User and Person Management
A useful feature in Asset Vision is its ability to automatically discover users in an organization. This is done through many different mechanisms and sources, from Active Directory User Object discovery to logged-on users found by the Optimize agent. However, because of the different methods of discovery, the user records can have slight variations in attributes, and thus, multiple user records from the same user can exist in the database.
To solve this problem, the concept of a Person has been developed in Asset Vision, and allows the linking of one or more user records held within Asset Vision to a single, normalized representation of a Person. This Person record can, in turn, be used for things like machine ownership, license allocation, etc. Therefore, all information that is associated with those multiple accounts will be associated to the Person record, which acts as the main unique identifier for that person.
Automate Person Management
In order to take advantage of Person functionality, it must be configured via the Automate Person Management console. From here you will be able to define data sources, synchronize the data sources with the current discovered users, and view reports on the status of the created persons. The lesson below will help you correctly configure Persons in Asset Vision.
NOTE: It is important to that the initial configuration of Person Management be correct. If you have any questions about the initial configuration, please contact Scalable Software to assist with your particular needs.
Add Primary Data Source of User Data
Start by adding the data source that is currently used in Asset Vision for user discovery. In most cases, this is information imported from Active Directory via a PAD scan. If you would like to import users from Active Directory, but have not already configured this in Asset Vision, please see the Active Directory User Scan lesson to do so before proceeding.
To add the data source:
- Navigate to Setup >> App Administration >> Registry >> User and Person Management.
- Click Add Primary Source of User Data. The Source Configuration Options dialog will appear.
In the Source Settings tab of the Source Configuration Options dialog:
- Enter the Name: of the data source. This is simply an identifier for the data source.
- Choose the Primary Key: This is the key data point that will be used by Person Management as the unique identifier for an individual, or person. If using Active Directory as the Primary Data Source, this is usually the User ID.
- Select Auto Update Person: to have Asset Vision automatically create a new, or update an existing, Person with discovered user data.
- The Expiration Days: will determine how long a Person will be associated with a given data source after a specific user record is no longer discoverable.
- The Criteria: can be configured to fine tune which discovered users will be associated with a person. When using Active Directory, the following criteria should be used to limit discovered users to AD users only:
Match All: Source - contains - @DOMAIN
where "DOMAIN" is equal to the suffix of the Source in Admin >> User Management >> Discovered Users.
For example, if most of the users discovered from Active Directory in your environment have a source of "computer.user@company," then the criteria for source should be "@company." - Add any other Criteria, like excluding any domain administrators, service accounts, or test accounts, to keep the account narrowed to only actual users.
- Click Save to save your settings and close this dialog box, or click the Reserved Data to add more data points (see next steps).
The Reserved Data tab is where you will define the additional data points that will always be used by the Primary Data source in determining Person identity. The following information is commonly defined within Active Directory for user accounts:
- User ID
- First Name
- Last Name
- Department
- Location
- Company
Other attributes should be added as desired to help the process of accurately identifying Persons.
To add columns to a Reserved Data point:
- Double-click or drag an individual item in the Available Columns: field. It will appear in the Selected Columns: field.
You may also Shift-click groups, or Control-click multiple individual items to help with the selection process. Use the arrow buttons in between the fields to move one, selected, or all items to the other field. - Click Save to save your settings and close this dialog box, or click the Multi-Source Data tab to add more data points (see next steps).
The Multi-Source Data tab is where you will define the additional data points that will be used as supplemental data by the Primary Data source. These data points may be defined by the Primary Data Source, but can be augmented by any other data source, such as manually-imported user data. Click Save when you are finished.
After configuration is complete, click on the More Info button in the Automate Person Management main screen, and a Person Data Summary screen appears. It allows you to see, at a glance, the Person status in your organization, with the ability to drill down to get more details about each metric.