ITM On-Prem Web Console Users

ITM On-Prem (ObserveIT) administrators are also known as Console Users. Console Users can log on to the ITM On-Prem Web Console and view recorded sessions and other information, as well as make configuration changes based upon their role.

Console Users can be granted Admin, View-Only Admin, or Config Admin roles, and given permissions on specific servers, groups of servers, or individual users, based upon the organization's requirements. This allows the administrator to grant granular replaying access control permissions for specific security managers or auditors (for example, to be allowed to view servers only in the “SQL Servers” server group, or to be allowed to view sessions only for a limited scope of users).

The Admin role has the highest permissions with full control over all the management features of ObserveIT. An Administrator can make changes to the ITM On-Prem (ObserveIT) configuration, and is allowed to view all session recordings. This is the default role.
The View-Only Admin role can view session recordings, but does not have access to ITM On-Prem (ObserveIT) configuration options.
The Config Admin role allows administrative access to the Web Console without the ability to review user activity logs or screen recordings. Config Admin users can access specific configuration areas, and can manage other Config Admin user accounts.
Alerts Analyst: This role can access Alert & Prevent Rules and Lists and view session recordings, but cannot gain access to any other ITM On-Prem (ObserveIT) configuration options.
Settings Admin: This role can see all users and their permissions, but can create or delete only "Settings Admin" users. Settings users are unable to view session recordings, Alert & Prevent Rules and Lists.

Different levels of access can be defined for specific users or user groups. Console users can be granted permissions to view recorded sessions on one or more endpoints (on which the ITM On-Prem (ObserveIT) Agent is installed), endpoint groups, individual users (domain\user), or Active Directory groups. These permissions are given to users based on their defined role.

You can create either additional Local Console Users (which will be created in the ITM On-Prem (ObserveIT) Database) or additional Active Directory-based Console Users (if an LDAP Target has been established).

Console Users can also be configured to receive email notifications about system events.

The entire configuration process is done through the Configuration > Console Users page of the Web Console.

The following topics in this section describe how to: