Authentication Options and Adding User Accounts

AAA

The AAA UI group contains the user interfaces relating to the creation and editing of users, user permissions, authentication and security. The first thing that should be done as an Administrator after the initial install is complete is to change the default Administrator password to a more secure password.

Users

There are three user accounts in Assure1 by default; Administrator, Operator and the API User. The difference between the three users is that the Administrator user has full read and write access to every element of Assure1, whereas the Operator user has read-only access. The API User has access to most areas of the application to allow external applications to interact with Assure1 without requiring a login, with the exception of the Delete permission.

The button bar allows for various actions to be done for user accounts.

1. Similar to editing a user, clicking on the Add button will open a blank form User (New) to the right of the grid. Filling in the form and clicking Submit will add the new user to the system.

2. Selecting a user and clicking on the Clone button will create a cloned copy of that user. Making changes in the form and clicking Submit will add the cloned user to the system.

3. Selecting a user and clicking on the Delete button will remove that user account from the system.

Change the password

1. Navigate to Users, and select the Administrator user.

   Configuration -> AAA -> Users

2. Clicking on the Administrator user will open the User (Edit) form to the right of the grid for editing that particular user account.

3. In the password fields, enter your new administrator password and re-enter to confirm.

4. The Assure1 Support Account section of the form can be used to link your Assure1 user to your support account. This may be needed for future functionality.

5. Click Submit to save the changes.

Roles

The permissions of a user group are set from the Roles interface.

Permissions for a user group can be customized for each individual user interface in Assure1. For example, a user may have full create/read/update and delete access to every events interface, read-only access to the dashboard interface, and be denied access to the Broker Scheduled Jobs and Services interfaces.

1. Navigate to the Roles UI, and select the Administrator role.

   Configuration -> AAA -> Roles

2. The Role(Edit) form will open to the right of the grid.

3. In the form, under Permissions, in the Selected section, notice that the Administrator role has full create, read, update, delete and execute access enabled for every Assure1 interface.

4. Now select the Operator role. The Role(Edit) form will open for the operator role.

5. Once again, under Permissions, in the Selected section, notice that the Operator role has full read access enabled for every interface, with update and execute access for a small number of select interfaces only.

Click Add to add a new role, or click Clone to clone an existing role. Once cloned you can edit the copy.

User Groups

Users can be organized into groups from the User Groups interface.

1. Navigate to the User Groups UI and click on the Administrators user group.

   Configuration -> AAA -> User Groups

2. Note the layout of the form. Each User Group allows for multiple users to be assigned security restrictions under one simple administration element. Individual groups can be assigned different permissions based on their role in the system, their specific customer devices, or their default dashboard view.

3. The Properties section of the form allows for restrictions to be made on that group of users as to which device groups, event filter groups, dashboard groups, etc. that they have access to.

4. The Preferences section of the form allows for specific preferences to be made for a group of users, such as the default navigation interface to open when a user logs in, the refresh rate of the UI, the default time zone, etc.

   1. The lock icons are clickable, and can be toggled by an administrator to lock the preferences, preventing users from making changes.

5. The Users section of the form shows the list of users available, and the list of users selected for the group. After selecting a user (or users), use the arrow buttons to add or remove users from the group.

Authentication

Authentication Types is the configuration interface for the authentication options within Assure1. You can configure Assure1 to use the following different methods for the authentication of users:

• Internal - Used for backup accounts and environments without external authentication.

• RADIUS - Used for RADIUS integration.

• Active Directory - Used for Microsoft Active Directory integration.

• LDAP - Used for OpenLDAP integration.

• SAML - Used for SAML integration.

Note

By default, internal authentication is always active.

Creating a User, User Group and Role

1. Navigate to the Roles UI.

   Configuration -> AAA -> Roles

2. Click on the Operator role and click Clone in the top-left of the window to clone the role. This will open the Role (New) form with the Operator role details in the form fields.

3. Change the following form fields to the following values (the other fields can be left as is):

   • Role Name: Example Role

   • Description: Example Role for demonstration purposes

   • In the Selected section and tick the Create and Update checkboxes for Jobs.

4. Click Submit to save the new Role.

5. Navigate to Configuration -> AAA and click to open the User Groups UI.

6. Click the Operators user group and click Clone in the top-left of the window to clone the user group. This will open the User Group (New) form to the right of the grid, with the Operators user group details in the form fields.

7. Change the following form fields to the following values (the other fields can be left as is):

   • User Group Name: Example Group

   • Role: Example Role

8. Click Submit to save the new User Group.

9. Navigate to Configuration -> AAA -> Users.

10. Click the Add button in the top-left of the window to add a new user. This will open the User (New) form to the right of the grid.

11. Change the following form fields in the form (the other fields can be left as is):

    • Username: Example

    • Full Name: Example User

    • Password/Repeat Password: Password of your choosing

    • User Group Name: Example Group

    • Status: Enabled

12. Click Submit to save the new User.

13. Log out of the Assure1 UI, and log back in using the new Example user credentials.

14. Notice that upon login, the Links navigation pane is open to the left by default.

15. Navigate to Configuration -> AAA and click on any of the user interfaces.

16. Notice that the Add, Clone and Delete buttons are missing from the UI, because the Example user has read-only access.

