Users
Fudo One allows creating a User object with one of the roles:
Role | Access rights |
---|---|
user | Connecting to servers through assigned safes. Authentication to the Access Gateway (requires adding the user to the portal safe). |
superadmin | Full access rights to objects management. Full access rights to system configuration options. Available dashboard widgets: concurrent sessions, suspicious sessions, account alerts, active users, cluster status, concurrent sessions chart, license, system events log. |
Creating a User
Copy existing user definition
Fudo One enables creating users based on the existing definitions. Click desired user to access its configuration parameters and click Copy user to create a new object based on the selected definition.
In order to create a brand new User object, follow the instruction below:
- Click + icon next to the Users tab of the Management sub-section,
or Select Management > Users and then click Add. - Enter user login.
The Login field is not case sensitive.
It’s not allowed to include % and # characters within the usernames.
- Enter Fudo domain.
- While there can be more than one user with the same username, the login and domain combination must be unique.
- With the Fudo domain specified, the user will have to include it when logging into the administration panel or when establishing monitored connections.
- Define account’s validity period.
- Select user’s role, which will determine the access rights. Refer to the Roles topic for more information.
Access rights restrictions also apply to API interface access.
- Select user’s preferred language in Fudo One administration panel. Availability of the particular language is specified in the license.
- Grant access to safes.
- Drag and drop safe objects to change the order in safes upon establishing connection.
- Click safe to define time access policy.
- Enter user’s full name.
- Enter user’s email address.
- Enter user’s organizational unit.
- Enter user’s phone number.
- Provide user’s Active Directory domain.
If there are two users with the same login, one of which has the domain configured the same as the default domain, and the other does not have the domain defined, Fudo One will report authentication problem as it cannot determine which user is trying to connect.
- Enter LDAP service BaseDN parameter.
LDAP base is necessary for authenticating the user using the Active Directory service.
E.g. forexample.com
domain, the LDAP base parameter value should bedc=example,dc=com
.
- In the Authentication section, select the Authentication failures option to block the user automatically after exceeding the number of failed login attempts.
- Select the Enforce static password complexity option to force static passwords to conform to specified settings.
- Select one of the Authentication types:
- Password
- SSH key
- External authentication and additionally select the External authentication source
- OATH and provide parameters, described in the OATH topic.
If more than one Authentication method is required, click the Add authentication method button to define more.
- Click Save.
Blocking a User
Blocking a user terminates their current connections.
In order to block a user, follow the instruction:
- Select Management > Users.
- Define filters to limit the number of objects displayed on the list, or use a search bar.
- Select the user(s) you want to block and click the Block button.
- Optionally, provide the reason and click the Confirm button.
Alternatively, enter the User definition edit mode and click the Blocked button there. Provide an optional blocking reason.
Click Save.
Unblocking a User
In order to unblock a user, follow the instruction:
- Select Management > Users.
- Define filters to limit the number of objects displayed on the list.
- Select the user(s) and click Unblock.
- Click Confirm to unblock selected User objects.
A user can also be unblocked from the User definition edit mode:
- Find the User object and open its definition.
- Uncheck the Blocked option.
- Click Save.
Deleting a User
In order to delete a user, follow the instruction:
- Select Management > Users.
- Define filters to limit the number of objects displayed on the list.
- Select the user(s) and click Delete.
- Click Confirm to remove selected User objects.
Updated about 1 year ago