The Account Settings view provides a management interface for various aspects of your ThousandEyes account, such as your user's settings and contact information. You can also manage information about your organization, its users and account groups. To access your account settings, click Account Settings on the lefthand side menu. This will reveal additional menus.
Selecting the Account Settings submenus will show they are separated into multiple tabs. Users may not see all the tabs depending on their level of assigned permissions. The tabs displayed and their contents will depend on the permissions in the roles assigned to each user. For example, users with the Organization Admin role will see the Users tab, which displays information about users in each account group within the organization. The Account Admin role will also see a Users tab but is limited to seeing only users present in the account groups assigned to it.
For information regarding roles and permissions, see Role-Based Access Control, Explained.
The Profile tab displays information about the user's organization(s), account groups(s) and assigned roles within those account groups. Here, users can modify their own username and email address (used for login to ThousandEyes), change their password and set their preferred timezone for the web interface.
If the user is a member of more than one account group (in one or in multiple organizations), they can select their Login Account Group. This determines into which account group the user is placed upon login. Once logged in, users can switch between account groups with the Current Account Group selector in the User menu, as described in Switching Account Groups below.
Under the User Profile section, for users with API access enabled (i.e. users with the API Access permission), the User API Tokens section will be visible, containing the API authentication tokens:
Two types of API authentication tokens are available: a token for HTTP Basic authentication and a token for OAuth-based authentication. The primary purpose of the latter is providing an authentication mechanism for the SCIM-based automated user provisioning process.
A user with the View roles permission will be able to see the Roles tab containing a table of all security Roles defined within the organization (1) and permissions associated with each Role (2):
The extensive list of permissions can be narrowed down by using the search bar (3). New roles can be defined by either clicking the Add New Role button (4) or by cloning one of the existing roles by clicking the icon under its name.
See the Role-based Access Control explained article for detailed information about ThousandEyes permission system.
The Users tab is visible for users having the View all users permission. As the name suggests, this section allows general user management:
Clicking on any entry in the table expands it and presents management options for the user's name, email address and account group associations, not unlike what each user sees in their Profile tab:
At the top, the Add New Users button opens a similar dialog, displayed in the figure below. This dialog has one additional feature - multiple users can be created in one step, with identical account group and role associations. To create multiple users in one step, simply add multiple email addresses into the Emails field. You can add multiple emails by either pressing the Enter key after each email address is typed in, or by pasting a comma-separated list of email addresses into the field:
As shown in the previous figure (the expanded user entry figure above), each user can be a member of multiple account groups. In each account group, the user can have more than one role assigned. The permission list granted to the user within each account group is a union of permissions across all roles assigned to the user in that account group. For example, if the user has the Account Admin and Regular User roles, they will have the combined permissions of both roles.
For an extensive description of the ThousandEyes role-based permission system, see Role-based Access Control explained.
For users with the View all account groups permission, the Account Groups tab will be visible. This tab displays all account group defined in the organization, along with the number of users and Enterprise Agents present in each account group. Users with the Edit all account groups permission can add, manage and delete account groups:
Expanding a row in the Account Groups table displays the account group's details and allows changes to the account group's name. The account group token is also displayed for users to copy when installing Enterprise Agents. Click the Regenerate Token link if circumstances require that a new token should be created (i.e., if the token is accidentally disclosed to an untrusted party). Once the new token is generated, Enterprise Agents with the old account group token will continue to function normally.
An account group's Enterprise Agents can be displayed in the Enterprise Agents drop-down. Enterprise Agents available to the current account group are displayed with checked boxes. Agents from other account groups can be checked to make them available to this account group or can be unchecked to remove them from the current account group. A checked and greyed out entry indicates an agent for which the current account group is the primary account group (i.e., the agent was created with the current account group's token) and thus cannot be deselected:
See What Is an Account Group? for further information about account groups and why having multiple account groups might be useful for you.
As explained above, each user can have access to more than one account group. Those account groups can even span across multiple organizations. Additionally, users with the Organization Admin role (or similar) have access to all account group defined within the organization. This allows the user to view tests, shares, reports and agents assigned to each of the account groups belonging to the organization.
To change the current account group context, click on the icon in the upper right corner of the ThousandEyes platform and expand the Current Account Group drop-down menu. This will allow you to switch into another account group context.
The following figure on the left shows the currently active context of the "QA PROD" account group (1). The figure on the right shows the expanded drop-down listing all account groups available to the user, from multiple organizations (2). Below the ThousandEyes Support Organization (in gray) is the "ThousandEyes Support" (3) account group. Under the ThousandEyes Internal Organization there are 4 other account groups. In this example QA PROD is listed in another organization further up in the menu selection:
The Usage tab shows settings for Plan Usage and Cloud Agent Units. This tab is only accessible by organization administrators - relevant permissions are View billing, View organization usage, and View security & authentication settings:
The Plan Usage section provides an overview of all aspects of Unit and license consumption:
Units: Shows the current usage (solid green bar), additional projected usage until the end of the current billing cycle (dashed green/white bar) and the remainder of the planned/purchased capacity.
Enterprise Agent Licenses: The highest number of concurrently enabled agents used during the current billing cycle and the number of purchased licenses in the plan. This is only visible to organizations on a non-metered billing model.
Endpoint Agent Licenses: The number of Endpoint Agents currently enabled and the number of purchased licenses in the plan.
You can select between showing consumption details of Cloud Agent Units or Enterprise Agent Units. The Enterprise Agent Units option is only visible to organizations on a metered billing model.
