PRTG Manual: User Groups

On the User Groups tab, you can define access rights for monitoring objects, libraries, maps, and reports at user group level. This means that group membership determines what a user can do and which monitoring objects, libraries, maps, or reports they can see. This does not apply to read-only users, who always have only read access, no matter what access rights the user group they belong to has. You can define group access rights for each object in the object's settings.

i_round_blueThis documentation refers to an administrator that accesses the PRTG web interface on a master node. Other user accounts, interfaces, or failover nodes might not have all of the options in the way described here. In a cluster, note that failover nodes are read-only by default.

i_podIf 15 minutes (900) seconds have passed since your last credential-based login and you open a setup page from a different setup page, PRTG asks you to enter your credentials again for security reasons. A dialog box appears. Enter your Login Name and Password and click OK to continue.

User Groups Overview

The User Groups tab shows a list of all user groups in this PRTG installation and various types of information about each user group.

Column Header

Description

Object

Shows the name of the user group. Click the user group to open its settings.

Type

Shows the user group type, for example, a PRTG user group, an Active Directory group, or a single sign-on (SSO) group.

Members

Shows all users that are a member of this user group.

Primary Group

Shows all users that have this user group as their primary group. Click the user group name to open its settings.

Active Directory Group

Shows the Active Directory group that the user group is connected to.

SSO Claim

Shows the access claim for the SSO group that the user group is connected to.

Add User Groups

  • To add a new user group to PRTG Network Monitor or to PRTG Hosted Monitor, hover over b_add and select Add User Group from the menu. The options are almost the same as for editing user groups.
  • For each user group you create, PRTG automatically adds a new group in the device tree with the name [group_name] home.
  • For each user group you create, PRTG automatically adds a new email notification to the notification templates. It has the name Email to all members of group [group_name]. The new user group automatically has read access to the new notification template.
  • By default, there are no access rights defined on objects for a newly created user group. Initially, users in this user group do not see any objects in the device tree except the automatically created [group_name] home group for which they have write access. This does not apply if the new user group is an administrator group. Edit the settings of objects in your device tree, libraries, maps, or reports, and set access rights for the new user group in the Access Rights section.
    i_round_blueThe easiest way to set access rights is in the root group settings and to use the inheritance of settings.

i_round_blueThe multi-edit option is not available for the predefined user groups PRTG Administrators and PRTG Users Group.

i_round_blueYou cannot delete predefined objects such as the PRTG System Administrator user account, the PRTG Users Group, or the PRTG Administrators group.

i_round_redIf you want to delete an Active Directory group from PRTG, you must delete all users that are in the user group first. This is because the Active Directory users have this user group as their primary group, and user accounts must have a primary group.

User Group Settings

User Group Settings

User Group Settings

Setting

Description

User Group Name

Enter a name for the user group.

i_round_blueIf the name contains angle brackets (<>), PRTG replaces them with braces ({}) for security reasons. For more information, see the Knowledge Base: What security features does PRTG include?

Administrative Rights

Define if the user group members have administrative rights:

  • Give user group members administrative rights: Give administrative rights to all user group members.
    i_round_blueIf you select this option, all user group members have full access to all device tree objects, libraries, maps, reports, and the ticket system. In addition, they can manage user accounts and user groups, and they can change the monitoring configuration of PRTG.
  • Do not give user group members administrative rights: Do not give the user group member administrative rights. Access to device tree objects, libraries, maps, and reports for user group members are defined in an object's settings.

Home Page URL

Define the default home page for the user group members. This is the page that the user sees after logging in or when selecting Home from the main menu. Enter a PRTG-internal web page.

i_round_blueThis applies to new users that were either added via Active Directory Integration or using the Add Multiple Users option.

Active Directory or Single Sign-On Integration

Define whether to connect this user group to external users:

  • Do not use Active Directory or single sign-on integration: Do not connect this user group to a user group in your Active Directory or to a single sign-on integration. Use local user accounts instead.

i_round_redYou cannot change credentials for users that are members of an Active Directory group.

i_podThis option is not available in PRTG Hosted Monitor.

