Working with Account settings

Last updated: Mon Jul 08 22:12:32 GMT 2019

The Account Settings view provides a management interface for various aspects of your ThousandEyes account, such as your user's settings and contact information. You can also manage information about your organization, its users and account groups. To access your account settings, click on the User icon User-added image in the in the top right corner of the ThousandEyes web portal and select the Account Settings link. 

The Account Settings page is separated into multiple tabs. The tabs which are displayed and their contents will depend on the permissions in the roles assigned to the user. For example, users with the Organization Admin role will see the Users tab, which displays information about users in each Account Group within the organization.  The Account Admin role will also see a Users tab but is limited to seeing only users present in the account groups assigned to it. In the examples below, we display all of the possible tabs and settings within each tab. For information regarding roles and permissions, please refer to the Role-Based Access Control explained article.

Table of contents

Profile tab

The Profile tab displays information about the user's organization(s), Account Groups(s) and assigned Roles within those Account Groups. Here, users can modify their own username and email address (used for login to ThousandEyes), change their password and set their preferred timezone for the web interface. Organization-wide timezone settings are described in the Organization tab section below.

If the user is a member of more than one Account Group (in one or in multiple organizations), then the user can select their Login Account Group. This determines into which Account Group the user is placed upon login. Once logged in, users can switch between Account Groups with the Current Account Group selector in the User menu, as described in the Switching account groups section below.

Account Settings - Profile tab
Account Settings - Profile tab

Under the User Profile section, for users with API access enabled (i.e. users with the API Access permission), the User API Tokens section will be visible, containing the API authentication tokens:

User API Tokens section of the User Profile
Account Settings - User Profile tab - User API Tokens section

Two types of API authentication tokens are available: a token for HTTP Basic authentication and a token for OAuth-based authentication. The primary purpose of the latter is providing an authentication mechanism for the SCIM-based automated user provisioning process.

Account Groups tab

For users with the View all account groups permission, the Account Groups tab will be visible. This tab displays all Account Groups defined in the organization, along with the number of users and Enterprise Agents present in each Account Group. Users with the Edit all account groups permission can add, manage and delete Account Groups:

Account Settings - Account Groups - List
Account Settings - Account Groups tab

Expanding a row in the Account Groups table displays the Account Group's details and allows changes to the Account Group's name. The Account Group Token is also displayed for users to copy when installing Enterprise Agents. Click the Regenerate Token link if circumstances require that a new token should be created (i.e. if the token is accidentally disclosed to an untrusted party). Once the new token is generated, Enterprise Agents with the old Account Group token will continue to function normally.

Expanded Account Group entry
Account Group management dialog

An Account Group's Enterprise Agents can be displayed in the Enterprise Agents drop-down. Enterprise Agents available to the current Account Group are displayed with checked boxes. Agents from other Account Groups can be checked to make them available to this Account Group or can be unchecked to remove them from the current Account Group. A checked and greyed out entry indicates an Agent for which the current Account Group is the primary Account Group (i.e. the Agent was created with the current Account Group's Token) and thus cannot be deselected:

User-added image
Assigning Enterprise Agents into an Account Group

Refer to the What is an Account Group? article for further information about what an Account Group is and why having multiple Account Groups might be useful for you.

Switching account groups

As explained above, each user can have access to more than one Account Group. Those Account Groups can even span across multiple organizations. Additionally, users with the Organization Admin role (or similar) have access to all Account Groups defined within the organization. This allows the user to view tests, shares, reports and agents assigned to each of the Account Groups belonging to the organization.

To change the current Account Group context, click on the User-added image icon in the upper right corner of the ThousandEyes web portal and expand the Current Account Group drop-down menu. This will allow you to switch into another Account Group context.

