Add local users

Use one of the following methods to add local users:

Create a local user—Applicable to scenarios where a single user or a few number of users will be added.
Import local users—Applicable to scenarios where a large number of users will be added in a short time. For example, use this method to import all user information to a newly deployed VDI environment.
Synchronize users from a third-party server—Applicable to scenarios where users need to be manually synchronized from third-party account authentication platforms (such as JIT, IDLINK, and China Bank's identity management platform) to the management platform.
Import third-party system accounts—Applicable to scenarios where third-party system accounts (such as WeCom and DingTalk accounts) are imported into the management platform. Third-party system account import is supported only in scenarios other than the education scenario.

Create a local user

A local user name cannot contain Chinese characters.

Procedure

From the left navigation pane, select Users > Local Users or Users > Local Users > User group name.
Click Create User.
Select Add New User, and then click Next.
Configure basic parameters and extension parameters for the user, and then click Next.
Configure third-party login, phone number, DingTalk account, WeCom account, QuantumCTek authentication, and Google Authenticator as needed, and then click Next.
Verify that the configuration is correct.
Click OK.

Parameters

Basic information
- User Type: Select a user type. Options include Common, Student, and Faculty. This parameter is available only in an office-education hybrid scenario. You can create common users in an office scenario, and student users and faculty users in an education scenario. Student users can log in to the student desktop client and faculty users can log in to the teacher desktop client.
- Login Name: Account used by the user to log in to the desktop client. The value is a string of up to 20 characters. The login name cannot contain Chinese characters.
- User Name: Name of the local user.
- Login Password: Password used to log in to the client. The password must be longer than six characters. As a best practice to enhance password security, enter a password that contains a minimum of three character types from uppercase letters, lowercase letters, digits, and special characters.
- Confirm: Enter the login password again to confirm it.
- User Group: User group to which the local user belongs. A student user can belong only to one user group of the class type. Other types of users each can belong to multiple user groups.
- Access Policy: Access policy used to restrict the time when the user can access a cloud desktop or course desktop and the IP address used by the user to access the desktop. Configure this parameter if a user account is required for login.
- Status: Enabled by default. If this option is disabled, the user cannot log in to the client or the user self-service system.
- Private Disk: Whether to enable private disk for the user. If you enable private disk, you must set the private disk size. You cannot disable the private disk once it is enabled. For more information about private disk configuration, see private disk settings in "Configure system parameters." With private disk enabled, the user can attach its private disk to its cloud desktop regardless if its endpoint. After the user logs in to the desktop, it can open the private disk tray in the lower-right corner of the desktop to attach its private disk to the desktop. Data in the private disk can survive a desktop reboot or power off. Only Windows and Kylin operating system VDI cloud desktops support private disks.
- Samba Sharing: Before enabling this feature, you must configure Samba shared server parameters on the System > External Services > Third-Party System Collaboration page. With this feature enabled, you can use Samba sharing services. For more information about the Samba shared server configuration, see Third-Party System Collaboration.
- Samba Sharing Path: Specify the path of shared files on the Samba shared server, which contains the user login name and user ID.
Extension information
- Gender: Select the user gender, male or female. This parameter is available only for a student user or a faculty user.
- Age: Specify the age of the user.
- Organization: Specify the organization of the user.
- Department: Specify the department of the user.
- Date of Hire: Specify the date when the user was hired.
- Identity Number: Identity number of the user. For example, you can enter the identity number on the user's identity card or passport. The identity number is a string of up to 32 characters.
- Email: Email address of the user, which is a string of up to 256 characters. The value must be in standard format, for example, [email protected].
- Address: Contact address of the local user.
- Bind Endpoint IP Address: Specify the endpoint IP addresses that can be used by the user to connect to the cloud desktop. You can enter an IP address or a hyphenated IP address range in each line. If you do not specify an IP address or IP address range, the user can use any endpoint IP address to connect to the cloud desktop.
- Bind Endpoint MAC Address: Select whether to bind endpoint MAC addresses to the user. The user can use only the bound endpoint MAC addresses to access the desktop. To allow the user to use the endpoint MAC address at the first login to access the desktop, select Bind First-Login MAC Address. You do not need to enter the first-login MAC address. To bind other endpoint MAC addresses to the user, you must manually enter the MAC addresses. You can enter a MAC address in each line.
- Expire At: Expiration time of the user. If scheduled user clearing is disabled, the client displays an expiration reminder after the user expires. If scheduled user clearing is enabled, Space Console will delete the user when it expires. If this field is empty, the user will never expire.
- User Validity Period (Days): If a user has not logged in to the cloud desktop within the specified validity period, the user will be disabled. A value of 0 means the user validity period is not limited.
Authentication
- Third-Party Login: Select whether to enable third-party login. After you enable third-party login, a user can log in through SMS, DingTalk one-time password and QR code, WeCom one-time password and QR code. Third-party login is supported only by VDI clients.
- Phone: Phone number of the user. As a best practice, configure this parameter if SMS login is enabled.
- DingTalk Account: Specify the DingTalk account that binds to the user. If you do not specify this parameter, the DingTalk account uses the user login name by default. This parameter is not supported in the education scenario.
- WeCom Account: Specify the WeCom account that binds to the user. If you do not specify this parameter, the WeCom account uses the user login name by default. This parameter is not supported in the education scenario.
- QuantumCTek Auth: Select whether to enable QuantumCTek authentication. When QuantumCTek authentication is enabled, the user must bind a USB key provided by QuantumCTek for login authentication when it logs in to the client installed on a Windows endpoint through its username and a password. The user can log in to the client only after it binds to the USB key successfully. Before enabling QuantumCTek authentication, you must configure QuantumCTek authentication parameters on the System > Auth Collaboration > Secondary Auth > QuantumCTek Auth page. QuantumCTek authentication is supported only by VDI clients.
- Google Authenticator: Select whether to enable Google Authenticator. With Google Authenticator enabled, when a user logs in to the client, the user must enter a username and password and then enter the one-time password obtained from Google Authenticator. You cannot enable Google Authenticator with QuantumCTek Auth or Third-Party Login simultaneously. When Google Authenticator is enabled, make sure the system time of the NTP server is consistent with the time of the time zone where the user endpoint resides.

Import local users

As a best practice, download the template file, add user information to the file, and then upload the file back to the Space Console.

Procedure

From the left navigation pane, select Users > Local Users or Users > Local Users > User group name.
Click Create User.
Select Import Users from File.
Click Download Template and add user information to the downloaded template file.
Upload the file back to the Space Console and configure other import parameters.
Click Next.
Verify the configuration is correct.
Click OK.

Parameters

Import File: Upload the file that contains user information. The encoding format of the uploaded file must be GBK.
Delimiter: By default, the delimiter is a comma (,). The delimiter is not user configurable.
User Group: Select a method to assign the imported users to user groups. The following options are available:
- Import—To import user groups in the file and assign the users to the user groups, select this option. If a user group does not exist on the Space Console, the Space Console will create that user group and import the corresponding users to that user group.
- Existing Group—To assign the users to one or multiple existing user groups on the Space Console, select this option. For student users, you must select an existing class group.
- Create—To create a user group and assign the users to the user group, select this option.
Specify User Type: Select a user type. The following options are available:
- Import—To import the user type of each user in the file, select this option.
- Existing Type—To specify a user type for all imported users, select this option.

Synchronize users from a third-party server

Perform this task to manually synchronize user accounts on a third-party platform to Space Console. The system automatically synchronizes user accounts on a third-party platform to Space Console at 3:40 every day. The third-party platforms include JIT, IDLINK, and China Bank's Identity Management Platform. Before configuring this feature, complete third-platform settings from the System > Auth Collaboration > Account Collaboration > Third-Party Account Docking page.

To synchronize user accounts:

From the left navigation pane, select Users > Local Users or Users > Local Users > User group name.
Click Create User.
Select Sync Users from Third-Party Server, click Next.
Confirm the third-party server information, select a local group (only supported by JIT) ,and then click OK.

Import third-party system accounts

Perform this task to import third-party system accounts, and set up mapping entries between these accounts and existing users on Space Console. This task is not supported in the education scenario.

You can configure this feature only for DingTalk or WeCom accounts of existing users on Space Console, and the system will update DingTalk or WeCom accounts for these users based on the imported file. You cannot configure this feature for users that do not exist on Space Console.

To import third-party accounts:

From the left navigation pane, select Users > Local Users or Users > Local Users > User group name.
Click Create User.
Select Import Third-Party System Accouts, click Next.
Click Download Template, enter user information in the template, click Select File, select the template, and then click Next.
Verify that the configuration is correct, and click OK.