How do I implement group-based user management in KentixONE?

User groups control operating permissions in the web interface. Through alarm group assignment to users, you additionally limit the visibility of devices and messages. This creates a clear, tenant-like separation.

Prerequisites

Access to the KentixONE Web Interface
Role with permission for user and group management
Meaningful alarm group structure, e.g. Location → Building → Room (see Topology Article)

Step-by-step Guide

1. Create User Groups and Define Permissions

Open User Management → User Groups and create a new group (e.g. "Viewer", "Manager", "Technician").
Only activate required permissions. Example:
View Detail View, acknowledge alarms, arm/disarm assigned alarm groups.
Optional: Edit devices, reports, configuration etc.

note

User groups only determine what a user "may do". What they "see" is controlled by the alarm groups assigned to the user.

2. Create Users and Assign Groups

Open User Management → Users → "+" and fill out the basic data.
Select the previously created group under "User Group".
Optionally add email/phone number for notifications. Details: User Form.

note

Users can only see and manage the alarm groups they are assigned to
Users can only assign access profiles that they have themselves

3. Restrict Visibility via Alarm Groups

Under "Alarm Groups", assign only the areas the user should see and operate.
The user will then only see messages from these alarm groups (including subgroups) in Detail View, Event and Access Log.

Example for location-based separation:

User A (Frankfurt): Alarm groups "Germany → Frankfurt → …"
User B (Düsseldorf): Alarm groups "Germany → Düsseldorf → …"

4. Check Topology

Structure your alarm groups hierarchically. Devices are always in subgroups.
Move/arrange groups so user visibility exactly matches the desired scope. More info: Alarm Group Topology.

5. Test with an Affected User

Log in with the user account or use a second browser profile.
Check: Does the user only see "their" alarm groups? Can they operate according to user group permissions?

Tips & Tricks

Start with the predefined groups "Viewer" and "Manager" and extend them as needed.
Work according to the principle of minimal rights: Only activate required permissions.
Set up notifications per user. Guide: Configure Notifications.
For many users, import via LDAP/AD is recommended: Import LDAP Users.

Troubleshooting

User sees too many alarm groups: Check assignment under "Alarm Groups" in user account.
User cannot arm/disarm: User group lacks permissions "Arm/disarm assigned alarm groups" or "Acknowledge alarms".
Cannot delete/arrange groups: Devices or subgroups still exist. Details in article Alarm Group Topology.

Glossary

User Group: Role that defines operating rights in the web interface.
Alarm Group: Hierarchical unit for organizing devices and messages; controls user visibility.
Detail View: Main view for status, alarms and operation of alarm groups.
Tenant-like Separation: Organizational separation through group and alarm group assignment (no technical multi-tenant).

Prerequisites​

Step-by-step Guide​

1. Create User Groups and Define Permissions ​

2. Create Users and Assign Groups ​

3. Restrict Visibility via Alarm Groups​

4. Check Topology ​

5. Test with an Affected User​

Tips & Tricks​

Troubleshooting​

Glossary​