Creating a user

Warning

Data model objects: safes, users, servers, accounts and listeners are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.

  1. Select Management > Users.
  2. Click Add.
../../_images/users_add.png

Note

Wheel Fudo PAM enables creating users based on the existing definitions. Click desired user to access its configuration parameters and click Copy user to create a new object based on the selected definition.

../../_images/copy_user.png
  1. Enter a unique user login.

Note

The Login field is not case sensitive.

  1. Select the Blocked option to disable user account after it is created.
  1. Define account’s validity period.
  2. Select user’s role, which will determine the access rights.

Note

Access rights restrictions also apply to API interface access.

Role Access rights
user Connecting to servers as defined in connections, to which the user has been assigned.
   
operator
  • logging in to administration panel
  • browsing objects: servers, users, bastions, connections, to which the user has been assigned sufficient access permisions
  • blocking/unblocking objects: servers, users, bastions, connections
  • generating reports on demand and subscribing to periodic reports
  • activating/deactivating email notifications
  • converting sessions and downloading converted content
   
admin
  • logging in to administration panel
  • managing objects: servers, users, bastions, connections, to which the user has been assigned sufficient access permisions
  • blocking/unblocking objects: servers, users, bastions, connections
  • generating reports on demand and subscribing to periodic reports
  • activating/deactivating email notifications
  • converting sessions and downloading converted content
  • managing policies
   
superadmin
  • full access rights to objects management
  • full access rights to system configuration options
  1. Select user’s preferred language in Wheel Fudo PAM administration panel.
  2. Grant access to safes.
  3. Define time access policy.
  • Click desired safe object.
../../_images/safe_time_policy.png
  • Select Enable time policy option.
  • Click the weekly calendar to define time interval.
../../_images/safe_time_policy_settings.png
  • Click OK.
  1. Enter user’s full name.
  2. Enter user’s email address.
  3. Enter user’s organizational unit.
  4. Enter user’s phone number.
  5. Provide user’s Active Directory domain.
  6. Enter LDAP service BaseDN parameter.
  7. In the Permissions section, select users allowed to manage this user object.
  8. In the Authentication section, select authentication type.

External authentication

  • Select External authenticaiton from the Type drop-down list.
  • Select external authentication source from the External authentication source drop-down list.

Note

Refer to External authentication topic for more information on external authentication sources.

Password

  • Select Password from the Type drop-down list.
  • Type password in the Password field.
  • Repeat password in the Repeat password field.

SSH key

  • Select SSH key from the Type drop-down list.
  • Click i icon and browse the file system to find the public SSH key used for verifying user’s identity.

One-time password

Warning

One-time passwords are used for implementing AAPM use case scenarios.

  • Select One-time password from the Type drop-down list.
  1. Click Add authentication method to define more authentication methods.
  2. Click Save.
../../_images/add_user.png

Related topics: