Adding a contact

Select the new contact's Title, and enter the first name and surname. The Full name field is automatically populated.

Select the Contact type from the drop-down list.

Optionally, enter further details for the contact, including the job title, department, and address.

Enter a telephone number, email address, or both. It is recommended that you provide at least one form of contact that Support can use if required.

Select a preference for each contact method, to inform Support of the preferred order in which to attempt each contact method.

Click Submit.

Adding logon details

To assign logon privileges to the contact you just created:

In the User name field, click the hyperlink in No user name. Click here to add one. This opens the Add User Name screen.


	Note You can also access this screen by clicking the contact's logon ID in the User Name column on the main Contacts screen.

By default, the email address is used as the contact's logon ID. To change this, edit the User Name field.

Enter and confirm a password for the user.

You can type a password for the user and confirm it. Alternatively, if you want to automatically generate a password that complies with the password policy, click Create a password for me. The password, which meets the stated password policy, populates into the Password field.

Define when the user's password should expire. By default this uses the expiration settings defined as part of your account's password policy (see Password expiration limit).

To force the user to change the password when they log on, mark Change password next log on. This is recommended.

When the user first logs on, a screen is displayed giving them 8 days to select a password question from the list provided and enter an answer. This password question and answer is used if the user later forgets their password (see Forgotten passwords). If the user does not set a password question within the 8-day limit, they are forced to do so at their next logon


	Note If you have enabled two-factor authentication for a user, this page can be used to reset authentication for users who have been locked out, or who are unable to use their authenticator app. Click Reset beside the Two-factor authentication label to require the user to configure authentication again. See Two-factor authentication. This page also displays the date and time of the user's last successful and unsuccessful logon, if available.

Configuring permissions

By default, all rights are assigned to the master user (the initial contact established in your account, with super administrator privileges). When the master user creates a new user, by default only the View All Reports permission is assigned to that account. This is the minimum permission a user needs to be able to log on; it grants permissions over only the Reporting tab on the main menu bar.

We provide flexible users' rights so you can create a hierarchy of administrators. For example, much of the functionality accessed from the portal is useful for help desk agents to aid with problem isolation; but they do not necessarily require control over policy configuration.

Likewise, you should assign Directory Synchronization privileges to the contact you set up for the Directory Synchronization Client (see Set up authentication (Directory Synchronization only)), but no-one else should need this privilege.

Permissions are granted at an account and policy level. This lets you create multiple policies, and administrators can control their own policy but no one else's.


	Note Visibility for some account and policy permissions depends upon the permission being assigned to your administrator account. If your administrator account does not have full account level permissions, you are only able to view or modify settings for policies you have been explicitly given permissions to. For example, full account level permission is required to access the Global Custom Category list.

To modify an administrator user's permissions:

On the Account > Contacts page, click the name of the user whose permissions you want to edit in the User Name column of the Contacts table (not the Full Name column).

Click Edit.

Under Account Permissions, mark or clear check boxes to add or remove permissions.

Refer to the list below for more information about each permission set.

Use the Policy Permissions table to add or remove policy, audit trail, and related permissions.

Refer to the list below for information about each permission set.

To refine policy-level permissions, click Advanced.


	Note The Advanced button does not show for contacts with Manage Users permissions, because their selected permissions will apply to all policies.

Use the Group Filtering for Cloud Web Reporting options to restrict reporting access to selected groups.

When you select one or more groups, only the users in those groups are visible in the reports that the selected administrator can run.

Group filtering can be combined with the View Filtered Reports option for a Web policy: for example, a user can view only reports that apply to the IT and Engineering groups in the Default policy.


	Note The Group Filtering for Cloud Web Reporting option may not be enabled in your account.

When you are finished, click Save.

The following are account-level permissions:

Manage Users: view, create, edit, and remove user logons and permissions

Directory Synchronization: synchronize an LDAP directory with the cloud service

View All Reports: run all reports associated with the licensed services

View Data Security Reports: view data security reports, which may or may not contain incident forensics and trigger data, depending on your privacy protection settings

Manage edge devices: configure edge devices in the network that connect to the cloud service (see Managing Network Devices)

Log Export: export SIEM data when using Forcepoint storage (see Running the SIEM log file download script for Forcepoint storage) or download full traffic logs, if Full Traffic Logging is available for your account (see Configure Full Traffic Logging settings)

The following web permissions can be assigned at an account or policy level:

Modify Configuration: modify all options within Account Settings except users' logons which requires Manage Users permissions (required to access the Neo management portal)

View Configuration: view all configurations within Setup, without the ability to make changes

View Configuration Audit Trail: access and search the policy setup audit trail

View Filtered Reports: view only reports that can be filtered by the specified policy or policies (not available if View All Reports is selected)


	Note The View Filtered Reports and View Data Security Reports options may not be enabled in your account.

Users with any of these permissions can access the web service non-policy-specific configuration options.


	Note If users are logged on to the portal when their permissions are changed, the changes do not take effect until they log off and then log on again.