As the administrator of a synced Azure Active Directory (AD) Virtru team, you can use the Virtru Control Center's Users & Groups page to view all synced users, Organizational Units (OUs), and groups from your organization.
To learn more about how to leverage the Virtru Control Center, we recommend our Virtru Control Center Playbook for Administrators
If your team has performed an On-Prem Active Directory sync with Virtru, please go here: Managing Users for an On-Prem AD Synced Domain (Users & Groups Page)
If your team has performed a Google Workspace sync with Virtru, please go here: Managing Users and Admins for a Google Workspace Synced Domain (Users & Groups Page)
If your team has not synced with Virtru, please go here: Managing Users and Admins (Users Page)
-Adding and Removing Users (Refreshing a Sync from the Users Tab)
-Exporting a List of Users
-Viewing and Managing User Permissions
-Refreshing a Sync from the Groups Tab
-Viewing and Managing Group Permissions
The Users tab displays the primary email address of all users in your Azure AD (per the last sync). You will also see whether users have activated a plugin and their Admin Roles. The page includes options to search, filter, and sort users, as well as the ability to manage administrative privileges.
Adding and Removing Users (Refreshing a Sync from the Users Tab)
As a synced organization, all users from Azure have been pulled into Virtru, including users who may not receive a Virtru license. Within the Virtru Control Center, you will not be able to manually add or remove users. The user list will update with each sync refresh (details below).
If you have more users in Azure than Virtru licenses, then you will need to create a Virtru provisioning group for license management. Even with this provisioning group, the Control Center will not be a direct reflection of license consumption. If a user is marked "Activated", this just means that they activated a Virtru plugin at some point in the past. Non-licensed (non-provisioned) users can still activate plugins for read-only access and will appear as "Activated".
Above the list of users, you will find your last sync date and time. If you wish to update your user list and pull in changes from your Workspace, simply select the Refresh Now option:
Any changes to your Azure AD after the listed sync date will not be recognized by Virtru. To pull in these changes, please remember to refresh the sync. This includes changes to users, aliases, or groups, etc.
Using the Search bar at the top of the page, you can search users by email address, alias, or group address (using all lowercase):
Search syntax can be found here: Searching for users in the Virtru Control Center
Using the left drop-down, admins can filter users by Activation status or Super Admin status:
- Non-Activated users are users who have never activated a Virtru plugin with their primary address.
- Activated users are users who have activated a Virtru plugin with their primary account at any point in time.
- Super Admins are users with full admin privileges. By default, Virtru Super Admins mirror your Azure Admins (as of your latest sync).
Using the right drop-down, admins can filter users by their OUs or Groups:
Multiple OUs can be viewed at once:
Multiple Groups can be viewed at once:
OUs and Groups cannot be filtered at the same time.
By default, the page will display the first 20 users on your team alphabetically. If you have more than 20 users, you can navigate to various pages using the arrows on the right side of the page:
Using the column titles, admins can also sort users by Email Address, Activation status, and Admin Role:
Exporting a List of Users
To view a .csv of all users in the Control Center, admins can use the Export All Users button in the top right corner:
This .csv will include the following:
- All user email addresses
- User activation statuses
- User admin roles
- A count of all users in the Control Center
- A count of activated users
- A count of unactivated users
Viewing and Managing User Permissions
To view a user's administrative privileges, simply click on the user's email address. This will display their current status and privileges, and for applicable users, allow you to manage specific permissions. By default, Virtru mirrors Azure admins when assigning Virtru Super Administrator status. Virtru Super Administrators will have full Administrative Privileges:
Non-Azure admins will not be Virtru Super Admins but can still receive some Administrative Privileges over specific OUs and/or Groups.
To assign these privileges, click Add OU or Group, select one of the two from the drop-down, select one or more in that category, and click Add:
If a user is a member of a group that has been granted administrative privileges, they will inherit the privilege(s). Inherited privileges will be locked on the user's privilege menu with an indication of the source:
The Groups tab displays all group distribution addresses pulled in during the most recent sync. The page includes options to search and sort group addresses, as well as the ability to manage administrative privileges for all users in a specific group.
Using the Search bar at the top of the page, you can search for specific group addresses (using all lowercase):
Refreshing a Sync from the Groups Tab
Above the list of groups, you will find your last sync date and time, as well as the option to Refresh Now:
Any changes to your Azure AD after that sync date will not be recognized by Virtru. Please remember to refresh the sync after making any changes in Azure that may affect Virtru (new users, new aliases, new groups, etc.).
Viewing and Managing Group Permissions
In addition to setting administrative privileges to individual users, Virtru admins can apply privileges to entire group addresses which will be inherited by all members of that group (as defined in your Azure AD per the most recent sync). To assign these privileges, click on the group email address of a group you wish to modify and select the permissions you wish to grant:
Groups of users can also be granted administrative privileges over specific OUs and/or Groups. To do so, click Add OU or Group, select one of the two, select one or more in that category, and click Add:
Inherited privileges will be locked on the user's privilege menu with an indication of the source: