Unified Login with KaseyaOne

To enable login with KaseyaOne (Unified Login v2) for VSA 10, complete the following steps:

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
   
2. Click Enable Log In with KaseyaOne.
   
3. Log in to KaseyaOne as follows:
1. Enter your KaseyaOne username and company name, and click Next.
   
2. Enter your KaseyaOne password, and click Log In.
   
   
3. Enter your two-factor authentication code, and click Verify.
   
   
4. KaseyaOne will open and show VSA 10 in the Module URLs list.
   
   
5. When you log in to VSA 10, you will now see the KaseyaOne app launcher (waffle) icon.
   
   
   • Clicking the icon will show a list of the modules enabled for login with KaseyaOne underneath the My IT Complete heading.
   • At the top, you will see a link to open KaseyaOne.

Kaseya Unified Login for VSA 10 is now enabled. All users with accounts in both KaseyaOne and the Partner Portal can now use their KaseyaOne login credentials to access the module.

To disable the ability of users in your organization to log in to VSA 10 using IT Complete (KaseyaOne), follow these steps:

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
2. Click Disable Log In with KaseyaOne.
   
   

You'll be logged out for security purposes and receive a confirmation message. You will need to log back in with your VSA 10 login credentials.

The Require Log In with KaseyaOne feature forces users to log in with their KaseyaOne credentials to access VSA 10. When the feature is enabled by an organization, users can no longer log in to VSA 10 with their local VSA 10 credentials.

Enabling the Require Log In with KaseyaOne feature allows users to authenticate with their KaseyaOne modules using just one set of credentials.

Prerequisites

• You must be an administrator for both VSA 10 and KaseyaOne.
• You must have the same email address for VSA 10 and KaseyaOne accounts.
• Unified Login with KaseyaOne must be enabled for the account.

Steps

BEFORE YOU BEGIN  Before this feature can be enabled, the Enable Log In with KaseyaOne setting must be activated. (In this case, the page will display the option to Disable Log In with KaseyaOne.) Refer to Enabling unified login with KaseyaOne.

IMPORTANT  Once this option is enabled, any users who do not have a KaseyaOne account will no longer be able to log in to VSA 10 through local login unless you add them to the exceptions list. Refer to Exempting users from being required to log in with KaseyaOne.

To enable the Require Log in with KaseyaOne feature, complete the following steps:

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
2. In the Require Log In with KaseyaOne section, turn on the Require Log In with KaseyaOne toggle.
3. To allow specific users, teams, or users with specific email domains to continue to log in to VSA 10 using their local VSA 10 credentials, enter these details in the fields. For instructions, refer to Exempting users from being required to log in with KaseyaOne.
4. In the lower-right corner of the page, click Save.

IMPORTANT  Enforcing KaseyaOne login disables VSA 10 password reset. On the My Settings page, the Change password tab is disabled, and a message indicates that KaseyaOne login is enforced. Refer to My Settings. This does not apply to users included in the exceptions list.

Login scenarios

The following describes user login scenarios possible when Require Log In with KaseyaOne is enabled:

• When a user attempts to log in to VSA 10 with their VSA 10 credentials and, the user is redirected to the KaseyaOne login page.

NOTE  This does not apply to users included in the exceptions list. Refer to Exempting users from being required to log in with KaseyaOne.

• When a user is included in the exceptions list, the user can log in to VSA 10 using their local VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).

The following describes a user login scenario possible when Require Log In with KaseyaOne is disabled:

• The user can log in to VSA 10 using their local VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).

Once the Require Log In with KaseyaOne feature is enabled, you will be able to add any existing users, teams, or users with email addresses part of certain email domains to the exceptions list. Refer to Disabling local login and enforcing KaseyaOne authentication. Any users, teams, or email domains part of the exceptions can continue to log in using local VSA 10 credentials.

All VSA 10 users in the Administrators team will be able to log in locally and do not require manual exception even if Require Log In with KaseyaOne is enabled.

This option is useful if you have users that need to log in to VSA 10 for remote access or reporting, such as customer IT staff, but do not require KaseyaOne accounts.

Once you have enabled KaseyaOne Unified Login for your organization, you can automatically create VSA 10 user accounts for users without one, known as Just-In-Time (JIT) provisioning.

The objective of the Automatic User Creation feature is to create new user accounts for those who need to navigate seamlessly from KaseyaOne to VSA 10.

For existing users in VSA 10 who log in from KaseyaOne, only the first name and last name are to be updated based on the user information drawn from KaseyaOne. In this case, KaseyaOne is considered the source of truth. Existing users' security roles will remain as they were previously defined in VSA 10.

Prerequisites

• A KaseyaOne account.
• Administrator access to VSA 10.
• KaseyaOne Integration enabled in VSA 10.

Steps

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
2. Turn on the Enable Automatic User Creation toggle. A set of options within the Default User Team field will appear. The selected team will be the team assigned to automatically provisioned users.
   
3. In the lower-right corner of the page, click Save.

NOTE  After saving, if you turn off the Automatic User Creation toggle, the form will remain visible but the fields will not be configurable.

Role-based access control (RBAC) is the process of assigning permissions to users based on their role within an organization. Rather than assigning permissions to users individually, you assign permissions to a group (and then assign users to the group).

Instructions follow on how to configure RBAC by defining mapping rules to control user access for VSA 10. The purpose of defining mapping rules is to mimic or maintain the same levels of user access between KaseayOne and VSA 10.

The selected Access Groups setting will result in one of the following scenarios:

• If you enable access groups, RBAC from KaseyaOne will be allowed for VSA 10, and you will be able to map KaseyaOne groups to (the same or similar) module roles.
• If you disable access groups, RBAC from KaseyaOne will not be allowed for VSA 10.

To enable access groups for VSA 10, do the following:

1. Log in to VSA 10 and navigate to Administration > Configuration > Settings > Log In with KaseyaOne.
2. In the Access Groups section, turn on the Enable Access Group toggle.
   
3. Click Edit Access Groups to create mapping rules to control user access. Map each existing KaseyaOne access group to the same or a similar VSA 10 team.
4. Click Apply and review the mappings.
5. In the lower-right corner of the page, click Save.

NOTE  You can click Sync at any time to initiate an instantaneous syncing of the mapped access groups in KaseyaOne and VSA 10.