User Self-Registration and Resource Entitlements

  • 26 August 2022
  • 0 replies
  • 191 views
Robert Plamondon
Rank
Userlevel 4

User Self-Registration and Resource Entitlements

 

Last updated on December 6, 2023 by Robert Plamondon

Contents

What is Self Registration?

 

Members of your organization can sign themselves up for Workspot access by using the first-time user (FTU) process from a Workspot Client using their email or UPN as their user identifier and authenticating via email, AD, Azure AD, or another authenticator configured for your Workspot deployment.

Once registered, they receive access (entitlements) to Workspot desktops and apps as configured in Workspot Control. Entitlements are typically based on AD group membership.

With self-registration:

  • The Workspot administrator doesn't need to do anything on a per-user basis. Users register themselves.
  • The user doesn't exist in Workspot Control until they perform self-registration.

From the user's point of view, this is all invisible. Once they register via the Workspot Client, they are presented with an appropriate set of Workspot resources, typically a single Workspot desktop, but possibly multiple desktops and apps.

From the administrator’s point of view, management is largely automated:

  • If a new user is added to an AD group that’s tied to Workspot entitlements, the user is automatically entitled to the group’s Workspot resources.
  • If a user’s AD account is deleted or suspended, their Workspot resources are revoked.
  • If a user is moved from one AD group to another, their entitlements shift accordingly, receiving the entitlements for their new group membership and losing the entitlements of the old.
  • Note that these actions are based on polling and are not instantaneous.

 

Configuring Self-Registration

 

 

Self-Registration options are configured in Workspot Control under "Setup > Configuration > Registration and Authentication." With Active Directory authentication, users can self-register through:

  • Directory Services (signing in with a username and password).
  • An email with a verification code.
  • Their choice of either method.
  • Neither method (that is, self-registration is disabled).

Additionally, for deployments handling different email/UPN domains, self-registration can be enabled or disabled on a per-domain basis further down in the "Setup > Configuration" page:

 

 

 

The "Group" column lets you choose which Workspot group to place self-registered users in. This is normally based on AD group membership but can be set to a fixed Workspot group instead.

 

Assigning Workspot Resources to Users

 

Workspot resources (entitlements) are assigned to users indirectly, via their group assignments. This is done in Workspot Control in the Add/Edit Groups page under "Users > Groups > Add Group" or "Users > Groups > groupname."

 

 

The group fields relevant to entitlements are:

  • Use AD Group: If yes, assign users to this group based on their AD group membership. If no, assign users manually from their Workspot User pages.
  • AD Group: Select the AD group membership to map to this Workspot group. 
  • App Bundle: Members of this group are entitled to use the Workspot apps, if any, in the selected bundle.
  • Security Policy: Not directly related to entitlements, but places restrictions on allowed actions when using them. See Control: Security Policies.
  • Desktop Pools. Members of this group are entitled to a desktop in each of the specified pools.

Assigning Entitlements on the User Details Page

 

Entitlements can also be assigned to individual users on the User Details page (at “Users > username”). Individually assigned entitlements can also be revoked her, but group entitlements can’t be taken away on the User Details page.

The page also shows the user’s current Workspot resources.

 

Tips

 

  • Remember that an entitlement is not the same thing as a resource (or a license). A user who entitled to a desktop won’t actually receive one until signing into a Workspot Client and clicking the desktop icon (or, if autolaunch is enabled, just by signing into the Client). On the other hand, if all the Workspot licenses have are already in use, new users who are entitled to resources will find that none are available when they try to use them.
  • If you find yourself frequently assigning entitlements to individual users, consider creating new AD groups and managing entitlements that way.

 

Troubleshooting

 

User has unexpected desktops/apps (or none)

Usually this means that the user is assigned to the wrong Workspot group. Start with the user's profile page in Workspot Control ("Users > username"). See the screen capture below:

  • "User AD Group(s)" should have a non-null list of AD group memberships.
    • If not, check the user's AD group memberships on your domain controller. If they don't belong to the desired AD group, add them.
    • If the user's AD group memberships have changed within the last 24 hours, refresh their entitlements as described above.
  • "Selected Group Name" should be the Workspot group you wanted the user to be assigned to.
  • If the correct group is listed in "User AD Group(s)" but not selected in "Selected Group Name," Control's group precedence list may be in the wrong order. This is under "Users > Groups > Precedence Order." Reorder the list to give the desired results.

 

 

 

 

 

     © 2022 Workspot

0 replies

Be the first to reply!

Reply


Terms & ConditionsCookie settings