17. Navigate to Configuration -> Broker Control and look at the UI pages. You will notice that the Licensing page is not visible, as the Example user has no permission to access it.

18. Open the Configuration -> Broker Control -> Jobs UI. Note that the Add and Clone buttons are visible, as the Example user has read, write and update permission for this page.

19. Log out of the Assure1 UI and log back in as the Admin user once again.

Configuring User Access

This section will cover the general steps for configuring Users to access the software. The process assumes that Assure1 has been newly installed.

Dependencies

• If external authentication is to be utilized for user accounts, the following information needs to be available for each authentication method supported:

  • RADIUS

    • Primary/secondary server IP Address or DNS name

    • RADIUS port

    • RADIUS server secret password

  • Active Directory

    • Primary/secondary server IP Address or DNS name

    • Domain suffix

    • CA certificate if utilizing a secure connection

  • LDAP

    • Primary/secondary server IP Address or DNS name

    • Distinguished Name

    • CA certificate if utilizing LDAPs

  • SAML

    • SAML IDP Entity ID link

    • Single SignOn service link

    • Single Logout service link

    • IDP certificate data

• User account names need to be captured if external authentication is to be utilized. The User Name in Assure1 must match the entry in the external authentication source.

• Define the initial User Groups to be established and identify what the User Group should be able to access within the software.

Configuring Users

1. Navigate to the Configuration -> AAA -> Authentication Types and edit the authentication entry with information gathered on the authentication type to be utilized. If using external authentication, set the Status to Enabled before submitting the changes.

2. Navigate to the Configuration -> AAA -> Roles and add the required Roles.

3. Navigate to Configuration -> AAA -> User Groups and add the required User Groups.

4. Navigate to the Configuration -> AAA -> Users and add User accounts. If utilizing an external authentication method for the Authentication Type, the Password fields will not be available. Set the Status to Enabled before submitting the changes to activate the account.

5. Test a User account by logging out of the Assure1 UI and logging in as one of the newly created User accounts.

AAA Properties and Preferences

AAA Properties, Preferences, and Inheritance allow a wide variety of customization surrounding the user experience in Assure1. From multi-tenancy to time zone settings, this article details the properties and preferences available to the user and how they can be utilized in Assure1.

Properties

Users

User Properties are additional settings applicable to the user.

User Group Properties	Description
Reset Question	Reserved for Future Use

User Groups

User Group Properties are for customizing the viewing and multi-tenant restrictions for users within the user group. If a setting is not set, the user will have unrestricted view of items in the particular section. Useful for multi-tenancy views for customer users so they can only see devices or data pertinent to them.

User Group Properties	Description
RestrictiveDashboardGroupID	Restricts dashboard navigation to only Adhoc dashboards and dashboards within the specified Dashboard Group and any sub groups
RestrictiveDeviceGroupID	Restricts device navigation and device-related data viewing to only devices within the specified Device Group and any sub groups
RestrictiveDiagramGroupID	Restricts diagram navigation to only those within the specified Diagram Group and any sub groups
RestrictiveEventMenuID	Restricts context menu selection when configuring and using event list tools to only those in the specified Menu and any sub menus
RestrictiveFilterGroupID	Restricts event filter navigation to only private and those within the specified Filter Group and any sub groups
RestrictiveLinkGroupID	Restricts link navigation to only links within the specified Link Group and any sub groups
RestrictiveTopologyMenuID	Restricts context menu selection when configuring and using topology tools to only those in the specified Menu and any sub menus

Preferences

Preferences are a set of common settings between both user and their parent user group surrounding user experience and how the Assure1 GUI is used. Users will inherit preference settings from their parent user group, but these defaults can be overridden on a per-user basis. Administrators can also lock preferences to prevent overriding by the user and to create a more unified environment for the users in that group.

The following are the available preferences for both users and user groups:

Preferences	Description	Default
DefaultDisplayID	Default display used when showing the event list	Default
DefaultLink	Link to use as the landing page after initial login
DefaultLocale	Locale settings when displaying numbers, dates, etc	en_US
DefaultTheme	Theme directory containing CSS and icon resources	light
DefaultTimeZone	Timezone when displaying dates and times from database	CST6CDT
EventListPageSize	Default pagination setting for event lists	100
EventListRefreshRate	How often in seconds to refresh open event lists	60
MaxPageSize	Custom maximum selection for pagination
MaxPauseTime	How long in seconds after the event list is paused for the pause button to begin flashing	300
PageSize	Default pagination setting for grid views	1000
RefreshRate	How often in seconds to refresh open dashboards	60
UILoadTimeout	Custom timeout for page requests in seconds
EventEditCreatesJournal	Flag that enables journal creation when editing an event inline