Introduction to the Employees
The Employees screen is where all your employees and other users are listed. You can see when a user first/last logged in, which computer they logged in from, their status (i.e. active, idle, locked etc.), if they are currently being monitored, if they have the two-factor (2FA) authentication is enabled.
You can filter the report by their state (e.g., Monitored, Locked Out, Deleted, Unlicensed, Access to Dashboard, etc.), role, and departments from the option on top of the report.
You can search for an employee, export the report and PDF/CSV format or set up auto-export options by using the button near the top-right corner.
From the Employees screen, you can also perform actions such as add/import/delete/restore employees, lock/unlock their computers etc. See the Employee Action Menu section below for more information.
Employee: shows the name of the employee. Clicking the name will take you to the employee's activity report.
Email: shows the email address of the employee.
Department: shows the department the employee belongs to. Clicking the department will take you to the department configuration page.
First online time: shows the date and time the user first came online.
First online from: shows the computer the user logged in from for the first time. Clicking the computer will take you to the computer's details page.
Last login time: depending on the computer's state, this column will display the following:
If the user is offline, it will show the date and time the user last logged in.
If the user is currently online, this column will show "Online".
The column will display "Session locked" if the user locked their computer (i.e., used the Start Menu > User > Lock command), the screen saver was activated, the system went to sleep mode; or it it's a remote desktop session (RDP), the user minimized the RDP window.
Last login from: shows the computer the user last logged in from. Clicking the computer will take you to the computer's details page.
Status: depending on what employee action was taken, the column will either display "Locked", "Deleted" or "Active". If this column shows “Locked”, it means either an admin used the “Lock” command from the Employee Action Menu, or the user triggered a behavior rule with the Lock Out User action. See the Employee Action Menu to learn how to lock/delete a user.
Monitored: shows if the user is currently being monitored or not. If the monitoring is enabled for the user but the user has never logged in, then you will see an (i) icon next to their monitoring status. See the Employee Action Menu to learn how to enable/disable monitoring. You can also see which employees are “Unlicensed” in this column. Note that an unlicensed user is a user who is being monitored but not licensed.
2FA: shows if 2-Factor Authentication is enabled for the user.
Accessing the Employees Menu
1. Click the EMPLOYEES menu to access its screen.
Adding a New Employee
1. Click the NEW EMPLOYEE button near the top of the screen. A pop-up window will open where you can edit the employee’s profile details such as their personal information, account security, monitoring options etc. See the Entering / Editing Employee Profiles section to learn how to enter these details for a new employee.
Adding Employee and Sending Invitation
At bottom of the New employee (if you are adding a new employee), Edit info (if you are editing an existing employee) or My profile (if you are editing your info) window, you will see a few buttons:
If you are adding a new employee:
1. Click the ADD USER & SEND INVITATION button to add the new employee and send them an invitation email. The email will look like this:
2. It will contain the links to download the Agent and their login credentials.
3. Click the ADD USER button to just add the user without sending an invitation. Note that, if you don’t send them an invitation and don’t assign them a password, the user won’t be able to login.
If you are editing an existing employee or your own profile:
1. Click the RESEND INVITATION button to resend the employee the invitation email. The email will look like this:
2. It will contain the links to download the Agent and their login credentials.
3. Click the APPLY CHANGES button to save any changes you have made to the profile.
Entering / Editing Employee Profiles
If you are adding a new employee, a New Employee window will pop up where you will be able to enter the employee’s profile information.
To edit the profile of an existing employee:
1. Click the name of an employee from the List of Employees screen. You will be taken to then Employee’s screen.
2. Click the EDIT INFO button on an Employee’s screen.
3. An Edit info window will pop up where you will be able to edit the employee’s profile information.
See the sections below for an explanation of each tab on the profile window.
Under the Personal Details section of the PERSONAL INFO tab, enter the employee’s personal details such as names, email and phone no.
You can also upload a photo for the employee’s profile by clicking the photo area. Ideally, the image should be at least 128x128 pixel, in PNG or JPG format.
