Managing users

The user management functionality allows you to manage the users within your tenant and provides the following options:

  • Creating users

  • Assigning user names and set passwords

  • Storing user details

  • Choosing basic login options


The user needs to have a role with the user management permission ADMIN or CREATE to be able to do so.


MindConnect IoT Extension has a Single Sign-On feature. Users should be controlled from MindSphere Settings. For further and additional roles and permissions, you can use MindConnect IoT Extension "Users" and "Roles" tabs in the Account menu in the navigator.

Viewing users

To view all users in your tenant, click "Users" in the Account menu in the navigator.


A user list will be displayed, providing the following information for each user:

  • The user name that is used to access the tenant.

  • The name and email of the user, if set.

  • The global roles assigned to the user.

  • The strength of the password set for the user.

To filter the list, you can use the search field at the left of the top menu bar.

Moreover you can filter by global roles. Select the desired roles from the dropdown list and click "Apply" to limit the users shown in the list to users with the selected roles.

Initially, the User page only shows the top-level users. To see all users in your account at once, click "Expand all" at the right of the top bar. This will expand all top-level users, showing their sub-users. Click "Collapse all" to just show the top-level users again. For details on user hierarchies, refer to Managing user hierarchies.

Creating users

To add a user to your tenant, click "Add user" at the right of the top menu bar.


At the left of the "New user" window provide the following information to identify the user:




Serves as a user ID to identify the user at the system. Note that the username cannot be changed once the user has been created. This field is mandatory.

Login alias

In addition to the user name, an optional alias can be provided to be used to log on. Other then the username, this alias may be changed if required.


Enable/disable the user account here. If the user account is disabled the user cannot login.


A valid email address. This is required to enable the user to reset the password. This field is mandatory.

First name

First name of the user. When the user is logged in, this name appears at the right of the top bar on the User button.

Last name

Last name of the user.


A valid phone number. The phone number is required if the user is configured to use two-factor authentication.

Select the login options for the user.

  • If you select "User must reset the password on next login" you need to provide a password which the user needs to reset on the next login.
    Enter a password and confirm it. While entering the password, the strength of the password will be shown.

  • If you select Send password reset link as e-mail, the user will receive an email message with a link to set a password. The email will be sent to the email address configured above.

On the right of the page, select the global roles for the user. Details on global roles are described in Managing Permissions.

Click "Save" to create the user.


By default, manually created users always have the "Own_User_Management" permissions set to active.

Modifying users

Click the menu icon at the right of a user entry to open a context menu which provides further functionalities.



You need a role with user management permission to perform these options.

  1. Click "Edit" to edit an existing user. All fields except "Username" and "Send password reset link as e-mail" can be modified. For details an each field, refer to "Creating users". Click "Change password" to change the password. After editing, click "Save" to apply your settings.

  2. To copy roles, click "Copy inventory roles" from another user. In the upcoming window, select a user from the list and click "Copy". At the top you can select if you want to merge the roles with the existing user roles (the default) or if you want to replace the existing user roles.

  3. Click "Delegate" to delegate your user hierarchies and permissions to a user, or click "Undelegate" to remove a delegation.

  4. Click "Disable" to disable an active user, or click "Enable" to enable a user that has been disabled.

  5. Click "Delete" to delete a user.