Skip to main content
Configure
A
Written by Arick Disilva
Updated over 6 months ago

Introduction to Configure

The Configure menu allows you to configure different Teramind components that are used across the system. For example, The Departments screen allows you to create departments and assign employees to department managers. The departments can then be used with monitoring profiles or for filtering monitoring/BI reports. They can even be used with behavior rules to easily target a group of users.

Accessing the Configure Menus

1. Hover your mouse over the CONFIGURE menu, then

2. Select an item from the sub-menu:

Departments

On the Departments screen, you can see a list of all the departments, how many employees are in each department, who the department managers are etc. You can also create/edit departments and assign managers to them.

image-175.png

Note that, department managers can only view/manager the employees in their respective department(s). Check out this article to learn what permission level a department manager has.

Creating a New Department

image-177.png

1. Click the NEW DEPARTMENT button. A New department window will pop-up:

2. Enter a DEPARTMENT NAME.

3. Optionally, enter a description in the DEPARTMENT DESCRIPTION field.

4. Click on the DEPARTMENT MANAGERS field and select the department manager(s) from the list of employees.

5. Click on the EMPLOYEES field and select the employee(s) from the list of employees.

6. If you have an Active Directory integration set up, you will see an option, PRESERVE AGENTS DURING AD SYNCHRONIZATION. If enabled, employees assigned to the department will not change (they will be preserved) if AD hierarchy is changed.

7. Click the APPLY CHANGES button to create the department.

Note that, you cannot assign an employee to multiple departments. If you add an employee who is already in another department, they will be removed from that department and added to the new department. You can however, have a department manager assigned to multiple departments.

Viewing the Employees in a Department

image-179.png

1. Click on the name of a department, for example, Sales. You will be taken to the Department page.

image-180.png

2. On the left side of the Department page, you will see a list of employees assigned to the department. Check out the Entering / Editing Employee Profiles section to learn how to assign an employee to a department.

3. On the right-side of the page, you will see a Gantt chart with a list of tasks for each employee and how much time they spent on each task. Check out the Rules Action > Set User's Active Task section on the Rules Gudie to learn how tasks can be assigned to an employee automatically by a rule when using a Stealth Agent. Or, check out the How to use the Revealed Agent article to learn how Tasks can be created and self-assigned by users with the Revealed Agent.

4. You can use Filter field to limit the view to selected tasks/employees.

Assigning an Employee to a Department

You can assign an employee to a department when creating a department. But you can also change an employee's department from the employee's profile:

1. Select the EMPLOYEES menu.

2. Click on an employee's name to open their page.

3. Click the EDIT INFO button.

4. You can change the Department for the employee under the PERSONAL INFO tab:

mceclip0__19_.png

Editing / Deleting a Department

image-181.png

1. While on the Department page, click the EDIT button at the top-right corner. An Edit department window will appear (similar to the New department window) where you can change the department’s name, description and managers.

2. While on the Department page, click the DELETE button. You will be shown a warning. If the department is used somewhere (e.g., in any employee’s profile, access control policies, etc.) you will also be shown detailed information on where the department is currently being used:

Schedules

The Schedules screen allows you to manage schedules for your employees and contractors. You can control employee work time, lunch breaks, days off, etc. This information is then used by other Teramind modules. For example, in the Agent Schedule-based rules, in the Productivity Reports, or for calculating payroll, etc.

mceclip3__4_.png

This screen has two tabs. The SCHEDULING tab allows you to create/edit the daily and weekly schedules for your employees. The TEMPLATES tab allows you to create/edit templates to make managing schedules for large groups easier.

Note that you can also create schedules for various positions in your organization. Check out the Positions section for more information.

Adding a New Employee

mceclip0__20_.png

1. Click the NEW EMPLOYEE button near the bottom. This will pop-up the New employee window where you can add a new employee, configure their account details, monitoring options, etc. Check out the entering/editing employee profiles section for more information.

Combined vs Daily Schedules

image-184.png

1. Click the COMBINED or DAILY button near the top-right corner to switch between a Combined view and a Daily view. The combined view shows identical shifts as a single time/shift block spanning days with that same schedule defined.

Managing Employee Schedules

mceclip2__4_.png

1. You can manage schedules for individual employees from the SCHEDULING tab.

Notifying Employees About Schedule Changes

You can send a notification to employees or departments of any schedule changes.

image-186.png

1. Click the NOTIFY EMPLOYEES button at the top right-corner of the SCHEDULING screen. A pop-up window will open.

image-187.png

2. Select the employees you want to inform from the list of employees.

3. Select a period.

4. Optionally, add a comment.

5. Click the APPLY CHANGES to send the notification.

Managing Weekly Employee Schedules

image-188.png

1. Click the name of an employee on the SCHEDULING screen. You can also click the ADD SCHEDULE button if the employee does not have a schedule already assigned. A pop-up window will be displayed:

2. You can add additional employees, by clicking the + icon in the EMPLOYEES field. The schedule will then be applied to all of them.

