Sec/User Mgmt: Set Up Users

Document created by RSA Information Design and Development on Aug 29, 2018Last modified by RSA Information Design and Development on Mar 23, 2020
Version 12Show Document
  • View in full screen mode
 

The procedures to set up a new user are described below.

Add a User and Assign a Role

All NetWitness Platform users must have a local or external user account. You can add a new user to each type of user account, local and external. You can assign role to a local user.

The following considerations are important when managing local and external user accounts.

                           
Local User AccountExternal User Account
Managed within NetWitness Platform.Managed externally and outside the scope of this document.
Roles assigned directly.Roles assigned by external group mapping.
Derives permissions from each role assigned to the userDerives permissions from each role mapped to the account's external user group, as explained in (Optional) Map User Roles to External Groups.
NetWitness Platform manages all user information.NetWitness Platform manages user identification only. This includes Username, Full Name and Email.

 

Each of the following procedures starts on the Users tab. To navigate to the Users tab, go to Admin > Security. The Security view is displayed with the Users tab open.

Add a Local User

To add a local user account and assign a role to the user:

  1. In the Users tab, click Add icon in the toolbar.

    The Add User dialog is displayed.

    Add User dialog

  2. Type the following account information for the new user:

    • Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user. This option is only displayed when there are AD or PAM configurations set up to allow for selecting that authentication type.

      Note: If there are no AD or PAM configurations, the authentication type is set to NetWitness automatically and there are no other options available.

    • Username for logging on to NetWitness Platform
    • Email address
    • Password for logging on to NetWitness Platform, in the Password and Confirm Password fields
    • Full Name of the new user
    • (Optional) Description of the user account
  3. To expire the user password the next time the user logs on, select Force password change on next login.

    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.

  4. To assign a role to the user, click Add icon in the Roles tab.

    The Add Role selection dialog shows the list of available roles.

    Add Role selectiton dialog

  5. Select each role to assign and click Add.

    The Add User dialog shows each role assigned to the user.

    Add User dialog example

  6. (Optional) To assign attributes to a user, go to Attributes and modify the appropriate values. These attributes are unique to the user and follow all the same rules for attributes within roles. For more information on attributes, see Query and Session Attributes.

    Add User Attributes tab

  7. (Optional) Select a role and click Show Permissions icon to Show all permissions for the role.
  8. Click Save.

    The Users tab shows the new user and each role assigned to the user. The account is active immediately.

    Admin Security view Users tab example

Add a User for External Authentication

To add a user for external authentication:

  1. In the Users tab, click Add icon in the toolbar.

    The Add User dialog is displayed.

  2. For Authentication Type, select either Active Directory or PAM. The dialog will update to show the required fields for the selected external authentication type.

    Add User dialog for Active Directory authentication type Add User dialog for PAM authentication type

  3. Type the following information:

    • Domain (if select Active Directory authentication only): Select the Active Directory domain for the user from the drop-down list of available domains.
    • Username for logging on to NetWitness Platform
    • Email address
    • Full Name of the new user
    • (Optional) Description of the user account
  4. In the Attributes section, type the following information.
    1. Core Query Timeout- most permissive (highest) value of all assigned roles is applied to the user.
    2. Core Session Threshold - query prefixes of each of the user roles are AND'd together.
    3. Core Query Prefix - highest value of all the assigned roles is applied to the user.
  5. Click Save. The Users tab shows the new user account, which still needs a role and permissions.
  6. To map a role to the new user, see (Optional) Map User Roles to External Groups.

Change User Information or Roles

To change a user's account information or assigned roles:

  1. In the Users tab, select a user and click Edit icon in the toolbar.

    The Edit User dialog is displayed.

  2. To edit user information, change any of the following fields:

    • Email
    • Full Name
    • Description
  3. To expire the internal user password the next time the user logs on, select Force password change on next login.

    This does not affect any active user sessions. The Clock icon appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.

  4. In the Roles section:

    • To assign another role, click Add icon , select a role and click Add.
    • To remove an assigned role, select the role and click Delete icon.
  5. Click Save.

Delete a User

To delete a user:

  1. In the Users tab, select a user.
  2. In the toolbar, click Delete icon.
  3. Click Save.

Note: To fully delete a user that is externally authenticated by Active Directory, you must also delete the user from the AD Group.

Reset a User Password

To reset a user password:

  1. In the Users tab, select a user.
  2. In the toolbar, click Reset Password.

    Reset Password dialog

    The Password Format Requirement section lists the specific requirements for the password. Administrators can adjust these requirements for all internal users in the password policy. See Configure Password Complexity.

  3. Choose whether to force a password change the next time the user logs in to NetWitness Platform.
  4. Click Save.

Enable, Unlock, and Delete User Accounts

All users of NetWitness Platform must either have a local user account with username and password or have an external user account. Within NetWitness Platform, you can enable, disable, and delete local user accounts.

The first time an external user logs into NetWitness Platform, a new user entry is automatically created with NetWitness Platform. NetWitness Platform manages only user identification information; for example, Full Name and Email.

You can unlock locked accounts for both local and external users.

Enable Disabled NetWitness Platform User Accounts

To enable NetWitness Platform user accounts that have been disabled:

  1. In NetWitness Platform, go to Admin > Security.

    The Security view is displayed with the Users tab open.
    This is an example of the Users tab.

  2. In the Users grid, select one or more accounts.
  3. Click The Enable button.
    A successful message displays for enabled accounts, and the users can log in to NetWitness Platform.

Disable NetWitness Platform User Accounts

You can block user access by disabling users. Disabling the user does not delete user preferences. This action blocks user access without deleting user preferences so that upon re-enabling users, user preferences are intact. You can re-enable users to restore user access. Disabling users applies only to Local users and not External Users.

To disable NetWitness Platform user accounts:

  1. In the Users grid, select one or more accounts.
  2. Click The disable button.
    A successful message displays for disabled accounts, and the users can no longer log in to NetWitness Platform.

Unlock Locked NetWitness Platform User Accounts

A user is locked out for a period of time after a number of failed consecutive login attempts. To unlock NetWitness Platform user accounts that are locked due to excessive failed login attempts:

  1. In the Users grid, select one or more accounts.
  2. Click The unlock button.
    A successful message displays for unlocked accounts, and the users can log in to NetWitness Platform.

Delete NetWitness Platform User Accounts

If not using External Authentication, a user can log on to NetWitness Platform using a local account. These local accounts are directly managed using NetWitness Platform. To revoke access to a local user, either disable the account or delete the account completely from the system.

Note: This deletes all user preferences for the account from NetWitness Platform. If this is not the intention, disable the user instead of deleting the user.

To delete NetWitness Platform user accounts:

  1. Go to Admin > Security.

    The Security view is displayed with the Users tab open.

  2. In the Users list, select one or more accounts.
  3. Click The delete icon.

    A warning dialog requests confirmation.

  4. If you want to delete the accounts, click Yes.

    The accounts are removed from NetWitness Platform, and the users can no longer log in to NetWitness Platform.

You are here
Table of Contents > Manage Users with Roles and Permissions > Set Up Users

Attachments

    Outcomes