Under the Business Details section, you can assign the employee a department, position etc. If you enter the Rate, you will be able to see the user’s expense on various widgets and reports (e.g., the Productivity report, Employee Cost, etc.).
The LDAP attributes section is only shown if you have set up an Active Directory integration. The attributes are read-only. You cannot edit their values.
On this tab, you can specify the user’s DEFAULT TASK (applicable if the employee is using a Hidden Agent. Check out the Tasks section to learn how to create tasks for your employees).
You can also set their ACCESS LEVEL. There are four types of access levels you can choose from:
Employee – cannot change any settings.
Infrastructure Admin - has access to the system settings but cannot browse any recordings.
Operational Admin - has access to the system settings, rules, computers, other users and access control settings of other users.
Administrator – is the most powerful access level. They can monitor all employees, other admins and change any settings with no restrictions.
Check out this article to learn more about account access levels.
On this tab, you can also enable/disable other account security settings, such as:
Allow viewing activity reports: if enabled, the user will be able to view the Monitoring > Web Pages & Applications report.
User can clock in and out using Web interface: if enabled, the user will be able to use the web clock-in feature (Time Tracking > Tracker) to log their task and time.
User can login to Teramind Dashboard: if enabled for a regular user, the user will be able to login to the dashboard and view:
If enabled for an admin, they admin will have access to all the features under their access level.
External user: if enabled, the system will treat this user as an Active Directory user and by default will use LDAP to synchronize their domain password from Active Directory. However, if you enable this option, you will notice that another option is shown, ‘Don't synchronize from LDAP’. If you enable this ‘Don’t synchronize…’ option, then the password will not be synchronized anymore. Also, note that, if the option is enabled the SET NEW PASSWORD option will not be shown the next time you edit the user. The Forgot your password? option (on the Dashboard login screen) will not work either. Also, if you are using the LDAP method to authenticate dashboard changes (Settings > Security > Dashboard Authentication > CONFIRMATION METHOD FOR DASHBOARD CHANGES), you will need to mark the user as External user.
Can see own online presence: This option is applicable to an administrator and privileged users (who have the permission). if enabled, the logged in user will be able to view their online status on the Online Employees widget, the List of Employees screen, etc. If disabled, the information such as “First online time”, “First online form”, etc. columns will not record the user’s status and they will be shown as empty:
Note that, if this option is enabled, then you will be able to toggle the User can clock in and out using Web interface setting (see below).
Disable self snapshots report: Will disable the Monitoring > Screen Snapshots report.
Disable daily digest report: Applicable to users with the Administrator access level. By default, all administrators receive a daily digest email which shows all the users’ activities such as emails sent, rules violated, etc. If you enable this option, then the admins will not receive the daily digest report. The report looks like this:
Disable self edit: Will disable the ability for the employee to edit their profile information such as names, email address, and phone number.
SET NEW PASSWORD: allows you to change the user’s account password. Note that, if you don’t assign a password to a user and click the ADD USER & SEND INVITATION or the RESEND INVITATION option, then a temporary password will be generated for them. See the Adding /Editing an Employee and Sending Invitation section for more information.
The RBAC (stands for Role Based Access Control) tab allows you to turn a regular user (Employee access level) into a privileged user by assigning a Role access control policy to them. To do so:
1. Select a Role policy from the SELECT ROLE BASED POLICY TO GRANT USER ACCESS drop-down list. Check out the Creating a Role (RBAC) Policy section to learn how to create a Role policy.
2. Click the SELECT TARGETS button, the role will be added.
3. Click the GRANT ACCESS TO field and select users, computers, departments, Active Directory groups, shared lists, etc. from the list of objects. You can delete an object by clicking the X button next to it.
4. You can delete a role by clicking the X button located at the top-right corner of the role’s panel.
The options on the Authentication tab cannot be set by an administrator for another employee. A logged in employee has to enable/disable 2-Factor Authentication from their own profile (by clicking their name near the top-right corner of the Dashboard and selecting My Profile:
The employee will need to scan the barcode in a 2FA application (such as Authy or Google Authenticator) then apply the code from the application in the Code from Authenticator app field.
For step-by-step instructions on how an employee can configure their own 2FA, check out this article on our Knowledge Base.
For step-by-step instructions on forcing 2FA for administrators, see this article on our Knowledge Base.
On this tab, you can specify which monitoring profile to use for this employee. Or, you can manually change any of the monitoring settings. If you manually change the settings, a “Custom profile” will be automatically created and assigned to the user.
For more information about monitoring profiles and monitoring settings, check out the Monitoring Setting section.
Productivity profiles allow you to classify a user’s app or website activities as productive or unproductive. On Productivity Profile tab, you can see which productivity profile is currently being assigned to the employee. However, you cannot edit the profile from this tab. To learn more about productivity profiles and how to create/edit them, check out the Productivity Profiles section of the User Guide.
1. Click the IMPORT button near the top of the Employees screen. You will be taken to the Import employee screen.
2. Click the UPLOAD CSV FILE button to upload a CSV file containing employee information.
3. If you want, you can click the DOWNLOAD SAMPLE CSV button to download a sample CSV file that shows you how the CSV file containing a list of employees should be formatted for importing into Teramind.
4. Turn on the Invite users by email to send out invitations to install the Teramind Agent to the newly added employees.
5. A table at the lower part of the screen will shows what CSV fields Teramind can import, their expected values and which fields are mandatory.
Employee Action Menu
You can perform various actions such as lock/unlock a user, delete/restore their profile or enable/disable monitoring for them.
1. Click the check mark in front of the employee names to select employees.
2. From the top-left corner of the screen, select the action you want to perform. Here are the actions you can perform:
Lock: locks a user’s computer. The Status column on the employees list will change to show it as locked. When a computer is locked, the user will not be able to use it.
Unlock: unlocks a user’s computer previously locked by the Lock menu option or by a rule’s ‘Lock Out User’ action.
Delete: deletes the selected user. Note that, when you delete a user, they are not permanently deleted, just hidden from the employee list and all monitoring reports. If you are on a Cloud deployment, deleting a user will also free up a license.
Restore: restores previously deleted employee(s).
Enable Monitoring: enables monitoring for a user.
Disable Monitoring: disables monitoring for a user. The Monitored column will change to show the user is no longer being monitored.
Bulk Edit: allows you to edit the profile information of the selected employees in bulk. Clicking the button will open the Bulk edit window where you can make the changes that will apply to the selected employees:
Viewing an Employee’s Monitoring Reports
1. Click the name of an employee from the Employee column. You will be taken to the Employee’s page where you can see their detailed reports such as, Activity Log (similar to the Web Pages & Applications Report), Session Log, Time Worked, Alert Log etc.:
2. You can also edit the employee’s profile, toggle monitoring, delete employee or view the assigned policies/rules policies from this this screen.
Viewing the Active Policies & Rules of an Employee
1. Click the ACTIVE POLICIES button from the Employee’s page. A pop-up window will open where you can view all the active policies and rules applied to the user:
Please note that:
You can click on a policy’s name to expand/collapse it.
You can click on a rule’s name to edit it.
Any policies or rules that are turned off on the Behavior > Policies screen will not show up on the list.
Any policies or rules that are applied to the Everyone option on the policy/rule's User field will not show up on the list.
Anomaly Rules aren't shown on this list.
Editing / Deleting an Employee
1. Click the EDIT INFO button from the Employee’s page. A pop-up window will open where you can edit their profile information. Check out the Entering / Editing Employee Profiles section to learn how to edit the profile.
2. Click the small, Red Trash Can icon to delete the employee. You can also delete/restore an employee from the Employee Action Menu. Note that, when you delete a user, they are not permanently deleted, just hidden from the employee list and all monitoring reports. If you are on a Cloud deployment, deleting a user will also free up a license.