Version: Current

Users

Overview

A User represents an individual who can access and interact with the AI Command Center based on assigned roles and permissions.

The AI Command Center supports multiple authentication providers. How users are created and managed depends on the selected authentication type:

Supported Authentication Providers

Basic Authentication - Users are created, managed, and authenticated locally within the AI Command Center. - Administrators can manually add, edit, disable, or delete users.
LDAP Authentication - Users are synchronized from an external LDAP directory (for example, Microsoft Active Directory). - User creation and updates are managed in the directory, not in the AI Command Center.
Azure Active Directory Authentication - Users are synchronized from Azure Active Directory using OAuth / OpenID Connect. - User lifecycle management is handled in Azure AD.

Additional authentication providers may be supported in future releases.

You can manage users from Administration > Users. The Users page displays all users available to the system, regardless of how they were sourced.

User Synchronization Behavior

For authentication providers other than Basic Authentication, the AI Command Center relies on periodic user synchronization.

How Synchronization Works

The system periodically synchronizes users from the configured LDAP or Azure AD provider.
During synchronization, the system: - Imports new users from the external directory - Updates existing user attributes (such as name, email, or status) - Reflects enable/disable changes made in the identity provider

Important Notes

Users are not manually created in the AI Command Center for LDAP or Azure AD authentication.
All user creation, modification, and removal must be performed in the source identity provider.
The AI Command Center acts as a consumer of identity data, not the system of record.
Roles, groups, licenses, and automation permissions are still managed within the AI Command Center.

Default Administrator

The user specified during AI Command Center deployment is created as the Default Administrator.

This user cannot be deleted or replaced.
The Default Administrator always retains administrative privileges.
This account is used to log in immediately after installation and to complete initial system configuration.

User operations depend on assigned permissions.

Option	Description
View	View user details in read-only mode.
Edit	Modify locally managed user details (for example, roles).
Disable	Disable the user and prevent access to the AI Command Center.
Delete	Permanently remove the user from the system (available only with Basic Authentication).
Assign Apps	Manage application licenses assigned to the user.
Audit	View audit logs related to the selected user.

note

For LDAP and Azure AD users, identity attributes are read-only and synchronized from the external provider.

Adding Users

Basic Authentication

For Basic Authentication, users are created manually in the AI Command Center.

Navigate to Administration > Users.
Click Add User in the toolbar.
Enter the user details.
Assign roles.
Click Add.

LDAP / Azure AD Authentication

For LDAP and Azure AD authentication:

Users cannot be created manually from the Users page.
Users appear automatically after the next synchronization cycle.
Administrators assign roles, groups, and licenses after synchronization.

User Details

Each user includes the following properties:

Property	Description
Username	Unique identifier from the authentication provider.
Password	Used only for Basic Authentication.
Email Address	Used for system and process notifications.
First Name	User’s first name.
Last Name	User’s last name.
Manager	Reporting manager, if available from the provider.
Department	User’s department, if available.
Roles	Roles directly assigned within the AI Command Center.

Inherited Roles

Users may inherit roles from group memberships.

Roles assigned to a group are automatically granted to all group members.
Inherited roles are read-only at the user level.
To revoke an inherited role: - Remove the user from the group, or - Remove the role from the group.

Editing a User

Locally managed attributes (roles, licenses, groups) can be edited.
Identity attributes synchronized from LDAP or Azure AD are read-only.

Removing and Disabling Users

Removing Users

Only supported for Basic Authentication users.
Removed users have their resources transferred to the Default Administrator.

Disabling Users

Supported for all authentication types.
Disabling a user: - Prevents login - Disables triggers and buddies - Releases client licenses back to the pool

Managing Application Licenses

Client licenses can be managed for both synchronized and local users.

Select the user.
Choose Assign Apps.
Enable or turn off licenses as needed.
Click Apply.

Importing Users

The Import Users feature applies only to Basic Authentication users.

LDAP and Azure AD users must be imported via synchronization.
Importing users from CSV is not supported for externally managed authentication providers.

The import process runs asynchronously and is tracked through Background Jobs.

Permission Requirements

Only users with the Add User permission can import users from a CSV file.

File Requirements & Preparation

⚠️ Important: For a successful import, the CSV file must strictly conform to the system-defined template.

Do not modify column headers Column headers must exactly match those provided in the template. Renaming, removing, or reordering headers will cause the import to fail.
Always use the latest template Download the template from the Import dialog before preparing your file to ensure compatibility with the current system version.

Field Specifications & Validation Rules

The table below describes the supported fields and validation rules. Rows that do not meet these requirements are skipped during processing.

Field Name	Mandatory	Max Length	Format / Rules
User Name	Yes	100	Must start with a letter or number. Allowed characters: `A–Z`, `0–9`, `@`, `_`, `-`, `.`
First Name	Yes	50	Cannot be empty.
Last Name	Yes	50	Cannot be empty.
Email Address	Yes	320	Must be a valid email address (for example, `name@domain.com`).
Roles	No	N/A	Multiple roles must be separated by a semicolon (`;`).
Groups	No	N/A	Multiple groups must be separated by a semicolon (`;`).
Other Fields	No	N/A	Optional fields supported by the template.

Processing Logic & Behavior

1. Password Generation & User Notification

Passwords are not required in the CSV file.

Automatic Password Generation The system generates a secure, temporary password for each user successfully created.
Email Notification After account creation, the user receives an email containing:
Their temporary password
A link to reset the password immediately

2. Error Handling (Fault-Tolerant Processing)

The import process is designed to be fault-tolerant.

Row-Level Validation If a row contains invalid or missing data, that row is skipped.
Continued Processing Invalid rows do not stop the import job. All remaining rows continue to be processed.
Detailed Reporting Skipped or failed rows are recorded in the final import report along with specific error messages.

You can correct the failed rows and re-import only those rows, without reprocessing the entire file.

3. Cancellation & Batch Processing

Import jobs are processed in batches.

You may cancel an import job while it is in the Processing state.
Cancelling a job:
Stops processing of future batches
Does not roll back users that were already created

Example: If 50 out of 100 users have already been imported when you cancel the job, those 50 users remain active in the system. Any cleanup (if required) must be performed manually.

How to Import Users

Navigate to the Users page.
Click the Import button in the top toolbar.
The Import Users from CSV dialog appears:

Download Template Download the official CSV template and populate it with user data.
Select File Upload the completed CSV file.

Tracking Import Progress (Background Jobs)

Once the import starts, the Background Jobs panel opens on the right side of the screen. This allows you to monitor progress without interrupting other work.

Each job displays:

Status – Queued, Processing, Completed, Failed, or Cancelled
Timestamp – Date and time the job was initiated
Search – Quickly locate historical import jobs

Viewing Import Reports

After the import job completes or is cancelled:

Locate the job in the Background Jobs panel.
Click View Report.
Review the summary, which includes:

Total users successfully created
Failed or skipped rows
Detailed error messages for each failure

Overview​

Supported Authentication Providers​

User Synchronization Behavior​

How Synchronization Works​

Important Notes​

Default Administrator​

Context Menu Options for User Entity​

Adding Users​

Basic Authentication​

LDAP / Azure AD Authentication​

User Details​

Inherited Roles​

Editing a User​

Removing and Disabling Users​

Removing Users​

Disabling Users​

Managing Application Licenses​

Importing Users​

Permission Requirements​

File Requirements & Preparation​

Field Specifications & Validation Rules​

Processing Logic & Behavior​

1. Password Generation & User Notification​

2. Error Handling (Fault-Tolerant Processing)​

3. Cancellation & Batch Processing​

How to Import Users​

Tracking Import Progress (Background Jobs)​

Viewing Import Reports​