Manage administrator users

In this context, users are specifically administrator users who can access and modify parts of the Gateway, and not end-users themselves.

Default "admin" user

The system is initially supplied with one local-administrator user for the Secure Email Gateway user interface. This is a super-administrator user named admin by default.

The admin user:

• always has full access to all areas of the Gateway user interface

• can be renamed, but cannot be deleted

• can create additional users and roles, and if any of those new users have roles that give them the appropriate permissions, they in turn can create further new users and roles

User types

Secure Email Gateway supports three types of users:

• Local users - where users are added explicitly and their credentials are stored in the Gateway

• Local Active Directory (AD) users - where users are added explicitly and their credentials are stored in Active Directory

• Dynamic users - where users are granted access implicitly through their membership of an Active Directory group that is linked to a suitably-authorized Gateway role

Login failures by user types

• Local users are permitted three failed login attempts. After the third failed attempt, they are locked out of the system for 10 minutes and cannot try again during this time.

  If they cannot remember their user details and require your assistance, modify their details in the Users page > Users tab. To change their password, use the Change the password option in the task panel.

• Local Active Directory (AD) users are never locked out of the Gateway, but a count of their login failures is maintained. If configured in Active Directory, it is possible that local AD users may be locked in AD, but the Gateway will not be aware of this.

For details of failed login attempts and related information, refer to the User Interface Service Access Log. To access the system logs, navigate to System > Monitoring & Control > Logs & Alarms.

Create users

1. Select the Users menu. The Users page is displayed.

2. Select the Users tab.

3. Click New. The Create User Type dialog is displayed.

4. Select a user type.

   Local User

   • Select Local User and click Create. The Add Local User dialog is displayed.

   • In the dialog, enter the user's details, such as User Name and Full Name.

   • From the Role drop-down menu, select an appropriate role if one exists. You can also select Create New Role and give the role a sensible name and permissions after you have created the user.

   An administrator user must have exactly one role.

   Active Directory User

   Select Active Directory User and click Create. The Add Active Directory User dialog is displayed.

   In the dialog, enter the user's User Principal Name. Click Check user details to verify the user.

   From the Role drop-down menu, select an appropriate role if one exists. You can also select Create New Role and give the role a sensible name and permissions after you have created the user.

   You must configure at least one Active Directory forest before you can create a local AD user.

5. Click Add.

6. Follow the steps in the Modify users section and complete the Modify Local User or the Modify Active Directory User page, depending on the user type created.

By default, Secure Email Gateway denies access to any new message areas created after a user is created.

Modify users

1. Select the Users menu. The Users page is displayed.

2. Select the Users tab.

3. From the Users list, select the user you wish to modify and click Edit.

   Modify a local user

   • The Modify Local User page is displayed.

   • Edit the Overview and Role panels as required.

   You can also change the user type to Active Directory User. To do this, use the Change user type option in the task panel. Note that this choice cannot be reversed.

   Modify an Active Directory user

   • The Modify Active Directory User page is displayed.

   • Edit the Overview and Role panels as required.

Ensure that you Apply new configuration if you want the updates to be applied to all peers, and not simply on the local peer.

Delete users

To delete a local user or an Active Directory user:

1. Select the Users menu. The Users page is displayed.

2. Select the Users tab.

3. From the Users list, select the user you wish to delete and click Delete.

4. Click Yes in the Confirm Delete dialog to confirm the removal.

The above steps applies to local users and Active Directory users. For dynamic users, delete a user from an AD group associated with the user's role. This will revoke the Gateway access.