The following figure on the left shows the currently active context of the "QA PROD" Account Group (1). The figure on the right shows the expanded drop-down listing all Account Groups available to the user, from multiple organizations (2). The user's mouse is currently hovering over the "Multi-Cloud" (3) Account Group into which they are about to enter:

Account Group Switching - Current account group
Currently active Account Group
Account Group Switching - Selector with account groups from multiple organizations
Available Account Groups

Users tab

The Users tab is visible for users having the View all users permission. As the name suggests, this section allows general user management:

Users tab - User list
Account Settings - Users tab

Clicking on any entry in the table expands it and presents management options for the user's name, email address and Account Group associations, not unlike what each user sees in their Profile tab:

Users - Expanded entry
Expanded user entry

At the top, the Add New Users button opens a similar dialog, displayed in the figure below. This dialog has one additional feature - multiple users can be created in one step, with identical Account Group and Role associations. To create multiple users in one step, simply add multiple email addresses into the Emails field. You can add multiple emails by either pressing the Enter key after each email address is typed in, or by pasting a comma-separated list of email addresses into the field:

Users - New user creation dialog
Add new users dialog

As shown in the previous figure (the Expanded user entry figure above), each user can be a member of multiple Account Groups. In each Account Group, the user can have more than one Role assigned. The permission list granted to the user within each Account Group is a union of permissions across all Roles assigned to the user in that Account Group. For example, if the user has the Account Admin and Regular User roles, then they will have the combined permissions of both roles.

For an extensive description of the ThousandEyes role-based permission system, consult the Role-based Access Control explained article.

Roles tab

A user with the View roles permission will be able to see the Roles tab containing a table of all security Roles defined within the organization (1) and permissions associated with each Role (2):

Account Settings - Roles tab
Roles table in the Roles tab

The extensive list of permissions can be narrowed down by using the search bar (3). New roles can be defined by either clicking the Add New Role button (4) or by cloning one of the existing roles by clicking the Account Settings - Roles tab - Clone icon icon under its name.

As previously mentioned in the sections above (Account Groups tab, Users tab), refer to the Role-based Access Control explained article for detailed information about ThousandEyes permission system.

Organization tab

The Organization tab shows organization-wide settings and Unit consumption plan and projection information. This tab is only accessible by organization administrators - relevant permissions are View billingView organization usage and View security & authentication settings:

Account Settings - Organization tab
Account Settings - Organization tab

The Details section (marked with (1) in the figure above) shows basic organization information, such as the name of the organization account (not editable) and organization-wide timezone settings. Users having the Edit default timezone settings permission will be able to adjust organization-wide timezone settings. As outlined in the Profile tab section above, each user can adjust the web UI timezone according to their own preference.

Security & Authentication section

The Security & Authentication section (marked with (2) in the figure above) provides configuration of the following aspects of your ThousandEyes account:

  • Single Sign-On settings, including SCIM-based automatic user provisioning. 
  • Password Expiration policy configuration for users who are allowed to use interactive login.

There is a series of articles available in our Knowledge Base describing SAML-based Single Sign-On (SSO) configuration settings. Start with the How to configure Single Sign-On: Metadata article, which contains further links to identity provider-specific SSO setup guides, or use the search feature at the top of this page to find the SSO setup guide for your identity provider (IdP).

To complement the SSO, SCIM-based automatic user provisioning is supported as well. Consult the ThousandEyes support for SCIM article for further information.

Plan Usage section

The Plan Usage section deals with all aspects of Unit and license consumption. The overview section (3) shows current usage (solid green bar), additional projected usage until the end of the current billing cycle (dashed green/white bar) and the remainder of the planned/purchased capacity.

The table below the overview section will enable you to review and understand your account's Unit consumption. You can select between showing the consumption of Cloud Agent Units and Enterprise Agent Units (4) and control the breakdown table content by choosing to show your consumption by Account Group, by Test Type or by individual Test (5).

For your convenience, there is a Calculate the units you need for this account group (6, above) link available. This link will lead you to the Unit Calculator, a tool that will allow you to estimate your future usage.