3. You can select an existing template to populate the schedules for the weekdays.

4. Hover over a day row and click the Add shift icon to add a shift:

A widow will pop up to let you edit the shift. Use the two small orange circles to adjust the time. Click the APPLY CHANGES button when done.

5. Click on an existing time scheduled time block to edit it:

A widow will pop up to let you edit the shift. Use the two small orange circles to adjust the time. Click the Trash Can icon to delete the shift. Click the APPLY CHANGES button when done.

6. Click on a day’s name, for example, Tuesday, to turn it on/off (make it a workday/off-day). If all the days are turned off for the week, the schedule will be deleted/removed from the employee.

7. Use the ALLOWED BREAK field to assign break hours.

8. Click the Matched List icon to make all hours match with the first day’s hour.

9. Click the SAVE button on top to save the schedule or press the RESTORE button to revert any changes.

Managing Daily Employee Schedules and Day Off

image-190__1_.png

1. Click on a day’s time slot/shift or an empty day on the SCHEDULING screen. A pop-up window will appear:

2. You can adjust the worktime by dragging the Orange Circles on the slider.

3. You can add/remove timeslots by clicking the Plus + and Minus buttons.

4. You can allocate the employee a break in the ALLOWED BREAK field.

5. You can delete the shift by clicking the Trash Can button.

6. To assign/cancel a day off, click the SET DAY OFF or DEACTIVE DAY OFF.

7. Click the APPLY CHANGES button to save the changes.

Batch Schedule Editing

This feature allows you to add a schedule to a group of employees at once instead of editing them one by one.

mceclip0__21_.png

1. Click the BATCH SCHEDULE EDITING button near the top right-corner of the SCHEDULING screen. An Edit schedule pop-up window will open:

2. This is similar to editing a Weekly Employee Schedule. Just add the employees you want to batch edit by clicking the + icon in the EMPLOYEES field and edit the schedule..

Schedule Templates

Viewing / Adding / Editing Templates

1. Click the TEMPLATES tab to view a list of available templates.

2. You can refine the list of templates, using the options under the REFINE ENTRIES filters. For example, by Positions, by Departments or by Time Range. To remove the filters, click the small Clear Filters icon.

3. Click the ADD TEMPLATE button at the top-right corner. You will be taken to the Weekly Schedule screen where you will be able to add the template*.

4. Click a template name or a time slot under the days to edit an existing template. You will be taken to the Weekly Schedule screen where you will be able to edit the template*.

*You can add/edit a template the same way you would add/edit a weekly employee schedule. Please follow the Managing Weekly Employee Schedules to learn how.

Deleting a Template

1. Click the TEMPLATES tab to view a list of available templates.

2. Click a template name or a time slot under the days to edit the template. This will take you to the Weekly Schedule screen:

3. Click the DELETE button to remove the template.

Positions

The Positions screen allows you to manage schedules for positions/job titles. It is very similar to the Schedules > Templates screen.

1. You can refine the view by using the options under the REFINE ENTRIES filters. For example, by Positions, by Departments or by Time Range. To remove the filters, click the small Clear Filters icon.

Adding / Editing / Deleting a Position

1. Click the NEW POSITION button at the top-right corner. You will be taken to the Weekly Schedule screen where you will be able to add the position.

2. Click a position name or a time slot under the days to edit an existing position. You will be taken to the Weekly Schedule screen where you will be able to edit the position.

3. You can change the name of the position by entering it in the POSITION TITLE field.

4. You can select an existing template to populate the schedules for the weekdays.

5. Hover over a day row and click the Add shift icon to add a shift.

A widow will pop up to let you edit the shift. Use the two small orange circles to adjust the time. Click the APPLY CHANGES button when done.

6. Click on an existing time scheduled time block to edit it:

A widow will pop up to let you edit the shift. Use the two small orange circles to adjust the time. Click the Trash Can icon to delete the shift. Click the APPLY CHANGES button when done.

7. Click on a day’s name, for example, Tuesday, to turn it on/off (make it a workday/off-day). If all the days are turned off for the week, the schedule will be deleted/removed from the employee.

8. Use the ALLOWED BREAK field to assign break hours.

9. Click the Matched List icon to make all hours match with the first day’s hour.

10. Click the SAVE button on top to save the schedule or press the RESTORE button to revert any changes.

11. Click the DELETE button on top to delete the position.

Note that, you can also create a new position when entering/editing employee profiles, under PERSONAL INFO, in the Position field.

Access Control Policies

The Access Control screen allows you to control which users have access to what information on the Teramind Dashboard and what settings they are allowed to change.

The main window of the Access Control screen shows a list of policies, privileges, and subjects/description. You can search, filter, create, edit, delete, or export policies from this screen.

There are two types of access control policies you can create:

  • List Access Control Policy: A List or Regular access control policy allows you to define what information a privileged user can view or edit.

  • Role Access Control Policy: A Role-Based Access Control (RBAC) policy allows you to assign special management permissions in addition to the view/edit permissions to a privileged user. For example, the ability to edit employee profiles, create behavior policies and rules, etc. With the Role policies, you can create some unique user roles. For example, turn a department manager into a ‘semi-admin’ who can manage employees like an admin but only employees in his/her department (unlike an admin who has access to all employees).

Access control policies have three core elements:

  • Privileged Users: They are the users/managers who monitor certain groups of people (Target Users/Subjects).

  • Target Users / Subjects: These are the users monitored by the Privileged Users.

  • Permission: Defines what the privileged user can do with the information of the Target Users under their responsibility. The permission is grouped into Play, Management Features (Role-policies only), View, Edit, and Access Widgets categories.

With a List access control policy, you can assign privileged and target users from the policy itself. With a Role access control policy, you can only configure permissions when creating/editing the policy. After creating the Role policy, you will need to assign its privileged user and target(s) from the employee’s profile. See the Entering / Editing Employee Profiles > RBAC section for more information.

Note that you cannot add any admins as the Privileged Users. Admins have their own access control policy set at the account level. However, you can add an admin to the list of target users. To change an admin’s access level, you can assign them a different admin account such as Infrastructure Admin, Operations Admin, etc. from the Employee Profile under the Account Info tab. For more information, check out the How to change a user’s account access level / role permission article.

Creating a List (Regular) Policy

1. Click the New policy button at the top-right corner of the Access Control screen. A window will pop up:

2. Enter a name for the policy into the POLICY NAME field.

3. Select the LIST ACCESS CONTROL POLICY option.

4. Select the privileged users from the APPLIES TO field.

5. Click the SAVE button. You will be taken to the Create policy screen:

create regular policy.png

6. Specify a policy name.

7. You can change the privilege users from the Privileges to field. Click anywhere in the field to add a user; click the X button to remove a user.

8. Click the Create permission button to create a new permission.

The permission tabs will show up under the “Rule” column on the exported policies report.

9. Click the Select all targets button to select all target users or the Deselect all targets button to deselect them.

10. Click the Show all link to show all users or the Show only selected link to show only selected target users.

11. Click on a target user’s name to select/deselect them.

12. Click the Select all permissions button to select all permissions or the Deselect all permissions button to deselect them.

13. Click on a permission category (e.g., Play, View, etc.) to expand or collapse it.

14. Click on a permission item (e.g., Play live screen stream, Control screen, etc.) to select/deselect it. See the List of Access Control Permissions table below for an explanation of each permission item.

15. Click the Save changes button to save the policy.

Creating a Role (RBAC) Policy

By default, RBAC policy isn’t activated on On-Premise deployments. Please contact [email protected] to enable it on your On-Premise deployment.

1. Click the New policy button at the top-right corner of the Access Control screen. A window will pop up:

2. Enter a name for the policy into the POLICY NAME field.

3. Select the ROLE ACCESS CONTROL POLICY option.

4. Click the COPY PERMISSIONS FROM field and choose a Role (account type) or an existing Role policy. Permissions from the role/role policy will be pre-selected for you (you will be able to change the permissions on the next, Create policy screen). If you do not choose a role or role policy, then no permissions will be pre-selected.

5. Click the SAVE button. You will be taken to the Create policy screen:

create role policy.png

6. Specify a policy name.

7. Optionally, enter a description for the policy in the Description field.

8. Click the Select all permissions button to select all permissions or the Deselect all permissions button to deselect them.

9. Click on a permission category (e.g., Play, Management features, View, etc.) to expand or collapse it.

10. Click on a permission item (e.g., Edit shared lists, Edit work hours, etc.) to select/deselect it. See the List of Access Control Permissions table below for an explanation of each permission item.

11. Click the Save changes button to save the policy.

Assigning Role Policies to Users

Unlike the List policies, you can only configure permissions when creating/editing a Role policy. You will need to assign its privileged user and targets from the employee’s profile. See the Entering / Editing Employee Profiles > RBAC section for more information.

Viewing / Editing / Deleting / Exporting a Policy

image-201.png

1. Click on a policy from the list of policies on the main Access Control screen. The View policy screen will open (note that List/Role policies have slightly different views):

List - policy view

Role- policy view

2. Click the Edit button to edit the policy. You will be taken to the Edit policy screen. Editing a policy is like creating a new policy. Follow the instructions under the Creating a List (Regular) Policy or Creating a Role (RBAC) Policy section.

3. Click the Delete button to delete the policy.

4. Click the Export to CSV button to export the policy. Note that this option is available for List policies only. The Role policies do not have the export option. See below to learn more about the export feature.

Exporting All Policies

The export option currently works for the List policies only.

1. Click the Export to CSV button from the main Access Control screen. A pop-up window will open:

2. Select users/computers/departments from the OBJECTS field to filter the policies to be exported. If you don’t specify any objects, all the policies will be exported.

3. You can optionally toggle the policy name and policy rule columns.

4. Click the EXPORT button to begin export. When the export is ready, you will see a pop-up message:

5. Click the message to download the CSV file (you can also download the report from the System > Report Export screen). The CSV report looks something like this:

Each Permission tab of a policy will show up as a number under the “Rule” column. A “1” under a permission column means it’s enabled, “0” means disabled.

List of Access Control Permissions

Note that some of the permissions are interlinked and one might not work without the other. For example, if you enable the View and create custom dashboards but don’t enable any of the widgets under Access Widgets, then the privileged user will not be able to add any widgets to their dashboards.

Similarly, the View permissions for the various individual reports (e.g., View productivity report) also determine what BI report and BI data sources will be available. For example, if you disable the View productivity report, it will hide the BI Reports > Productivity and it will also hide the INPUT ACTIVITY and the WORK TIME data sources when you try to add a widget on a BI report. If you disable the View permission for a report, any existing BI widgets that rely on the report will show an “Access denied” message or just show the data for the logged in privileged user.

Play

Play

Play live screen stream

Allows the privileged user to view the desktop of an online user (Live Mode) on the Session Player.

Play historic screen stream

Allows the privileged user to play past recordings of a user (History Playback Mode) on the Session Player.

Play restricted historic screen stream

Allows the privileged user to play screen recordings that were marked as restricted recordings. Time/screen recordings can be marked as restricted by deleting them with the Remove time and restrict access for screens option from the Time Records, Time Cards, or the Screen Snapshots report.

Control screen

Allows the privileged user to remotely control a computer (RDP) on the Session Player.

See and manage player tags

Allows the privileged user to view and manage tags on the Session Player.

Management features (Role policies only)

Configure all settings

Enables the Dashboard Settings > Settings menu and all its options.

Configure alerts settings

Enables the Dashboard Settings > Settings > Alerts tab. Note that you will have to enable some other permissions (e.g., Configure integrations) that enable the Dashboard Settings menu. Otherwise, you will not be able to access the Alerts tab).

Configure license notification settings

Configure integrations

Configure monitoring profiles

Edit behavior and anomaly rules

Enables the Behavior > Policies menu allowing the privileged user to create and manage behavior policies and rules.

Configure access control policies

Enables the Configure > Access Control menu allowing the privileged user to create, edit, delete, and export List (regular) access control policies.

If the user tries to create/modify any Role (RBAC) policies, they will see an “Access denied” error message.

Configure agents

Enables the Employees menu, letting the privileged user view the list of employees and enable/disable monitoring for an employee.

If you want them to view the details of an employee (Employees > Employee’s Details screen), you will also need to enable the View agents listing and agent details page permission. Additionally, you will need to enable the individual view permissions for the monitoring reports such as the View emails report, View keystrokes report, etc. if you want them to view those activities of the employee.

If you want the privileged user to be able to modify the settings on the employee profiles, you will need to enable the individual permission like, Edit agents email, Change agents password, Disable 2FA for agents, etc.

Configure computers

Enables the Computers menu, letting the privileged user view the list of computers and enable/disable monitoring, uninstall agent, etc. for a computer.

If you want them to view the details of a computer (Computers> Computer’s Details screen), you will also need to enable the View computer listing and computer details page permission. Additionally, you will need to enable the individual view permissions for the monitoring reports such as the View emails report, View keystrokes report, etc. if you want them to view those activities of the computer.

Configure computers notifications

Enables the NOTIFY WHEN OFFLINE option on the Computer settings window (Computers > Computer’s Details > EDIT INFO). Note that you will need to enable the Configure computers and View computer listing and computer details page permissions to let the privileged user access the Computers > Computer’s Details screen.

Configure departments

Enables the Configure > Departments menu allowing the privileged user to view and edit departments (but not delete them). Note that you will be able to select the departments the privileged user can access when assigning the role policy from the GRANT ACCESS TO field on the Employees > Employee’s Details > EDIT INFO > RBAC tab. The departments have a suitcase icon.

If you want the privileged user to be able to create new departments, you will need to enable the Create new departments permission.

Configure tasks

Enables the Time Tracking > Tasks menu.

Configure productivity profiles

The privileged user will be able to view the productivity profiles but cannot create or modify them. However, they will be able to create, edit, and archive the productivity categories created by them.

Configure access tokens

Enables the User Menu > Access Tokens menu allowing the privileged user to create or delete their own tokens.

Configure schedules

Enables the Configure > Schedules menu allowing the privileged user to create/modify schedules.

Note that there is an option, NEW EMPLOYEE on the Schedule screen that allows to add new users. If you want that option to work, you will need to enable the Create new agents permission.

Configure positions

Enables the Configure > Positions menu allowing the privileged user to create/manage positions.

Edit agents email

Allows the privileged user to edit the email address on an employee’s profile (PERSONAL INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Change agents password

Allows the privileged user to edit the password on an employee’s profile (ACCOUNT INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Disable 2FA for agents

Allows the privileged user to change the 2-Factor Authentication options on an employee’s profile (AUTHENTICATION tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Note that the FORCE USERS TO LOG IN USING 2-FACTOR AUTHENTICATION option has to be enabled on the Settings > Security screen before the privileged user can modify any employee’s 2FA settings.

