required and must match an existing Windows account.

Format: DOMAIN\username

Examples:

• CONTOSO\alice.smith - Domain user
• PARTNER\john.vendor - External consultant from trusted domain
• .\localuser - Local Windows account (Workgroup mode only)

Common mistakes:

• Don't use: alice.smith@contoso.com (UPN format not supported)
• Don't use: CONTOSO/alice.smith (forward slash instead of backslash)
• Don't use: alice.smith (missing domain when in domain mode)

Example of validation error when user name format is invalid: "Bad format for domain and user provided".

Tip

Copy the exact username from Active Directory Users and Computers to avoid typos.

Optional Fields

Additional Information

A user-friendly description to document why this user has access or what their role is.

Best practices:

• Include the person's job title or department: "Finance Department Manager"
• Document temporary access expiration: "External consultant - access expires 2026-06-30"
• Note special permissions: "CTO - executive dashboard access"

Examples:

• "SAP integration specialist from vendor Acme Corp"
• "VP of Operations - read-only monitoring access"
• "Temporary contractor for Project Phoenix migration"

Email

Email address for receiving monitoring alerts from the Monitoring Service via Alarm Plugins.

Important notes:

• Email is only used by the E-mail alarm plugin - it does not affect authentication
• For easier maintenance, prefer E-mail with options which can use AD email attributes
• Leave blank if user should not receive monitoring alerts

Examples:

• alice.smith@contoso.com - Corporate email
• john.vendor@partner.com - External consultant email
• emergency-team@contoso.com - Distribution list for critical alerts

Step 3: Assign Role membership

Assign the User to one or more existing Roles to grant access to specific Log Views and Monitor Views.

Example list of available roles showing role selection interface.

How Role assignment works:

• Multiple Roles allowed - Users can be assigned to as many Roles as needed
• Cumulative permissions - User receives all permissions from all assigned Roles
• No restrictions - Roles are additive, not subtractive (you cannot remove specific permissions)

Example:

• Assign to Role: "Production Logs" (access to production Log Views)
• Assign to Role: "SAP Specialist" (access to SAP-specific Repository Model items)
• Result: User has access to Production Logs + SAP Repository items (combined)

Tip

Start with minimal Role assignments (principle of least privilege), then add more Roles as needed based on user requests.

Step 4: Save and verify access

Click Save to create or update the User.

Verify the user can log in:

1. User opens Nodinite Web Client in browser
2. User authenticates with Windows credentials (DOMAIN\username)
3. User should see Log Views and Monitor Views from assigned Roles
4. Check Audit Log to confirm successful login recorded

Warning

If the user cannot log in, see Troubleshooting section below.

Common Scenarios

Scenario 1: Add External Consultant

Situation: Vendor consultant needs 60-day access to SAP integration logs.

Steps:

1. Click Add/New button
2. Enter User name: PARTNER\john.consultant
3. Enter Description: "Vendor consultant for SAP troubleshooting - access expires 2026-04-30"
4. Enter Email: john.consultant@partner.com
5. Assign to Role: "SAP Production Logs"
6. Click Save
7. Set calendar reminder to remove user in 60 days

Scenario 2: Grant Executive Dashboard Access

Situation: CTO needs read-only visibility into all production integration health.

Steps:

1. Click Add/New button
2. Enter User name: CONTOSO\cto
3. Enter Description: "CTO - executive monitoring dashboard"
4. Enter Email: cto@contoso.com
5. Assign to Roles: "Production Monitor Read-Only" + "Executive Dashboard"
6. Click Save

Scenario 3: Temporary Contractor Access

Situation: 3-month contractor needs limited test environment access.

Steps:

1. Click Add/New button
2. Enter User name: CONTOSO\temp.contractor
3. Enter Description: "Temporary contractor - Project Phoenix - expires 2026-05-15"
4. Leave Email blank (no monitoring alerts needed)
5. Assign to Role: "Test Environment Access"
6. Click Save
7. After project ends, remove entire User from Nodinite

Troubleshooting

User Cannot Log In

Symptom: User enters Windows credentials but is denied access to Nodinite.

Possible causes:

1. User not added to Nodinite Verify user appears in the Users Overview list
2. User name format incorrect: Check for typos, verify DOMAIN\username format
3. Windows account doesn't exist: Confirm account exists in Active Directory
4. Trusted domain issue: For external users, verify domain trust relationship configured
5. IIS authentication disabled: Verify Windows Authentication enabled in IIS for Nodinite Web Client

Resolution: Check each cause above, correct configuration, ask user to retry login.

User Can Log In But Sees No Data

Symptom: User successfully logs in but sees empty lists or "No data available" messages.

Possible causes:

1. No Roles assigned: User must be assigned to at least one Role
2. Roles have no Views: Assigned Roles don't have any Log Views or Monitor Views configured
3. Views have no data: Log Views/Monitor Views exist but contain no log entries or monitors yet

Resolution: Assign user to Roles with active Log Views or Monitor Views, verify Views contain data.

"Bad Format for Domain and User Provided" Error

Symptom: Red error message appears when entering user name.

Example validation error for incorrect user name format.

Cause: User name does not match required DOMAIN\username format.

Resolution:

• Use backslash \ not forward slash /
• Include domain name before username
• Don't use email format (user@domain.com)
• For local accounts use .\username format

User Not Receiving Email Alerts

Symptom: User should receive monitoring alerts but email never arrives.

Possible causes:

1. Email field blank: Email address not configured in User settings
2. Alarm plugin not configured: E-mail or E-mail with options plugin not set up on Monitoring Service
3. Monitor not configured for alerts: Monitor doesn't have alarm plugin actions configured
4. Email address incorrect: Typo in email address

Resolution: Verify email address in User settings, check alarm plugin configuration, test with simple test alert.

Best Practices

User Naming and Descriptions

• Use descriptive Additional Information - Document why user has access, who they are, when access expires
• Include expiration dates - For temporary access, note end date in description
• Document business justification - "Approved by CTO for audit purposes"

Role Assignment

• Start minimal - Assign only necessary Roles initially
• Review quarterly - Periodically review user list and remove inactive users
• Prefer AD Groups for teams - Use individual Users only for exceptions (see Windows AD Groups)

Email Configuration

• Use corporate email - Not personal email addresses
• Test alert delivery - After adding user, trigger test alert to verify email works
• Don't use distribution lists - Unless entire group should receive alerts for this specific user's permissions

Security and Access Reviews

• Document access grants - Use Additional Information field to note approval
• Remove promptly - Delete users immediately when access no longer needed
• Monitor audit logs - Review Audit Log for unusual user activity
• Follow least privilege - Grant minimum access required for user's job function

Security and Compliance

• Document access grants - Use Additional Information field to note approval
• Remove promptly - Delete users immediately when access no longer needed
• Monitor audit logs - Review Audit Log for unusual user activity
• Follow least privilege - Grant minimum access required for user's job function

---

Next Step

Related User Tasks

What is a User - Understand when to use individual users vs Windows AD Groups
Add or manage Windows AD Group - Set up team-based access
Users Overview - View and manage all configured users

Configure Access

Add or manage Role - Create roles with specific permissions
Add or manage Log View - Define which logs users can access
Add or manage Monitor View - Configure monitoring dashboards

Monitoring Configuration

E-mail - Configure email alarm plugin for user notifications
E-mail with options - Advanced email configuration with AD integration

Related Topics

Access Management

Access Management - Overview of Users, Groups, Roles, Claims, and Policies
What is a Role - Understand role-based access control

Auditing and Security

Log Audits - Track user activity and access changes
Monitoring Service - Background service that sends alert emails