Skip to main content

ON PREMISES SOLUTIONS

Managing user accounts

To create, edit, delete and configure user accounts, use the following methods:

  • Managing User Accounts Individually. Use this method to add local user accounts or Active Directory accounts. To set up an Active Directory integration, refer to this topic.

    Before creating a user account, make sure you have the required email address at hand. The user will receive the GravityZone login details at the supplied email address.

  • Managing Multiple User Accounts. Use this method to enable dynamic access through access permission rules. This method requires an Active Directory domain integration. For more information on AD integration, refer to this topic.

Managing user accounts individually

In Control Center you can create, edit and delete user accounts individually.

Dependencies

  • Locally created accounts can delete accounts created through Active Directory integration regardless of their role.

  • Locally created accounts cannot delete similar account regardless of their role.

Creating user accounts individually

To add a user account in Control Center:

  • Go to the Accounts page.

  • Click the add.pngAdd button at the upper side of the table. A configuration window is displayed.

  • Under the Details section, configure as follows:

    • For Active Directory user accounts configure the following details:

      Username for Active Directory (AD) user accounts. Choose a user account from the drop-down list and skip to step 4.

      You can add AD user accounts only if the integration is configured. When adding an AD user account, user details are imported from its associated domain. The user logs in to Control Center using the AD username and password.

      Note

      To make sure the latest Active Directory changes are imported in Control Center, click the Synchronize button.

      Users with Manage Solution right can configure the Active Directory synchronization interval using the options available in the Configuration > Active Directory tab. For more details, refer to Installing Protection > GravityZone Installation and Setup > Configure Control Center Settings chapters from the GravityZone Installation Guide.

      For local accounts configure the following details:

      • Username for local account. Disable Import from Active Directory and enter a user name.

      • Email. Enter the user's email address. The email address must be unique. You cannot create another user account with the same email address. GravityZone uses this email address to send notifications.

      • Full name. Enter the full name of the account owner.

      • Password. Enter a password that the user can use to log in. The password must meet the minimum complexity requirements: twelve characters length, one upper case character, at least one lower case character, at least one digit, and one special character.

      • Confirm password. Confirm the password to validate.

  • Under the Login Security section, configure the policies available to secure the GravityZone account:

    • Set maximum password age to 90 days. This option enables the password expiration policy. The user needs to change their passwords sooner than the specified age. Otherwise, they will not be able to log in to GravityZone anymore.

    • Lockout accounts after 5 login attempts with invalid passwords. This option limits the number of consecutive invalid passwords to prevent attacks. When the counter reaches the maximum number of allowed attempts, the account is locked out and the user needs to reset their password.

  • Under the Settings and privileges section, configure the following settings:

    • Timezone. Choose from the menu the timezone of the account. The console will display time information according to the selected timezone.

    • Language. Choose from the menu the console display language.

    • Role. Select the user's role. For details regarding the user roles, refer to User Roles.

    • Rights. Each predefined user role has a certain configuration of rights. However, you can select only the rights that you need. In this case, the user role changes to Custom. For details regarding the user rights, refer to User Rights.

    • Select targets. Select the network groups the user will have access to for each available security service. You can restrict the user access to a certain GravityZone security service or to specific areas of the network.

  • Click Save to add the user. The new account will appear in the user accounts list.

    Control Center automatically sends the user an email with the login details, provided the mail server settings have been properly configured. For more details regarding the mail server configuration, refer to Configure Control Center settings.

Editing user accounts individually

To edit user account in Control Center :

  1. Log in to Control Center.

  2. Go to the Accounts page.

  3. Click the user's name.

  4. Change user account details and settings as needed.

    Under Login Security, view the status of two-factor authentication (2FA). This option is either a company-wide enforcement, or the users set it themselves if they wish.

  5. Click Save to apply the changes.

    Note

    All accounts with the Manage Users right can create, edit and delete other user accounts. You can only manage accounts with equal or fewer privileges as your own account.

Deleting user accounts individually

  1. Log in to Control Center.

  2. Go to the Accounts page.

  3. Select the user account from the list.

  4. Click the delete.png Delete button at the upper side of the table.

  5. Click Yes to confirm changes.