Edit agents name

Allows the privileged user to edit the names on an employee’s profile (PERSONAL INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Edit agents avatar

Allows the privileged user to edit the avatar (profile image) on an employee’s profile (PERSONAL INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Edit agents phone

Allows the privileged user to edit the phone number on an employee’s profile (PERSONAL INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Edit agents default wage

Allows the privileged user to edit the RATE (wage/salary) on an employee’s profile (PERSONAL INFO tab). Note that you will need to enable the Configure agents and View agents listing and agent details page permissions to let them access the employee’s profile screen.

Edit agents flags

If enabled, will let the privileged user change the options on the ACCOUNT INFO tab of an employee’s profile:

Create custom access control role

Allows the privileged user to create List (Regular) policies. Note that you will also need to enable the Configure access control policies permission so that the user can access the Access Control screen.

Edit custom access control role

Allows the privileged user to edit List (Regular) policies. Note that you will also need to enable the Configure access control policies permission so that the user can access the Access Control screen.

Delete custom access control role

Allows the privileged user to delete List (Regular) policies. Note that you will also need to enable the Configure access control policies permission so that the user can access the Access Control screen.

Assign custom role to agents

Allows the privileged user to assign Role access control policies to an employee from the employee’s profile (Employees > Employee’s Details > EDIT INFO > RBAC tab).

Create new agents

Allows the privileged user to add new users from screens such as the Employees screen, Schedules screen, etc. Note that you will need to enable the corresponding permissions such as the Configure agents, Configure schedules, etc. to give the privileged user access to the screens.

Delete agents

Allows the privileged user to delete users from screens such as the Employees screen. Note that you will need to enable the corresponding permissions such as the Configure agents, View agents listing and agent details, etc. permission to give the privileged user access to the Employees screen.

Create new departments

Allows the privileged user to create new departments from the Configure > Departments menu. Note that you will need to enable the Configure departments permission to let them access the Departments screen.

Deploy Teramind agent to computers

Enables the REMOTE INSTALL AGENT button on the Computers screen (On-Premise deployments only) and lets the privileged user deploy the Agent remotely. Note that you will need to enable the corresponding permissions such as the Configure computer, View computers listing and computer details, etc. permission to give the privileged user access to the Computers screen.

View deployments report

Enables the DEPLOYMENTS button on the Computers screen (On-Premise deployments only). Note that you will need to enable the corresponding permissions such as the Configure computer, View computers listing and computer details, etc. permission to give the privileged user access to the Computers screen.

View Teramind agent deploy status report

Allows the privileged user to click a deployment and view current status of the deployment such computers, start/finish time, status, etc. Note that you will need to enable the View deployments report, Configure computer/View computers listing and computer details, permissions to give the privileged user access to the Computers > Deployments screen (On-Premise deployments only).

View Teramind agent deploy in progress

You can click on each deployment, to see details per-IP (On-Premise deployments only).

View disappeared report

View storage report

Enables the Storage report. The report can be accessed using a link like this:

<your instance>/#/reports/storage

Here, <your instance> is the URL of your Teramind Dashboard.
For example, if the link to your Teramind Dashboard is https://acme.teramind.co, then you can access the report with this link:

https://acme.teramind.co/#/reports/storage

View

View and create custom dashboards

Allows the privileged user to create custom dashboards from the Dashboards screen.

Note that if you don’t enable any widget(s) under the Access Widgets section (see below) the privileged user will not be able to add any widgets to their dashboards.

View and create BI dashboards

Activates the BI Reports. Note that you will need to enable specific reports (e.g., webpages and applications report, emails report, etc.- see below) for them to show up under the BI Reports.

Note that some of the reports might still be shown (e.g., Login Sessions, Productivity, etc.) even if you don’t enable the view permission for them. This can happen if you have those reports enabled from the privileged user’s own profile, under the ACCOUNT INFO tab. However, in that case the data will be shown for the logged in privileged user only, and not the target users.

View risk dashboard

Enables the Risk report.

View productivity report

Enables the following reports:

Note that if you haven’t enabled this permission but have unchecked the Disable self productivity report option under the ACCOUNT INFO tab on the user’s profile, then the Productivity reports will still be shown. However, in that case the data will be shown for the logged in privileged user only, and not the target users.

View webpages and applications report

Enables the fowling reports:

View emails report

Enables the following reports:

View file transfers report

Enables the following reports:

View instant messaging report

Enables the following reports:

View social media report

Enables the following reports:

View keystrokes report

Enables the following reports:

View web searches report

Enables the following reports:

View printing report

Enables the following reports:

View snapshots report

Enables the Monitoring > Screen Snapshots report.

Note that if you haven’t enabled this permission but have unchecked the Disable self productivity report option under the ACCOUNT INFO tab on the user’s profile, then the Screen Snapshots report will still be shown. However, in that case the data will be shown for the logged in privileged user only, and not the target users.

