Add and Manage Users on Mac Devices

In contrast to mobile phones, personal computers (PCs) are structured as user-based systems, with user accounts used for logging in and logging off from the devices. The IT Admins require the capability to remotely add and manage these accounts on the devices.

Although we have scripts available to regulate various aspects of user account management, the process involved in the creation of a user account may pose a challenge for an average IT administrator. Furthermore, the inconvenience arises from the need to publish a script to a profile or group. To mitigate these issues, Scalefusion now provides efficient utilities at the device level, enabling IT administrators to directly and quickly add users as well as take other actions on them.

This document explains the process of adding and managing users on Scalefusion-managed macOS Devices, at the device level.

Before You Begin

1. Mac Device should be enrolled with Scalefusion
2. Scalefusion MDM Client's (agent app for Mac) latest version should be installed on the devices with Full Disk Access and Notification permissions granted.
3. Supported OS: macOS 10.15 or above
4. Users should be subscribed to Enterprise or Business Plan

Adding User(s)

1. Login to Scalefusion Dashboard and navigate to Devices Section
2. Click on View Details under the device for which you want to add users. This will take you to the Device Details page.
3. Scroll down and click on User Accounts tab.
4. To add user, click on Add User.
5. The Add User dialog box will be displayed. Here, enter the following:
   1. User Name: Enter Username
   2. Password: Enter password. Minimum password length should be 4 characters
   3. Group: Select the group to which this user belongs, either Standard or Admin
   4. Hide Account from Logon list: Checking this box will hide the username from the login screen.
   5. Click on Add. The user will be created and displayed on Dashboard.
      If a user with the same name already exists, a message will be displayed asking you to choose a different name.

      

Managing Users

Clicking on Add creates the user on the device.

On the Dashboard, the user is displayed with following details:

1. User Name: The user account name.
2. Group: The group the user belongs to.
3. Actions: Few actions can be taken on the users added. These are explained in next section.

Actions on Users

When you add a user from dashboard, an hourglass will be displayed in front of the username, under actions indicating it is not yet acknowledged by the agent. In other words, it is in the process of creation.

Once acknowledged, the following actions can be performed:

1. View User Account Information: Click on the info (i) icon under Actions.
   This will bring up a new window displaying all the information on the user. Following details for the user will be displayed:
   1. Full Name 
   2. Username
   3. Generated UID
   4. UID
   5. GID
   6. Group Type: Displays Standard, Admin, Unknown 
   7. Is Hidden
   8. Has Secure Token
   9. Shell
   10. Account Type: Displays Local, Mobile, Managed Local (managed local is shown if there is an email value)
   11. Is Enrolled User
   12. Created At
   13. Last Updated At
   14. Home Directory
   15. Managed Email
   16. Apple ID
   17. Has Password
   18. Password Last Set At
       
       
       
2.   Reset Password: Allows you to reset the password for the user account. To reset,
   1. Click on the key icon.
      
   2. This will open the Password Details dialog box. From here, you can view the current password and reset the password if required.
   3. Click on the eye icon to view the current password.
   4. Enter new password in the password field.
   5. Administrator Account Credentials: Provide admin credentials of a local administrator account which is secure token enabled. The user accounts added from Dashboard initially, are not secure token users.
   6. Click on Reset.
      If passcode policy is set, please ensure that the new password meets the policy requirements. Same applies while adding a new user also.

      
      
      

3. Edit Group: Use this option to change the group to which the user belongs, from Standard to Admin or vice-versa. To edit,
   1. Click on the Change Group icon.
      
   2. In the dialog box that opens, select the group from the drop-down and click on Change Group.
      
      
4. Delete User: Deletes the user from the device. Deleting the user will remove all the user-specific data and apps like user-specific downloads, photos or documents and, more specifically, the user directory. Please note it will not delete files or apps stored at a device level or common location shared across users. Clicking on Delete will bring up a confirmation dialog box. Click on the Delete button to delete the user.
   
   
   
5. Hide/Unhide User Account: This will hide the user account. To hide, click on the eye icon. This will open a confirmation box, click Ok, and the account will not be visible on the device. Any account, once hidden, can also be unhidden with the same process.
   
   All the actions will be executed on device when it is:
   -On
   -Online
   -Not in sleep mode

Add users in Bulk

Users can also be added in bulk from Device Groups / User Groups section. To do so,

1. On Scalefusion Dashboard, navigate to Groups > Device / User Groups > Devices
2. Click on Actions > General > Add a new User
3. Under this, there will be two options. Click on any one:
   1. Include Subgroups: The user account is added to devices in subgroups also.
   2. Only this Group: The user account is created on devices belonging to this group only, excluding subgroups
4. In the dialog box that opens, select the Platform on which you want to add the user:
   1. All macOS devices
   2. All Windows Devices
   3. Check both if you want to add to both (a) and (b) above
   4. Enter the rest of the details (same as in the Add Users dialog box explained in the above section)
5. Click on Add 
6. A confirmation dialog box will be displayed. Click on OK. Please note the user will not be added to devices on which Scalefusion MDM Client is not installed.

Reports

1. From Device Inventory Report, you can fetch the following information on Users:
   1. Total User Accounts
   2. Total Admin Accounts
   3. Total Standard Accounts
   4. iTunes Account ID
2. For information on users across all devices, you can use Device User Accounts report.