# Modular user management You and your team want **secure** and sustainable access to your IoT solution, with **full insight** and **control**. To achieve this, assigning the right roles and permissions is essential. To achieve this, assinging the right roles and permissions is done in **GRIP**. This **Identity and Access Management** platform is developed by KPN, specifically designed for Business Users. It enables organizations to **securely** and **efficiently** manage access to their applications and services. To assign roles, you must be an **admin** of the account. As an administrator, you can add or remove users and configuratie roles and permissions for your services. ### Before you start To manage users and roles, you need **admin rights** * **Already an admin?** Great! Let’s get started! * **Not an admin yet?** Ask your organization’s **administrator** to grant you admin rights\ Not sure who that is? [Contact](https://docs.kpnthings.com/kpn-things/the-portal-explained/support/contact-info) us and we’ll help you out ## Access the User Management section You can access **GRIP** in **three ways**. 1. Via [KPN Things Portal](#log-in-with-kpn-things-portal) 2. Via [MijnKPN Zakelijk](#log-in-with-mijnkpn) 3. Via [direct link](#log-in-using-the-direct-link) ### Via KPN Things Portal {% stepper %} {% step %} 1. Go to [portal.kpnthings.com/manager](https://portal.kpnthings.com/manager) or go to [KPN Things Portal](https://portal.kpnthings.com) and click on **Things Manager** 2. Click on your **Company** in the menu 3. Click on **User Profiles** under Account

{% endstep %} {% step %} Click on the **Manage Users** link shown above the users overview.

{% endstep %} {% step %} For **documentation** about how to manage users click [here](#managing-users-in-grip) {% endstep %} {% endstepper %} ### Via MijnKPN Zakelijk {% stepper %} {% step %} Go to [https://mijnkpnzakelijk.kpn.com](https://mijnkpnzakelijk.kpn.com/) {% endstep %} {% step %} Log in and select **Company Details** in the menu and click on **User Management**

{% endstep %} {% step %} For **documentation** about how to manage users click [here](#managing-users-in-grip) {% endstep %} {% endstepper %} ### Via direct link {% stepper %} {% step %} Go to [grip-on-it.com](https://grip-on-it.com/) {% endstep %} {% step %} Log in and select **Users**

{% endstep %} {% step %} For **documentation** about how to manage users click [here](#managing-users-in-grip) {% endstep %} {% endstepper %} ## Managing Users in GRIP The information below explains **how to manage users**, including adding and removing users, and managing roles and permissions. Once you have accessed the **User Management** section in **GRIP**, you can perform several actions to **control access** within your organization. ### **What functionalities do you have** **Review existing users, add and delete users**\ View the list of all users in your organization, including their roles and assigned services. Invite new team members by creating users accounts or deleting users who no longer need access to your services. **Edit or give permissions to an added or existing user**\ Modify user information, roles and permissions to ensure they have the correct level of access to your services. {% hint style="info" %} **Why this matters**\ Managing users and permissions in GRIP ensures that only **authorized** individuals can access your applications and IoT services. This helps maintain **security** and **compliance** across your organization. {% endhint %} ## Review existing users, add and delete users In the User Management table, you can see all current users along with their assigned roles and permissions. This overview helps you quickly check who has access to which services. **Add, Remove or Modify Users** 1. To add a new user, click **Add User** at the top of the page 2. To modify a user, click the **three dots** ⋮ and select **Edit** 3. To remove a user, click the **three dots** ⋮ and select **Deactivate** or **Delete**

{% hint style="info" %} To give you the opportunity to **reactivate** an account without having to create it again, a **deleted user** will remain visible in the overview for **10 days** before it is completely removed. {% endhint %} ## Edit or give permissions to an added or existing user For a **New User** you click on the **Add User** at the top of the page and provide the general information. {% stepper %} {% step %} ### **Provide the general information** 1. Fill in the **general details** of the new user 2. Select the **Send email to set password option** to send a password email immediately. This can also be done at a later time, for example after you’ve configured all roles and permissions. 3. Click the **Add User** button

{% hint style="success" %} If the user is a **contact** person for **operational matters**, it is advisable to provide a **phone number** and the correct **language** setting so that our **service desk** can reach you when needed. {% endhint %} After adding the user, the next screen opens where you can optionally enter **additional** information about the user. This information is **not required** for using your account, but it can be used for your own administration. 4. Add **additional** general details *(optional)* 5. Add even more information like **job title** or **office location** *(optional)* 6. Select the **preferred** language setting 7. Click the **Save Changes** button

{% endstep %} {% endstepper %} ### Assigning Services and Roles {% stepper %} {% step %} ### Select Services and Roles 1. Navigate to the **Services and Roles** tab 2. If the user should be able to **manage** other users, enable the **Admin** role 3. Click **Save Changes** 4. Click **+ Assign services and roles** button to add specific **services**

Select the **appropriate** services and roles based on the user’s **responsibilities**. The example below grants the user **full access** to the features within the KPN IoT solution.