View sessions report

Enables the following reports:

Note that if you haven’t enabled this permission but have unchecked the Disable self session report option under the ACCOUNT INFO tab on the user’s profile, then the Sessions reports will still be shown. However, in that case the data will be shown for the logged in privileged user only, and not the target users.

View network monitoring report

View console commands report

Enables the following reports:

View System Log report

Enables the following reports:

View behavior alerts report

Enables the following reports:

View agents listing and agent details page

Enables the Employees report.

Note that if you don’t enable the view permissions for the individual reports, the corresponding tab on the Employee’s details screen will not be shown. Or, if it’s shown, the data will be available only for the logged in privileged user and not the target users.

For example, if you don’t enable the View webpages and applications report permission, then the Employee report will not show the Activity Log tab. Similarly, it will not show the Sessions Log tab if the View sessions report permission isn’t enabled. Or, it will show the Sessions Log tab if the Disable self session report option under the ACCOUNT INFO tab on the user’s profile is checked. However, in that case the data will be shown for the logged in privileged user only, and not the target users.

View computers listing and computers detail page

Enables the Computers report.

Not that similar to the View agents listing and agent details page permission, if you don’t enable the view permissions for the individual reports, the corresponding tab on the Computer’s details screen will not be shown. Or, if it’s shown, the data will be available only for the logged in privileged user and not the target users.

Allow to execute and view report export

Allow to execute and view video export

  • Enables the Download Video option on the Session Player. Note that if you don’t enable the Play live screen stream or the Play historic screen stream permission, the Download Video button will not be available.

View OCR report

Enables the Monitoring > OCR report.

If the OCR feature isn’t enabled on your deployment, you will see a “This feature is not available in this deployment” message.

View Employee cost report

Enables the Time Tracking > Employee Cost report.

Note that if you don’t enable the View Task cost report permission, clicking the Graph icon on the Employee Cost report will not show any data for the target users.

View Task cost report

Enables the Time Tracking > Task Cost report.

Note that if you don’t enable the View Employee cost report permission, clicking the Employee icon on the Task Cost report will not show any data for the target users.

View Time records report

Enables the Time Tracking > Time Records report.

View Time card report

Enables the Time Tracking > Time Cards report.

View online meetings

Enables the Monitoring > Online Meetings report.

Edit

Edit shared lists

Enables Configure > Shared Lists.

The privileged user will be able to create/edit their own lists and edit lists created by other target users.

Edit specific shared lists (Role policies only)

Enables the Configure > Shared Lists menu and allows the privileged user access to specific shared lists. Note that you will be able to select the shared lists the privileged user can access when assigning the role policy from the GRANT ACCESS TO field on the Employees > Employee’s Details > EDIT INFO > RBAC tab. The shared lists have a list icon.

Edit work hours

Allows the privileged user to add/remove time on reports like the Time Records, Time Cards, Screen Snapshots, etc.

Remove screen records (Role policies only)

Allows the privileged user to remove screen records from reports such as Time Tracking > Time Records, Time Tracking > Time Cards, Monitoring > Screen Snapshots, etc.

Note that you will need to enable the specific reports from the View permissions (e.g., View snapshots report) for the privileged user to be able to access those reports.

Configure locations on the map

Enables/disables the Configure > Locations menu.

Access Widgets

Storage report

Enables the Storage report. The report can be accessed using a link like this:

<your instance>/#/reports/storage

Here, <your instance> is the URL of your Teramind Dashboard.
For example, if the link to your Teramind Dashboard is https://acme.teramind.co, then you can access the report with this link:

https://acme.teramind.co/#/reports/storage

Online employees

Enables the Monitoring > Online Employees Dashboard widget.

State of employees

Enables the Monitoring > State of Employees Dashboard widget.

Live montage

Enables the Monitoring > Live Montage Dashboard widget.

Application usage

Enables the Monitoring > App Usage Dashboard widget.

Webpages usage

Enables the Monitoring > Web Usage Dashboard widget.

Network usage

Enables the Monitoring > Network Usage Dashboard widget.

Combined report

Enables the Monitoring > Combined Report Dashboard widget.

Latest snapshots

Enables the Monitoring > Latest Snapshots Dashboard widget.

Activity log

Enables the Monitoring > Activity Log Dashboard widget.

Emails log

Enables the Monitoring > Email Log Dashboard widget.

Command lines log

Enables the Monitoring > Commands Log Dashboard widget.

Time worked

Enables the Productivity > Time Worked Dashboard widget.

Activity rating

Enables the Productivity > Activity Rating Dashboard widget.

Payroll rating

Enables the Productivity > Payroll Rating Dashboard widget.

Employee payroll

Enables the Productivity > Employee Payroll Dashboard widget.

Department payroll

Enables the Productivity > Department Payroll Dashboard widget.

Task payroll

Enables the Productivity > Task Payroll Dashboard widget.

Task hours

Enables the Productivity > Task Hours Dashboard widget.

Alerts log

Enables the Security > Alerts Log Dashboard widget.

Risk

Enables the Security > Risk Widget Dashboard widget.

Keystrokes log

Enables the Monitoring > Keystroke Log Dashboard widget.

Productivity Profiles

Productivity profiles allow you to create rules to classify productive and unproductive applications and websites and assign them to individual employees, groups or departments. The profiles determine how Productivity Classification, Productive Time, Unproductive Time, etc. are measured and reported on the BI Reports (for example, BI Reports > Productivity and the BI Reports > Applications & Websites).

mceclip0__23_.png

Parent vs Child Profiles and Inherited vs Owned Rules

The main window of the Productivity Profiles screen shows a tree-view of all the parent and their child profiles. Child profiles will inherit all classification rules from its parent profile(s). Each profile can also ‘own’ its unique rules. This parent-child hierarchy and the ability to inherit/own rules allow you save time by avoiding duplicating or manually entering same rules to multiple profiles.

Viewing and Managing Productivity Profiles

mceclip2__6_.png

1. To filter profiles: You filter the list of displayed profiles using the Search field and/or the Filter by assignments list.

2. To view all child profiles: If a profile has any child profile(s) you can click on its Up Arrow /Down Arrow icons to view or hide its child profiles.

3. To change the parent of a child profile: Click the Inheritance button to change the parent of the profile.

4. To delete a profile: Click the Delete (X) button to delete / remove a profile.

When you delete a profile, all of its child profiles and rules will be deleted too.

You can also view a user’s productivity profile (but not change it) from the employee profile screen.

Adding a Productivity Profile

mceclip5__4_.png

1. Click the Add child profile button at the right side of a profile to add a new child profile under it. A pop-up window will open:

mceclip6__3_.png

2. Enter a PROFILE NAME.

3. Select the employees/departments the profile will be ASSIGNED TO.

4. Click the CREATE button to create the profile. You will be taken to the Edit productivity profile screen. Check Step 2-4 of the Editing Productivity Profiles and Classification Rules section below to learn how to configure a rule.

You can only assign one productivity profile to a user. If they are already part of a productivity profile, assigning them to a new profile will remove them from the previous profile.

Editing Productivity Profiles and Classification Rules

mceclip8__1_.png

1. Click a profile’s name to edit it. You will be taken to the Edit productivity profile screen:

mceclip9__1_.png

2. Click the Pencil icon next to the profile’s name to edit its name and change its assignment. Note that, you can only assign one productivity profile to a user. If they are already part of a productivity profile, assigning them to a new profile will remove them from the previous profile.

3. You can change what rules are displayed by using the Search, Productivity, Type and Inheritance

4. Click the Pencil icon next to a rule to edit it (see below for more information).

5. Click the Delete (X) icon to delete a rule. You can only delete a rule ‘owned’ by the profile.

6. Click the Open Parent icon to leave the edit screen of the child profile and go to the parent profile screen.

7. Click the Click the Override icon to create a copy of an inherited You can then save the inherited rule as a new owned rule.

8. Click the ADD NEW RULE button to create a new rule. The filter area will change to let you enter the details for the rule:

mceclip14__2_.png

9. Select a type of rule. You can choose from Activity, Regexp and Category.

10. Enter a value for your chosen rule type. The value will apply to website URLs and application file names. For Activity type rules, you can enter any text. For example: com, word.exe etc. , Regexp will match with a regular expression*. For example, .*\.outlook\.com. With Category type rules, you can select from a predefined list of websites categories**. For example: Entertainment, Social Media etc.

*Teramind uses C++ standard regular expressions.

**Teramind uses inCompass® NetSTAR, a comprehensive web categorization and filtering technology to automatically categorize websites.

11. Select a productivity classification such as Productive, Unproductive or Unclassified.

12. Click the CREATE RULE button to create and save the rule or X button to cancel.

Reset Classifications / Retroactive Classifications

You can retroactively apply new classification profiles and rules to previous employee activities:

mceclip15__2_.png

1. Click the Reset classifications menu near the top-right corner. Select a reset option from the pull-down list.

2. You can see when the profiles were last synced near the reset menu.

Productivity Categories

Productivity Categories screen allows you to create custom productivity categories so that you can use them with the Productivity Profiles' Classification Rules or to classify activities on the BI Reports > Applications & Websites. Check out the How to create custom productivity categories article to learn more.

Shared Lists

The Shared Lists screen allows you to build a list of items that can be reused throughout Teramind. You can build lists of websites, IP addresses, program names, and more. These shared lists can be used when defining behavior rules, as well as in monitoring settings.

image-204.png

You can see all the existing lists including their name, type, number of items in the list etc. You can create, edit or delete shared lists from this screen.

Types of Shared Lists

  • Text: Useful for simple data such as keywords, names, website URLs, etc. For example, “John”, “www.facebook.com”, “casino”, etc.

