Sec/User Mgmt: Add a User and Assign a Role

Document created by RSA Information Design and Development on Sep 19, 2017Last modified by RSA Information Design and Development on Oct 2, 2017
Version 3Show Document
  • View in full screen mode
  

This topic explains how to add a new user to each type of user account, local and external. It also explains how to assign a role to a local user.

All NetWitness Suite users must have a local or external user account. 

The following considerations are important when managing local and external user accounts.

                           
Local User AccountExternal User Account
Managed within NetWitness SuiteManaged externally and outside the scope of this document
Roles assigned directlyRoles assigned by external group mapping
Derives permissions from each role assigned to the user, as explained in this topicDerives permissions from each role mapped to the account's external user group, as explained in Step 5. (Optional) Map User Roles to External Groups.
NetWitness Suite manages all user information.NetWitness Suite manages user identification only. This includes Username, Full Name and Email.

Procedures

Each of the following procedures starts on the Users tab. To navigate to the Users tab, go to ADMIN > Security. The Security view is displayed with the Users tab open.

Add a User and Assign a Role

To add a local user account and assign a role to the user:

  1. In the Users tab, click Add icon in the toolbar.
    The Add User dialog is displayed.
    Add User dialog
  2. Type the following account information for the new user:
  • Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user. This option is only displayed when there are AD or PAM configurations set up to allow for selecting that authentication type. If there are no AD or PAM configurations, the authentication type is set to NetWitness automatically and there are no other options available.
  • Username for logging on to NetWitness Suite
  • Email address
  • Password for logging on to NetWitness Suite, in the Password and Confirm Password fields
  • Full Name of the new user
  • (Optional) Description of the user account
  1. To expire the user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  2. To assign a role to the user, click Add icon in the Roles tab.
    The Add Role selection dialog shows the list of available roles.
    Add Role selectiton dialog
  3. Select each role to assign and click Add.
    The Add User dialog shows each role assigned to the user.
    Add User dialog example
  4. (Optional) Select a role and click Show Permissions icon to Show all permissions for the role.
  5. Click Save.
    The Users tab shows the new user and each role assigned to the user. The account is active immediately.
    Admin Security view Users tab example

Add a User for External Authentication

Prerequisite: External authentication must be configured. Refer to Step 4. (Optional) Configure External Authentication.

To add a user that is authenticated externally, outside of NetWitness Suite:

  1. In the Users tab, click Add icon in the toolbar.
    The Add User dialog is displayed.
  2. For Authentication Type, select either Active Directory or PAM. The dialog will update to show the required fields for the selected external authentication type.
    Add User dialog for Active Directory authentication type Add User dialog for PAM authentication type
  3. Type the following information:
  • Domain (if select Active Directory authentication only): Select the Active Directory domain for the user from the drop-down list of available domains.
  • Username for logging on to NetWitness Suite
  • Email address
  • Full Name of the new user
  • (Optional) Description of the user account
  1. Click Save. The Users tab shows the new user account, which still needs a role and permissions.
  2. To map a role to the new user, see Step 5. (Optional) Map User Roles to External Groups.

Change User Information or Roles

To change a user's account information or assigned roles:

  1. In the Users tab, select a user and click Edit icon in the toolbar.
    The Edit User dialog is displayed.
  2. To edit user information, change any of the following fields:
  • Email
  • Full Name
  • Description
  1. To expire the internal user password the next time the user logs on, select Force password change on next login.
    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.
  2. In the Roles section:
  • To assign another role, click Add icon , select a role and click Add.
  • To remove an assigned role, select the role and click Delete icon.
  1. Click Save.

Delete a User

  1. In the Users tab, select a user.
  2. In the toolbar, click Delete icon.
  3. Click Save.

Note: To fully delete a user that is externally authenticated by Active Directory, you must also delete the user from the AD Group.

Reset a User Password

  1. In the Users tab, select a user.
  2. In the toolbar, click Reset Password.
    Reset Password dialog
    The Password Format Requirement section lists the specific requirements for the password. Administrators can adjust these requirements for all internal users in the password policy. See Step 1. Configure Password Complexity.
  3. Choose whether to force a password change the next time the user logs in to NetWitness Suite.
  4. Click Save.

Previous Topic:Step 4. Set Up a User
You are here
Table of Contents > Manage Users with Roles and Permissions > Step 4. Set Up a User > Add a User and Assign a Role

Attachments

    Outcomes