{% hint style="danger" %} The **admin** is **responsible** for assigning the correct permissions to the user. Please note that someone with admin rights can also grant **themselves** additional permissions. {% endhint %} {% endstep %} {% endstepper %} ## Services and Roles explained The below list shows the **available roles** for services that are used within the **KPN IOT solution** and describes what **levels** of access each of the roles gives to the user in **KPN Things portal**.

The central identity solution behind every account

Provides the user with an **Admin** account to access and give **assigned services**.

Role	Description	Access
_Admin	_{Full user management, including own account.}	_{View and manage services and roles of other users; add, modify or remove users.}

The foundation for your IoT applications

The starting point for your IoT service and manage the IoT solution. We advise that every user has a **Things Manager** and **Things Support** role. {% hint style="warning" %} **Make sure to select only one role per item**\ If you choose multiple roles - such as *Thing Manager - Admin* and *Thing Manager - Read Only -* the lowest role will **override** the highest. In this example, you would only have **Read Only** access. {% endhint %} #### **Things Creator** These roles are **only needed** if you manage your devices, decoders and scripts via KPN Things. If only connectivity features are used, these roles are not required.

Role	Description	Access
_{Things Creator - Admin}	_{Full access to Things Creator tab.}	_{Add modify or remove devices types, decoders and scripts.}
_{Things Creator - Read Only}	_{Read-only access to Things Creator tab.}	_{View device types, decoders, and scripts.}

#### **Things Manager** We recommend granting the user at least **KPN Things - Read Only** access. This ensures insights into the IoT solution and enables options such as making exports of **connectivity** items available.

Role	Description	Access
_{Things Manager - Admin}	_{Full access to Things Manager tab.}	_{Add, modify, or remove devices, flows, destinations and manage connectivity.}
_{Things Manager - Editor}	_{Full access except for deleting to Things Manager tab.}	_{Add, modify, or remove devices, flows, destinations and manage connectivity except the right to delete.}
_{Things Manager - Read Only}	_{Read only access to Things Manager tab.}	_{View devices, flows, destinations and connectivity.}

#### **Things Support** We advise that **every** user has access to this role in order to see important **documents** and access to links to **contact** information and **ServiceNow** be able to log tickets. Assigning this role also **subscribes** you to **service emails.** {% hint style="danger" %} To be able to log tickets in ServiceNow also the **ICT Manager** role must be granted in **Self Service Portal**. {% endhint %}

Role	Description	Access
_{Things Support - User}	_{Access to the Things Support tab.}	_{View news, release notes, documents, service status, reports and contact info and recieve service emails.}

Provides access to the Service Portal for reporting incidents and service request

The **Self Service Portal** allows users to register and track **tickets** for incidents, information requests, change requests, and complaints. We recommend granting access to all users and ensuring each user profile includes the correct **phone number** and **language setting** (found under the Location section in User Settings). {% hint style="warning" %} The **'Things Support - User'** role must be assigned to access the **Self Service Portal** via [**Support tab**](https://docs.kpnthings.com/kpn-things/the-portal-explained/support/support-tickets) in the KPN Things Portal. {% endhint %}

Role	Description	Access
_{ICT Manager}	^{Access to Self Service Portal.}	^{Register and track tickets for incidents, information requests, change requests and complaints.}

Grants the user access to the **KPN Webshop**. If any of the webshop-related roles are assigned, the **Shop** tab will automatically become visible and accessible in the **KPN Things Portal**.

Role	Description	Access
_Forecasting	_{Enables forecasting functionality.}	_{Enables product forecasting for specific calendar periods, allowing KPN to align stock levels with expected demand}
_Quotation	^{Enables ordering and requesting quotations.}	^{Enables to order products and request quotations for items that are not currently covered by an existing contract. Additionally, user can view the status and history of their orders.}
_{Read Only}	^{Read only access of products and prices.}	^{View product details and prices, order status and order history.}
_{Voucher Manager}	^{Manage discount vouchers.}	^{Process discount vouchers.}

{% hint style="warning" %} Please note that you **must have** at least the **Quotation** role assigned to be able to **place orders**. {% endhint %}

Provide access to MijnKPN Zakelijk functions

This provides the **user** with access to the **MijnKPN Zakelijk** service portal. It gives **access** to the available **services**.

Role	Description	Access
_{Facturen (Invoices)}	^{View invoices in PDF format.}	^{Allows user to view all invoices in PDF format that are linked to the same KPN Reference Number (KRN), which is your company’s unique identifier within KPN.}