  • Regular Expression: It’s a powerful list type that can be used to detect patterns and specially formatted text such as credit card numbers, zip/postal codes, etc. For example, “[pP][aA@][sS5$][sS5$]w[oO0]{0,1}[rR][dD]”, “{4}[0-9]{12}”, etc. Check out the Regex Cheat Sheet in this article for more information about regular expressions.

  • Network: Allows you to enter IP addresses with subnet masks*. For example, 55.112.63.22/32, 192.168.20.35/24, etc. Network lists can be used with the Network-based rules or to control network monitoring settings.

*Subnet Mask

The number after the “/” symbol refers to the subnet mask in CIDR notation. It’s used to divide the IP address into network and host portions. A subnet mask is used to determine which part of an IP address refers to the network and which part refers to the host. A subnet mask of /32 translates into a subnet of 255.255.255.255. This means the IP address is used by a single network/device and no host. A subnet mask of /24 translates into a subnet of 255.255.255.0. This means, the first 24 bits (255.255.255) are reserved for the network address and the last 8 bits (.0) are reserved for the host (allowing for a maximum of 256 hosts).

Creating / Uploading a Shared List

image-206.png

1. On the Shared List screen, click the Create list button near the top-right corner of the Shared List screen. A window will pop-up.

image-207.png

2. Enter a name for the list.

3. Select a list type. You can choose from Text, Regular Expressions and Networking types. See the Types of Shared Lists section above to learn what each of this list can contain.

4. Click the Create List button. You will be taken to a screen where you can add list items or upload a file.

image-208.png

5. Click the add file button to upload a .CSV or .TXT file containing your list item. Each item should be in a separate line in the file for Teramind to import it correctly.

6. You can also click the Add new row button to enter items manually one by one.

7. If you’ve entered an item manually, click the Save button to save it.

Note that on the Cloud deployments, the maximum number of items allowed in a Shared List is 32,000.

Editing / Downloading a Shared List

image-209.png

1. On the Shared List screen, click the Pencil button at the right side of a shared list. You will be taken to a screen where you can edit the list.

image-210.png

2. To download a copy of the list, replace the list or to append news items to a list from a file; click the Download list file button.

3. To add a new item/row, click the Add new row button.

4. To edit an item/row, click the Pencil button.

5. To delete an item/row, click the X button.

Deleting a Shared List

image-211.png

1. Click the Trash Can button at the right side of a shared list. You will be shown a warning. If the shared list is used somewhere (e.g., in the monitoring profiles, in rules) you will also be shown detailed information on where the list is currently being used:

2. Click the CONFIM button to delete the list.

Locations

The Configure > Locations screen allows you to create locations. Teramind will then match a user’s geolocation and network information (e.g., Wi-Fi names) to determine if the user is in a particular location.

The screen shows all the locations already created by their name, address, latitude, and longitude. You can search for a location, show them by name or type, edit location, and create new locations:

1. Click the CREATE LOCATION button to create a new location (see below).

2. Click the Pencil icon to edit a location (see below) and the X icon to delete a location.

3. You can use the Search box to search for a location. You can filter the location BY NAME or BY TYPE.

4. Click on the Up/Down Arrows in front of a location to show/hide details about the location.

5. Use the navigation buttons at the bottom to navigate the pages.

Creating a Location

1. On the Create Location screen, enter the location details such as a name, address, postcode, radius*, latitude, and longitude. You can also use the map on the right to move around. The latitude and longitude will automatically be picked up when you do so.

*The RADIUS determines how much radius (area) will be covered using the latitude and longitude as the center point. This is similar to the Error Radius in the BI reports.

2. Click the ADD ACCESS POINT* button to add Wi-Fi access points. Give the access point a name and then provide the SSID and MAC ADDRESS. You can find the information from your network settings.

*This feature isn’t activated yet.

When this feature becomes available, you will be able to add network access points to accurately locate a user’s whereabouts. For example, if a user is using an office Wi-Fi access point, they are in the office. If you do not provide any access point information, then the default geolocation information will be used to determine the user’s location

3. Click the CREATE LOCATION button the create the location or the CANCEL button to exit without saving.

Editing a Location

Editing the location is similar to creating a location:

1. On the Update Location screen, enter the location details such as a name, address, postcode, radius*, latitude, and longitude. You can also use the map on the right to move around. The latitude and longitude will automatically be picked up when you do so.

2. Click the ADD ACCESS POINT button to add Wi-Fi access points.

3. Click the Pencil icon to edit an access point and the X icon to delete an access point.

4. Click the UPDATE LOCATION button the create the location or the CANCEL button to exit without saving.

Using the Location Info on the BI Reports

Most of the BI Reports come with an “Office” Dimension that can be used with any Chart or Grid widgets. This way you can create unique custom reports to measure specific metrics. For example, here we created a widget called “ACTIVE TIME OF REMOTE USERS” to measure employee active time by location:

We then used a filter on the “ACTIVE TIME OF REMOTE USERS” widget to show only Out-of-office users. Any user’s location that doesn’t match with one of the locations you created in the Configure > Locations screen will be marked as Out-of-office:

Did this answer your question?