Active Directory Group

This setting is only visible if you select Use Active Directory integration above. Select the user group whose members can log in to PRTG using their Active Directory domain credentials. The according user accounts have the access rights of the user group you just created.

i_round_redYou need to configure a valid Active Directory domain in the Core & Probes settings for user groups to appear in the dropdown list.

i_square_cyanFor detailed information, see Active Directory Integration.

i_round_blueIf your Active Directory contains more than 1,000 entries in total, PRTG displays an input field instead of a dropdown list. This is for performance reasons. In the input field, you can only enter the name of the user group in your Active Directory. PRTG then automatically adds the domain name prefix.

i_round_bluePRTG caches the list of the user groups in your Active Directory for one hour. You can update this list earlier by manually clearing the cache via the Administrative Tools by clicking Go! in the Clear Caches section.

i_podThis option is not available in PRTG Hosted Monitor.

SSO Group Claim

This setting is only visible if you select Use single sign-on integration above. Enter the access claim for the SSO group, for example a scope name or an Azure group object ID.

User Type

This setting is only visible if you select Use Active Directory integration above. Define the default user access rights for all new users in this user group:

  • Read/write user: Can only view monitoring results, libraries, maps, reports, and also edit the according settings. In addition, they can add and delete objects, libraries, maps, and reports. The user can acknowledge alarms, edit notification templates, notification contacts, and schedules.
  • Read-only user: Can only view monitoring results, libraries, maps, reports, and the according settings. The user can acknowledge alarms and change their own password if allowed. This is a good choice for public or semi-public logins.

i_round_blueRead-only users cannot be members of groups with administrative rights.

i_round_blueIf a user logs in to PRTG for the first time using Active Directory credentials, PRTG automatically creates a new, local user account for this user with the user type that you define.

Acknowledge Alarms

This setting is only visible if you select Read-only user above. Acknowledging an alarm is an action that requires write access. However, you can explicitly allow a read-only user to acknowledge alarms. Choose between:

  • Allow user group members to acknowledge alarms: Allow read-only user group members to acknowledge alarms.
  • Do not allow user group members to acknowledge alarms (default): Do not allow read-only user group members to acknowledge alarms.

Sensor Creation Rights

Define if user group members can create all sensors or only specific sensors:

  • Allow user group members to create all sensors: No restrictions for group members apply.
  • Allow user group members to create certain sensors only: Select the allowed sensors from the list of available sensors.

Allowed Sensors

This setting is only visible if you select Allow user group members to create certain sensors only above. A list of all available sensors is shown. Select the sensors that user group members can create by enabling check boxes in front of the respective sensor names.

i_round_blueYou can also select all items or cancel the selection by using the check box in the table header.

i_round_bluePRTG displays sensors that are in use in bold print.

i_round_blueThis setting does not apply when a user group member runs an auto-discovery. The auto-discovery adds all sensors that are defined in the used device templates. This setting does also not apply when a user group member adds recommended sensors.

Ticket System Access

Define if user group members can use the ticket system:

  • Allow user group members to use the ticket system: Users in this user group can read, create, assign, and modify tickets.
    i_round_blueGroup members that are read-only users never have access to the ticket system.
  • Do not allow user group members to use the ticket system: The Tickets menu item in the main menu bar is not visible to users in this user group.

Group Members

Group Members

Group Members

Setting

Description

Members

This setting is only visible if you select Do not use Active Directory or single sign-on integration above. Define which local user accounts are members of this user group. To add a user account from the list, enable the check box in front of the user name. The available user accounts depend on your setup.

Primary Group Users

Primary Group Users

Primary Group Users

Setting

Description

User List

Shows a list of all user accounts that have this user group as their primary group. This is only shown for your information. You can change the primary group of a user account in the user account's settings.

i_round_redSave your settings. If you leave the page, all changes to the settings are lost.

More

i_square_blueKNOWLEDGE BASE

What security features does PRTG include?

How to integrate Azure Active Directory into PRTG?

How to integrate Okta SSO into PRTG?

Others

There are some settings that you must make in the PRTG Administration Tool. For more details, see the sections: