This topic outlines the required tasks that the organization administrator must do when setting up the organization for the first time.
Assign organization roles.
All users in the organization inherit the roles assigned at the organization level. Assign only the roles that are applicable at end-user level, such as the Print Release Management User role. For more information on the roles, see Understanding roles.
For an organization that has multiple child organizations, create a Child Organization Access Group, and then assign the group roles.
A Child Organization Access Group can be used to manage user access to all the child organizations. For more information, see Managing the Child Organization Access Group.
Create groups within the organization, and then assign the group roles.
Groups can be created to manage the users in the organization and establish a common set of roles. Members of the group inherit the roles and permissions that are assigned to a group. For more information, see Managing groups.
Set the password requirements.
Create users, import users, or configure the authentication provider to generate users automatically.
The Account Management web portal lets you create individual users. For organizations with many users, a batch import can be done using a CSV file. For more information, see Managing users.
Add users to a group.
Assign user roles.
The organization administrator can also do the following:
Configure an authentication provider.
Configure the printer login.
Manage badges and PINs.
This feature is available only in organizations that have been enabled for the creation of child organizations. From the parent organization, you can create the Child Organization Access Group, assign group roles, and add members. The members have access to all child organizations based on the roles assigned to the group.
This feature lets you manage user access to multiple child organizations easily. For example, if the Child Organization Access Group is assigned with the Fleet Management Administrator role, then all the members in that group are fleet management administrators in all the child organizations.
From the Account Management web portal, select the parent organization.
Click Groups.
From the Child Organization Access tab, do any of the following:
Click Create Group or Create, and then type a unique group name.
Click Create Group.
Select one or more groups, and then click Delete.
Click Delete Groups.
Click a group name.
From the Members tab, click Add Members or Add, and then select one or more users.
Click Add Members.
Click a group name.
From the Members tab, select one or more users, and then click Remove.
Click Remove Members.
Click a group name.
From the Group Roles tab, click Assign Roles or Assign.
Select one or more roles.
Click Assign Roles.
Click the group name.
From the Group Roles tab, select one or more roles, and then click Remove.
Click Remove Roles.
Organization roles are specific roles assigned to an organization. For more information, see Understanding roles. All users that belong to the organization inherit the organization roles. For example, if an organization is assigned with the Print Release Management User role, then all users in the organization can use the Cloud Print Management feature.
From the Account Management web portal, click Organization > Organization Roles.
Click Assign, and then select one or more roles.
Click Assign Roles.
From the Account Management web portal, click Organization > Organization Roles.
Select one or more roles, and then click Remove.
Click Remove Roles.
Passwords must be at least 8 characters long and contain the following:
A lowercase character
An uppercase character
A number (0–9)
A special character (~ ! @ # $ % ^ & * _ - + = ` | \ ( ) { } [ ] : ; " ' < > , . ? /)
A group is a collection of users that can be managed with a common set of roles or permissions.
The following groups are predefined, and are assigned with specific roles:
Admin
Fleet Management
Help Desk
Reporting
From the Account Management web portal, click Groups.
Do any of the following:
Click Create, and then type a unique group name.
Click Create Group.
Deleting a group does not delete the users from the organization. The users are disassociated from the group, and then the group is removed from the system.
Select one or more groups, and then click Delete.
Click Delete Group or Delete Groups.
Click a group name.
From the Members tab, click Add Members, and then select one or more users.
Click Add Members.
Click a group name.
From the Members tab, select one or more users, and then click Remove.
Click Remove Members.
All users in the group inherit all the roles assigned to the group.
Click a group name.
From the Group Roles tab, click Assign Roles or Assign.
Select one or more roles.
Click Assign Roles.
Click the group name.
From the Group Roles tab, select one or more roles, and then click Remove.
Click Remove Roles.
From the Account Management web portal, click Users.
Do any of the following:
Click Create.
Type the email address, first name, last name, and display name of the user.
Type the department and cost center name where the user belongs.
Set the password manually, or email a link to the user to change the password.
Click Create User.
Click a user email address.
Do any of the following:
Edit the personal information.
Change the user password.
Assign user roles.
Register a badge.
From the Printer Login section, click Edit beside Badge Login.
Add the user to a group.
From the Printer Login section, click Set PIN or Reset PIN.
Enter the PIN, and then click Generate PIN.
Select one or more users, and then click Delete.
Notes:
Click Delete Users.
The Import feature lets you create, update, and delete multiple users in an organization using a CSV or TXT file. You can also create user groups, and then assign a user to those groups.
Click Import Users or Import, and then browse to the CSV or TXT file.
If necessary, email a link to the user to change the password.
Click Import Users.
EMAIL,OPERATION,PASSWORD,FIRST_NAME,LAST_NAME,DISPLAY_NAME,SHORTNAME,GROUPS, CUSTOM_ATTRIBUTES,COST_CENTER,DEPARTMENT jdoe@company.com,CREATE,,John,Doe,Johnny,jdoe,Group 1,"{'key1':'value1','key2':'value2'}" llane@company.com,UPDATE,password2,Lois,Lane,Lois,llane,, ckent@company.com,DELETE,,,,,,,
The import file header line must be the following and is case-sensitive:
.EMAIL—Required for all users. EMAIL values that are in uppercase in the file are converted to lowercase before the operation is performed. For example,
is converted to .OPERATION—Required for all users.
CREATE—Creates a user identified by the EMAIL value with the corresponding properties on the line.
UPDATE—Updates the existing user identified by the EMAIL value with the corresponding properties on the line. You can use the
action string to remove the first name, last name, display name, and shortname.DELETE—Deletes the existing user identified by the EMAIL value.
PASSWORD—Not required for any OPERATION, and can be empty only when “E-mail a link to change the password” option is selected when importing.
FIRST_NAME—Not required for any OPERATION, and can be empty. The first name of the user. For example,
.LAST_NAME—Not required for any OPERATION, and can be empty. The last name of the user. For example,
.DISPLAY_NAME—Not required for any OPERATION, and can be empty. The name of the user that is sometimes used in display prompts or log reports. The DISPLAY_NAME value can be the full name with middle initial or any string. For example,
. The DISPLAY_NAME value is not directly associated with the FIRST_NAME and LAST_NAME values.SHORTNAME—Not required for any OPERATION, and can be empty. The SHORTNAME value is used when the organization has a shortname string that also identifies the user in the organization. For example,
.GROUPS—Not required for any OPERATION, and can be empty. Separate multiple groups by using commas and enclosing them in double quotation marks. For example,
. GROUPS values that do not exist in the organization are created, and then added to the organization automatically.CUSTOM_ATTRIBUTES—Not required for any OPERATION, and can be empty. The CUSTOM_ATTRIBUTES value is a specially formatted JSON string for user metadata that is stored with the user. The value must be enclosed in double quotation marks. For example,
COST_CENTER—Not required for any OPERATION, and can be empty. The COST_CENTER value is used for quota assignments and cost-center-level reporting in the Analytics web portal.
DEPARTMENT—Not required for any OPERATION, and can be empty. The DEPARTMENT value is used for quota assignments and department-level reporting in the Analytics web portal.
Notes:
Assigning user roles gives a particular user access to a particular task or function that is not appropriate to assign as a group or organization role. Groups or organizations that the user belongs to do not inherit the user role. For more information, see Understanding roles.
From the Account Management web portal, click Users, and then click the user e-mail address.
From the Assigned Roles section, click Edit.
From the User Roles tab, click Assign, and then select the roles.
Click Assign Roles.
For more information, see Understanding roles.
From the Account Management web portal, click Users, and then click the user e-mail address.
From the Assigned Roles section, click Edit.
Select one or more roles, and then click Remove.
Click Remove Roles.
The Lexmark Cloud Services website supports federation with an identity service provider (IDP) for authentication. Users can log in to the system using the credentials from their existing accounts.
Notes:
From the Account Management web portal, click Organization > Authentication Provider.
Click Configure an Authentication Provider, and then add the domains.
Configure the single sign-on settings.
Service provider entity ID—The base URI of the IDP of the organization that the Lexmark Cloud Services website can access.
SSO target URL—The single sign-on (SSO) login URL of the IDP Active Directory Federation Services (ADFS) of the organization.
SSO Logout URL—The SSO logout URL of the IDP ADFS of the organization.
SSO name identifier format—The name ID of the IDP ADFS of the organization.
Certificate—A signed certificate from the IDP ADFS of the organization. The certificate is required so that the Lexmark Cloud Services website can determine if it is communicating with the IDP ADFS.
Click Configure Authentication Provider.