Control the breakdown table content by choosing to show your consumption by Account Group, by Test Type or by individual Test.
For your convenience, there is a Calculate the units you need for this account group link available. This link leads you to the Unit Calculator, a tool that helps you estimate your future usage.
To fully understand ThousandEyes Unit consumption, see How Unit Consumption works.
If you have any questions regarding your usage numbers, contact your ThousandEyes account manager or the Customer Engineering team via email@example.com.
The Billing tab shows current billing information for your organization. This tab is only accessible by users with the View billing permission:
The following sections are visible in this tab:
Plan Details: The details of your contracted ThousandEyes usage plan.
Billing Address: The address to be included on the invoices and the email address to which invoices are sent.
Payment Method: Displays payment information which is sent to a third party provider used by ThousandEyes for credit card processing. This form is a secure element connecting you directly to the third party provider. ThousandEyes never receives the credit card information, but rather obtains an authorization on behalf of the payment processor.
Billing History: Displays billing information generated over previous billing cycles.
If you have any questions regarding your plan details, contact your ThousandEyes account manager or the Customer Engineering team via firstname.lastname@example.org.
An account group can be limited to a fixed quota of units from here. A user with the Can assign and edit quota permission will be able to see the Quotas tab:
Components of the Quotas tab:
Plan: Total units allocated to an organization per month.
Organization Current Usage Rate: Current rate at which an organization is utilizing units in their plan. Shown in terms of % of Plan used and units consumed.
Organization Quota: Total units assigned to an organization. Enabled and value set to total plan by default. Can be toggled depending upon plan of an organization.
Unallocated Usage: Available units not allocated to any account group.
Account Group: This column contains names of account groups defined in the organization.
Current Usage Rate: Current rate at which an account group is utilizing units. Shown in terms of % of Plan and units consumed.
Quota Switch: Enable/Disable fixed quota of units for an account group.
Slider to configure a value for Usage Selector field
Usage Selector: Amount of units allocated to an account group.
Two options are available to configure Usage Selector value as below:
Units: Maximum number of units an account group can use per month.
% of Plan: Maximum proportion of organization's total units an account group can use per month.
Once you have finished configuring quotas, click Save Changes for the changes to take effect.
Use case #1: I don't want a single account group consuming all my units unexpectedly.
Configure quota settings for all your account groups. This way none of your account groups will be able to consume all available units, preventing (unintended) increased unit usage in one account group from adversely affecting your other account groups.
Use case #2: My users are located all over the world. I want to allocate units to users based on regions.
Create one account group per region. Then configure unit quotas for each region.
Use case #3: I want to keep my operations team uncapped while limiting units for all other account groups.
If you have enabled quotas for all your account groups, you can always disable unit quota allocation for a particular account group while leaving other account groups capped.
Use case #4: I don't know how many units my new account groups will consume, but I don't want them to consume all available units.
Quotas allocated to your account groups can add up to more than 100% of available units. Configure your new account group(s) with quota allocations below 100% for each individual account group. This enables an early warning about individual account group consuming more units than expected while not immediately affecting your other account groups.
Use case #5: I've set up account group quotas, the setup is working as expected. How can I make sure my quotas configuration is unchanged?
Every ThousandEyes user in your account with the Can assign and edit quota permission will be able to adjust quotas. You will need to remove this permission (only available to Organization Admins by default) from all users unauthorized to perform quota allocation changes. You will need to communicate your requirement to other ThousandEyes administrators in your organization. If unexpected changes do happen, you can always inspect the Activity Log for further details.
When the user has at least one of the View own activity log, View activity log for all users in account group, or View user activity in all account groups permissions, the Activity Log is available showing events that have happened in your ThousandEyes account and is now visible from Account Settings > Activity Log:
Working with the Activity Log explains all the details of the Activity Log.
Security & Authentication, SSO setup and Organization Default Time Zone Settings are found under Account Settings > Organization Settings:
The Security & Authentication tab provides configuration of the following aspects of your ThousandEyes account:
SCIM Settings - To complement the SSO, SCIM-based automatic user provisioning is supported. For further information, see ThousandEyes Support for SCIM.
Single Sign-On Settings - Including SCIM-based automatic user provisioning.
Password Expiration - Policy configuration for users who are allowed to use interactive login.
There is a series of articles available in our documentation describing SAML-based Single Sign-On (SSO) configuration settings. Start with How to Configure Single Sign-On: Metadata, which contains further links to identity provider-specific SSO setup guides, or use the search feature at the top of this page to find the SSO setup guide for your identity provider (IdP).
To complement the SSO, SCIM-based automatic user provisioning is supported as well. Consult the ThousandEyes Support for SCIM article for further information.
The Advanced Settings tab provides the ability to change the Organization Default Time Zone settings.
Organization Default Time Zones can be set for two feature groups. Each dropdown groups timezone settings by European, North America, Asia Pacific as well as Global. In the Global grouping, you have the option to set Coordinated Universal Time (UTC)
Web UI Timezone - In addition to being able to set to UTC, the option to set the timezone to the User’s System’s time is available here.
Notification & Snapshots Timezone can also be set independently.
The following resources contain further information related to ThousandEyes account management:
Role-Based Access Control, Explained explains how the ThousandEyes permission system works.
How to Configure Single Sign-On: Metadata is a starting point for configuring SSO integration with your SAML-based identity provider.
ThousandEyes Support for SCIM describes the configuration of SCIM-based automatic user creation.
How Unit Consumption Works outlines how tests contribute to your account's overall Unit consumption.
Working with the Activity Log describes how to audit events happening in your ThousandEyes account.