Add and Manage Users on Mac Devices

In contrast to mobile phones, personal computers (PCs) are structured as user-based systems, with user accounts used for logging in and logging off from the devices. The IT Admins require the capability to remotely add and manage these accounts on the devices.

Although we have scripts available to regulate various aspects of user account management, the process involved in the creation of a user account may pose a challenge for an average IT administrator. Furthermore, the inconvenience arises from the need to publish a script to a profile or group. To mitigate these issues, Scalefusion now provides efficient utilities at the device level, enabling IT administrators to directly and quickly add users as well as take other actions on them.

This document explains the process of adding and managing users on Scalefusion-managed macOS Devices, at the device level.

Before You Begin

1. Mac Device should be enrolled with Scalefusion
2. Scalefusion MDM Client's (agent app for Mac) latest version should be installed on the devices with Full Disk Access and Notification permissions granted.
3. Supported OS: macOS 10.15 or above
4. Users should be subscribed to Enterprise or Business Plan

Adding User(s)

1. Login to Scalefusion Dashboard and navigate to Devices Section
2. Click on View Details under the device for which you want to add users. This will take you to the Device Details page.
3. Scroll down and click on User Accounts tab.
4. To add user, click on Add User.
   
5. The Add User dialog box will be displayed. Here, enter the following:
   1. User Name: Enter Username
   2. Password: Enter password. Minimum password length should be 4 characters
   3. Group: Select the group to which this user belongs, either Standard or Admin
   4. Hide Account from Logon list: Checking this box will hide the username from the login screen.
   5. Click on Add. The user will be created and displayed on Dashboard.
      If a user with the same name already exists, a message will be displayed asking you to choose a different name.

      

Managing Users

Clicking on Add creates the user on the device.

On the Dashboard, the user is displayed with following details:

1. User Name: The user account name.
2. Group: The group the user belongs to.
3. Actions: Few actions can be taken on the users added. These are explained in next section.
   

Actions on Users

When you add a user from dashboard, an hourglass will be displayed in front of the username, under actions indicating it is not yet acknowledged by the agent. In other words, it is in the process of creation.

Once acknowledged, the following actions can be performed:

1. User Details: Click on the info (i) icon under Actions. This will bring up a new window displaying all the information on the user. Following details for the user will be displayed:
   1. Full Name 
   2. Username
   3. Generated UID
   4. UID
   5. GID
   6. Group Type: Displays Standard, Admin, Unknown 
   7. Is Hidden
   8. Has Secure Token
   9. Shell
   10. Account Type: Displays the following: 
       1. Local 
       2. Mobile 
       3. Managed Local : Managed local is shown if there is an email value
       4. ADE Admin: The admin accounts created via macOS Prestage Setup reflect as ADE Admin. This account cannot be changed to a standard user or deleted.
       5. Global Admin: The admin accounts created by enabling Create Admin Account from Utilities > Global Settings > Apple Settings or from Device Profile (Scalefusion Agent Settings)
   11. Is Enrolled User
   12. Created At
   13. Last Updated At
   14. Home Directory
   15. Managed Email
   16. Apple ID
   17. Has Password
   18. Password Last Set At
       
       
       
2.   Reset Password: Allows you to reset or change the password for the user account. To reset or change,
   1. Click on Reset Password.
   2. This will open the Password Details dialog box. From here, you can view the current password and reset the password if required.
      
      The current password will be visible in case it is a Global Admin or ADE user. For any other user N/A will be displayed
      
      
   3. Click on the eye icon to view the current password.
   4. There are two options Change Password and Reset Password. 
      1. Change Password: Choose this option if you are aware of the current password of the user. This will also change the password of the login keychain
      2. Reset Password: Choose this option if you are not aware of the current password of the user. Here, you need to provide account details of a secure token user. This will change the password of the local account only and not the keychain.
   5. Administrator Account Credentials: Provide admin credentials of a local administrator account which is secure token enabled. The user accounts added from Dashboard initially, are not secure token users.
   6. Click on Reset.
      If passcode policy is set, please ensure that the new password meets the policy requirements. Same applies while adding a new user also.

      
      

3. Edit Group: Use this option to change the group to which the user belongs, from Standard to Admin or vice-versa. To edit,
   1. Click on the Change Group icon.
   2. In the dialog box that opens, select the group from the drop-down and click on Change Group.
      
      Group cannot be changed if the account type is Global Admin or ADE Admin
      
      
      
      
4. Delete User: Deletes the user from the device. Deleting the user will remove all the user-specific data and apps like user-specific downloads, photos or documents and, more specifically, the user directory. Please note it will not delete files or apps stored at a device level or common location shared across users. Clicking on Delete will bring up a confirmation dialog box. Click on the Delete button to delete the user.
   
   
5. Hide/Unhide User Account: This will hide the user account. To hide, click on the eye icon. This will open a confirmation box, click Ok,and the account will not be visible on the device. Any account, once hidden, can also be unhidden with the same process.
   All the actions will be executed on device when it is:
   -On
   -Online
   -Not in sleep mode
6. Add/Remove Secure Token: This will add or remove Secure Token access to an account. The Secure Token option will display as either Add Secure Token or Remove Secure Tokendepending on the current status of the account. Click the appropriate icon to open the dialog.
   1. Current Secure Token Status: Displays the current status of the secure token for the account (ON or OFF).
   2. Current Account Password: Enter the current password for the user account. If the password is already saved, it will be displayed in the text field.
   3. Secure Token Account Credentials:
      1. User Name: Select the username of the secure token-enabled local account.
      2. Password: Enter the password for the secure token account.
   4. Click on the button Add/Remove Secure Token
      
7. Unlock Account: User Accounts get locked if incorrect password is entered multiple times. With this option you can unlock such accounts.

Add users in Bulk

Users can also be added in bulk from Device Groups / User Groups section. To do so,

1. On Scalefusion Dashboard, navigate to Groups > Device / User Groups > Devices
2. Click on Actions > General > Add a new User
3. Under this, there will be two options. Click on any one:
   1. Include Subgroups: The user account is added to devices in subgroups also.
   2. Only this Group: The user account is created on devices belonging to this group only, excluding subgroups
4. In the dialog box that opens, select the Platform on which you want to add the user:
   1. All macOS devices
   2. All Windows Devices
   3. Check both if you want to add to both (a) and (b) above
   4. Enter the rest of the details (same as in the Add Users dialog box explained in the above section)
5. Click on Add 
6. A confirmation dialog box will be displayed. Click on OK. Please note the user will not be added to devices on which Scalefusion MDM Client is not installed.

Reports

1. From Device Inventory Report, you can fetch the following information on Users:
   1. Total User Accounts
   2. Total Admin Accounts
   3. Total Standard Accounts
   4. iTunes Account ID
2. For information on users across all devices, you can use Device User Accounts report.