To fully understand ThousandEyes Unit consumption, head over to the How Unit consumption works article.

If you have any questions regarding your usage numbers, please reach out to your ThousandEyes account manager or the Customer Success team via support@thousandeyes.com.

Quotas tab

An Account Group(s) can be limited to a fixed quota of units from here. A user with the Can assign and edit quota permission will be able to see the Quotas tab:

quota

Components of the Quotas tab:

  1. Plan: Total units allocated to an organization per month.
  2. Organization Current Usage Rate: Current rate at which an organization is utilizing units in their plan. Shown in terms of % of Plan used and units consumed. 
  3. Organization Quota: Total units assigned to an organization. Enabled and value set to total plan by default. Can be toggled depending upon plan of an organization.
  4. Unallocated Usage: Available units not allocated to any Account Group.
  5. Account Group: This column contains names of Account Groups defined in the organization.
  6. Current Usage Rate: Current rate at which an Account Group is utilizing units. Shown in terms of % of Plan and units consumed.
  7. Quota Switch: Enable/Disable fixed quota of units for an Account Group.
  8. Slider to configure a value for Usage Selector field
  9. Usage Selector: Amount of units allocated to an Account Group.
  10. Two options are available to configure Usage Selector value as below:
    • Units: Maximum number of units an Account Group can use per month.
    • % of Plan: Maximum proportion of organization's total units an Account Group can use per month.

Once done configuring quotas click Save Changes for the changes to take effect.

Unit quotas use cases

Use case #1: I don't want a single account group consuming all my units unexpectedly.

Configure quota settings for all your account groups. This way none of your account groups will be able to consume all available units, preventing (unintended) increased unit usage in one account group from adversely affecting your other account groups.

Use case #2: My users are located all over the world. I want to allocate units to users based on regions.

Create one account group per region. Then configure unit quotas for each region.

Use case #3: I want to keep my operations team uncapped while limiting units for all other account groups.

If you have enabled quotas for all your account groups, you can always disable unit quota allocation for a particular account group while leaving other account groups capped.

Use case #4: I don't know how many units my new account groups will consume, but I don't want them to consume all available units.

Quotas allocated to your account groups can add up to more than 100% of available units. Configure your new account group(s) with quota allocations below 100% for each individual account group. This enables an early warning about individual account group consuming more units than expected while not immediately affecting your other account groups.

Use case #5: I've set up account group quotas, the setup is working as expected. How can I make sure my quotas configuration is unchanged?

Every ThousandEyes user in your account with the Can assign and edit quota permission will be able to adjust quotas. You will need to remove this permission (only available to Organization Admins by default) from all users unauthorized to perform quota allocation changes. You will need to communicate your requirement to other ThousandEyes administrators in your organization. If unexpected changes do happen, you can always inspect the Activity Log for further details.

Billing tab

The Billing tab shows current billing information for your organization. This tab is only accessible by users with the View billing permission:

Account Settings - Billing tab
Account Settings - Billing tab

The following sections are visible in this tab:

  1. Plan Details: The details of your contracted ThousandEyes usage plan.
  2. Billing Address: The address to be included on the invoices and the email address to which invoices are sent.
  3. Payment Method: Displays payment information which is sent to a third party provider used by ThousandEyes for credit card processing. This form is a secure element connecting you directly to the third party provider. ThousandEyes never receives the credit card information, but rather obtains an authorization on behalf of the payment processor.
  4. Billing History: Displays billing information generated over previous billing cycles.

If you have any questions regarding your plan details, please reach out to your ThousandEyes account manager or the Customer Success team via support@thousandeyes.com.

Activity Log tab

When the user has at least one of the View own activity log, View activity log for all users in account group or View user activity in all account groups permissions, the Activity Log tab is available showing events that have happened in your ThousandEyes account:

Account Settings - Activity Log tab

Working with the Activity Log explains all the details of the Activity Log usage.

Related information

The following resources contain further information related to ThousandEyes account management: