Manage Users in the Dashboard

The Invictus Dashboard allows you to access the application with many user accounts. These can be local users, managed by Invictus itself; or Entra ID users, managed by your Azure tenant.

recommended

Use Entra ID users over local users for security reasons.

Entra ID

👤 Requires membership of a synced Entra ID group.

You can configure the Invictus Dashboard to use existing users in Microsoft Entra ID groups. This removes the need to work with local Dashboard users.

Add an Entra ID user to the Dashboard

Microsoft Entra ID users can sign in automatically into the Invictus Dashboard if that user is part of a synced group into the Dashboard.

requires role

Make sure that the group has a role assigned, otherwise the Dashboard will be unusable for the user.

Delete an Entra ID user from the Dashboard Only Admins

To delete a user click on the delete icon next to the user in the user list.

👀 You can distinguish linked Entra ID users as they don't have a personal role assigned. The Dashboard determines the role by the group the user is a member of.

Edit an Entra ID user's role in the Dashboard Only Admins

Entra ID users don't have personalized roles that allow them to access certain flows in the Dashboard. The Dashboard determines the user role by the Entra ID groups where the user is a member of. If the groups has access to the flow, so will the user.

Configure forgot password procedure Only Admins

Before you can use the forgot password feature, you need to create an Microsoft Entra ID application registration and set it up with the Mail.Send API permissions. The OAuth 2.0 flow requires this to send emails securely.

warning

Please note that the permission granted allows any email address within the organization to be used as the sender.

Local

Local users are entirely managed by the Invictus Dashboard. You can assign personal permissions and delete them at anytime.

Add a local user to the Dashboard Only Admins

Local users can have a role assigned.

Delete a local user from the Dashboard Only Admins

You can distinguish local users as they have a personal role assigned.

Edit a local user's role in the Dashboard Only Admins

Local users can have a role assigned.

Configure forgot password procedure Only Admins

For local users to allow them to run the 'Forgot password' procedure, configure the following details to use to correct email server.

Forgot password setting	Description
Host	The host address of the email server from which the sender account originates. For instance, if it's a Gmail email account, the host should be "smtp.gmail.com".
Port number	The port number for the email server from which the sender accounts originates, default is 587.
Email key vault key	The Azure Key Vault secret name where you stored the sender email address (points to the Key Vault resource accompanied with the Invictus installation).
Password key vault key	The Azure Key Vault secret name where you stored the sender email password (points to the Key Vault resource accompanied with the Invictus installation).
SSL Enabled	It's recommended to enable SSL, as major email providers often require this setting.

Unlocking a user in the Dashboard Only AdminsNew since v6.3

Users gets locked out if they try to sign in too many times with wrong credentials. System admins can unlock these users by clicking on the button of the user in the list.