Table of Contents

Managing ENS+ users

Access to the cloud platform can be set up via the user administration.

Navigate to "Setup" and "Users" and create a new user.

Note: Due to releases, there may have been changes in the tool that are not yet shown in the video. (Video version: Q3/2023)

General settings

  • Login: The stored access code must be unique throughout the system.
  • Mail: The password creation link will be sent to this email address. If required, the reports will also be sent here.
  • Mobile: This field is optional.
  • Language: The default display language of the cloud interface can be set here.
  • Role: In general, roles allow to restrict access in two dimensions: functional areas and organizational units. See below for further details.
  • Two factor authentication: Can be switched on and off per user. Per default, the account setting will be used.
  • Can trigger alarm via general activation phone numbers:
    • The user can then call the system phone numbers provided on the home screen or in the tool bar to trigger ANY alarm, which he or she has access to.
    • In order to do so, the user needs to enter his/her user phone ID and a PIN, which will be sent to him/her via email, and then the number of the alarm to be triggered.
  • Opt in or out for email communication: Make sure to enable this button to stay informed about maintenance work, technical issues, and new features. You will only receive an email if you need to take action in the tool to continue triggering your alarms as usual. Additionally, we will present the new features and releases in a webinar once per quarter.
  • Enable/disable access for Users
    • When the toggle is on, the user can log in to the Portal.
    • When the toggle is off, the user cannot log in.
    You can also define two validity dates in advance:
    • Valid from: The date after which the user will gain access to ENS+.
    • Valid to: The date after which the user will lose access.
    ENS+ checks these validity dates every 30 minutes. When a date is reached, the system automatically switches the “Activated” toggle on or off.

For immediate activation or deactivation, use the “Activated” toggle directly. The validity dates are intended for scheduled workflows where activation or deactivation is planned at least a few hours in advance. 

The validity settings apply only to the User. If a User is linked to a Person and the User becomes inactive, the status of the linked Person remains unchanged.In other words, an inactive User can still be associated with an active Person. This means the Person can continue to receive notifications, log in to the App using their Person credentials, and perform all activities they are authorized to do as a Person.
  • Link new person (button at the bottom of the page): This option allows a user to be linked to a new person. In this case, the master data is transferred to the person page. Changing the org. unit of persons created in this way can only be done via the user administration. Currently, it is not supported that a user can be subsequently connected with an already existing person.

Roles

Role designation

There two roles automatically have access to the whole account and all ENS+ functionalities:

Principal

All rights for all functional areas in all organizational units:

  • All configuration rights to create alarms and to create persons and groups.
  • All alarm triggering rights for triggering and stopping an alarm, displaying and monitoring triggered alarms.
  • All setup rights to create users, other organisational units, categories and the file manager
  • All report rights to read reports on alarms and track live reports including feedback from staff members

Auditor

Read only rights for all functional areas in all organizational units

For these roles, access can be restricted on organizational units (which automatically includes their sub-tree):

Organizational unit administrator

  • All rights (read + rights) for all functional areas within defined organizational unit (and subtree)
  • 'Access to chats’ selection provided to define if and how (read and / or write) user can access all chats in the alarm cockpit area 

(Media Gateways also need this role)

Org. unit admin without contact details

  • Like Organizational unit administrator but WITHOUT:
    • Right to access person configuration
    • Contact details of persons (are displayed as ****)

Configuration

All rights (read + write) for the configuration area of the defined organization unit (and subtree)

- Person & Groups

- Alarm configuration

- Information hotline configuration

- Setup: only Categories and File Management

Config auditor

All read rights for the configuration area of the defined organization unit (and subtree):

- Person & Groups

- Alarm configuration

- Information hotline configuration

- Setup: only Categories and File Management

Config groups

All read and write rights for the persons and groups configuration of the defined organization unit (and subtree)

Setup

All read and write rights for the setup (users and organizational structure) of the defined organization unit (and subtree)

Alarm executor

  • Read rights for the alarm configuration and all rights (read and write) in Alarm Cockpit, Reports and Statistics, and Operating Cockpit
  • ‘Access to chats’ selection provided to define if and how (read and / or write) user can access all chats in the alarm cockpit area  

Operating all

  • All rights (read and write) in Alarm Cockpit, Reports and Statistics, and Operating Cockpit - cannot see the alarm configuration
  • ‘Access to chats’ selection provided to define if and how (read and / or write) user can access all chats in the alarm cockpit area  

Report

Read rights for:

- Alarm cockpit: Alarm monitor, Chat

- Operating cockpit: News feed, Visualizer

- Reports & Statistics

For this role, access can be fine-tuned and only granted for very specific entities

Group duty coordinator

Assign and unassign persons (from the selected org. unit and subtree of the user) to and from:

  • particular duty rosters
  • particular alarms of various org. units

Roles that are only relevant if the according module is part of your account

Lone worker dashboard

Read access to the Lone worker dashboard and news feed

Conference_Plus

Access to the conference board and people

Incident_Management

Access to the ENS+ Incident Board (which is different from FACT24 CIM)

Team restriction
In case the Incident board is active, users can be assigned to particular teams. This option will only be shown if the user has access to the alarm cockpit.

Incident_Task

Access to assigned tasks of an incident.

If you use FACT24 CIM in addition to FACT24 ENS+, you can add CIM roles in addition to the above ENS+ only roles. Note that if you select "CIM only" in the upper part of the configuration, this user will only have access to FACT24 CIM and won't be able to access any ENS+ functionalities. For more information about FACT24 CIM, there will be a separate help section for it coming soon.

Assign multiple roles to a user

On the User page, you can assign multiple roles to a user and define the scope of each role.

The scope determines the part of the enterprise where the specific role is valid.

Available scope options:

  • whole enterprise
  • own organization
  • own organization and subtree

If a user has multiple roles, only one role can be active at a time. This means you need to switch between roles when you want to use the permissions associated with another one.

You can switch roles in two ways:

  • On the User page by moving the “Active” indicator (dot) to another line.
  • By clicking the person icon in the top-right corner of the screen. This opens a list of your available roles, shows which one is currently active, and allows you to switch to another role with a single click.

There are three roles for which the scope is fixed and cannot be changed:

  • Principal and Auditor - both of these roles always have the scope “Whole organization.”
  • CIM Only has always the scope “Own organization and subtree”

Your active role determines what you can access on the Portal, even if you log in through the FACT24 App or you access the Portal features through the API. (Portal functions can be accessed in the App via the Portal Access button.)

Access right for role change

In order to avoid that a user can change the own role and org. unit, you can restrict access to read or write or neither for the roles: 

  • Principal
  • Setup
  • Org. Unit Admin
  • Org. Unit Admin without contacts

IT Admin

To login to the SSO Extension Service, a user needs to have IT-admin privileges. Once the IT-Admin permission is turned on, please log out of ENS+. You can access the SSO Extension Service with the following URL: https://login.fact24.com/clientmanager/web/

Please login with the IT-admin user you just configured to access the service.

Export users

Select all the users you want to export and add a description to the export.

This CSV/XLSX export can then be found in the Download Center in the “Users” tab.

How did we do?

Creating your organizational structure

Contact