Create and Manage User Accounts

User accounts create the user identity that BeyondInsight uses to authenticate and authorize access to specific system resources. You can create local BeyondInsight users, as well as add Active Directory, Azure Active Directory, and LDAP users into BeyondInsight.

A user account must be a member of a BeyondInsight group. If a user is not a member of any groups in BeyondInsight, the user cannot log in to the console.

 

Create a BeyondInsight Local User Account

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Create a New User.

 

  1. Complete the Identification and Credentials / Change Password sections. These fields are required.
  2. Optionally, enter the user’s contact information.
  3. Select an Activation Date and an Expiration Date for the user account.

These dates are based on UTC time on the BeyondInsight server and are considered during the user's login attempt. The attempt fails if the user account is not yet active or if the expiration date has passed.

  1. Enable the User Active option to activate the user account.
  2. Leave the Account Locked and Account Quarantined options disabled.
  3. Enable Multi-Factor Authentication options, if applicable.
  4. Select a two-factor authentication method and mapping information, if applicable.
  5. Click Create User.

Screenshot of User Details > Groups - assign a group to a user.

  1. The user is created and User Details > Groups is displayed. You can filter the list of groups displayed by type, name, or description. Select a group, and then click Assign Group.

The user must belong to at least one group

 

Screenshot of removing a group from a user.

  1. To remove the user from a group, select Assigned Groups from the Show dropdown, and then select a group and click Remove Group.

 

Add an Active Directory User

Active Directory users can log in to the management console and perform tasks based on the permissions assigned to their groups. The user can authenticate against either a domain or domain controller.

Active Directory users must log in to the management console at least once to receive email notifications.

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Add an Active Directory User.

 

Add an Active Directory User - Search Active Directory

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new credential. The new credential is added to the list of available credentials.

  1. If not automatically populated, enter the name of a domain or domain controller.
  2. After you enter the domain or domain controller credential information, click Search Active Directory. A list of users in the selected domain is displayed.

For performance reasons, a maximum of 250 users from Active Directory is retrieved. The default filter is an asterisk (*), which is a wild card filter that returns all users. Filter by user name to refine the list.

Sample filters:
  • a* returns all group names that start with a.
  • *d returns all group names that end with d.
  • *sql* returns all groups that contain sql in the name.
  1. Click Search Active Directory.

 

  1. Select a user, and then click Add User.
  2. Assign at least one group to the user.

Add an Azure Active Directory User

Azure Active Directory users can log in to the management console and perform tasks based on the permissions assigned to their groups. The user can authenticate against either a domain or domain controller.

Azure Active Directory users must log in to the management console at least once to receive email notifications.

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Add an Azure Active Directory User.

 

Add an Azure Active Directory User - Search Azure Active Directory

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new credential. The new credential is added to the list of available credentials.

For performance reasons, a maximum of 250 users from Azure Active Directory is retrieved. The default filter is an asterisk (*), which is a wild card filter that returns all groups. Filter by user name to refine the list.

Sample filters:
  • a* returns all group names that start with a.
  • *d returns all group names that end with d.
  • *sql* returns all groups that contain sql in the name.
  1. Click Search Azure Active Directory.

 

  1. Select a user, and then click Add User.
  2. Assign at least one group to the user.

Add an LDAP User

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Add an LDAP User from the list.

 

Add an LDAP User - Search LDAP

  1. Select a credential from the list.

If you require a new credential, click Create a New Credential to create a new credential. The new credential is added to the list of available credentials.

  1. Click Fetch to load the list Domain Controllers, and then select one.
  2. To filter the user search, enter keywords in the user filter or use a wild card.
  3. Click Search LDAP.

 

  1. Select a user, and then click Add User.
  2. Assign at least one group to the user.

Edit a User Account

Administrators can edit user details such as change the name, username, email, and password, update active status, lock and unlock the account, and update multi-factor authentication settings as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  1. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.

Click the More Options button, and then select User Details.

  1. Select a user, click the vertical ellipsis button, and then select Edit User Details.
  2. In the Edit User pane, update the details as required, and then click Update User.

 

Propagate Domain Changes

Edit User > Set perferred domain controller

The preferred domain controller for a user is set by the group they are in, provided that the group was created with the propagate option turned on, and that this action happened before the user was set up.

If you want to change the preferred domain controller for a user, edit the user, select an appropriate credential, and then select a different preferred domain controller from the list.

Any future change to the preferred domain controller at the group level can overwrite this setting if the propagate switch is turned on.

 

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

Add User to Groups

  1. From the User Management page, click Users to display the list of users in the grid.
  2. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.

Click the Add User to Groups button

  1. Select a user or users, and then click the Add User to Groups button above the grid.

 

Add Groups to Users

  1. Search for the group or groups, and then select the group or groups to assign currently selected users to the selected groups.

If a group already contains all of the selected users, a check mark is displayed next to the group name.

 

Delete a User Account

Administrators can delete user accounts as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  2. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.
  3. For local accounts, select the user, click the Delete button above the grid, and then click Delete to confirm.
  4. For directory accounts, select the user, click the vertical ellipsis, select Delete User, and then click Delete to confirm.

If a user account is linked to any Password Safe session recordings, you cannot delete it for auditing reasons; however, you may disable the account.

Directory accounts may be deleted only if they do not belong to any groups.