Manage administrator users
| In this context, users are specifically administrator users who can access and modify parts of the |
Default "admin" user
The system is initially supplied with one local-administrator user for the Secure Web Gateway user interface. This is a super-administrator user named admin by default.
The admin user:
-
always has full access to all areas of the
-
can be renamed, but cannot be deleted
-
can create additional users and roles, and if any of those new users have roles that give them the appropriate permissions, they in turn can create further new users and roles
User types
Secure Web Gateway supports three types of users:
-
Local users - where users are added explicitly and their credentials are stored in the
-
Local Active Directory (AD) users - where users are added explicitly and their credentials are stored in Active Directory
-
Dynamic users - where users are granted access implicitly through their membership of an Active Directory group that is linked to a suitably-authorized
Login failures by user types
-
Local users are permitted three failed login attempts. After the third failed attempt, they are locked out of the system for 10 minutes and cannot try again during this time.
If they cannot remember their user details and require your assistance, modify their details in the Users page > Users tab. To change their password, use the Change the password option in the task panel. -
Local Active Directory (AD) users are never locked out of the
| For details of failed login attempts and related information, refer to the User Interface Service Access Log. To access the system logs, navigate to System > Monitoring & Control > Logs & Alarms. |
Anonymize data
You can configure a user that is unable to view specific end-user details. For example, you create an administrator user with access to view reports but not personal information in them. This way, specific user details are hidden from the user and the data is anonymized.
To enable this setting, select the Anonymize client machine and user details check box in the Users page > Users tab. When enabled, the following user details in reports will be anonymized and replaced with asterisks (******).
-
User Names and User Name Lists
-
Machine Lists
User Name Lists are groupings of end-user names to whom you apply a common policy. Similarly, Machine Lists are lists of machine addresses for one or more end-users under a common policy.
Administrator users with the Anonymize client machine and user details check box enabled are also unable to view the Web Transaction Log and the Apache access log.
Create users
-
Select the Users menu. The Users page is displayed.
-
Select the Users tab.
-
Click
New. The Create User Type dialog is displayed. -
Select a user type.
Local User
-
Select Local User and click Create. The Add Local User dialog is displayed.
-
In the dialog, enter the user's details, such as User Name and Full Name.
-
From the Role drop-down menu, select an appropriate role if one exists. You can also select Create New Role and give the role a sensible name and permissions after you have created the user.
An administrator user must have exactly one role. Active Directory User
Select Active Directory User and click Create. The Add Active Directory User dialog is displayed.
In the dialog, enter the user's User Principal Name. Click
Check user details to verify the user.From the Role drop-down menu, select an appropriate role if one exists. You can also select Create New Role and give the role a sensible name and permissions after you have created the user.
You must configure at least one Active Directory forest before you can create a local AD user. -
-
Click Add.
-
Follow the steps in the Modify users section and complete the Modify Local User or the Modify Active Directory User page, depending on the user type created.
Modify users
-
Select the Users menu. The Users page is displayed.
-
Select the Users tab.
-
From the Users list, select the user you wish to modify and click
Edit.Modify a local user
-
The Modify Local User page is displayed.
-
Edit the Overview and Role panels as required.
-
Edit the Anonymize Data panel as required. Select the Anonymize client machine and user details check box to anonymize personal information.
You can also change the user type to Active Directory User. To do this, use the Change user type option in the task panel. Note that this choice cannot be reversed. Modify an Active Directory user
-
The Modify Active Directory User page is displayed.
-
Edit the Overview and Role panels as required.
-
Edit the Anonymize Data panel as required. Select the Anonymize client machine and user details check box to anonymize personal information.
-
| Ensure that you Apply new configuration if you want the updates to be applied to all peers, and not simply on the local peer. |
Delete users
To delete a local user or an Active Directory user:
-
Select the Users menu. The Users page is displayed.
-
Select the Users tab.
-
From the Users list, select the user you wish to delete and click
Delete. -
Click Yes in the Confirm Delete dialog to confirm the removal.
| The above steps applies to local users and Active Directory users. For dynamic users, delete a user from an AD group associated with the user's role. This will revoke the |