Create and Manage User Accounts

User accounts create the user identity that BeyondInsight uses to authenticate and authorize access to specific system resources. You can create BeyondInsight users, as well as add Active Directory and LDAP users into BeyondInsight.

A user account must be a member of a BeyondInsight group. If a user is not a member of any groups in BeyondInsight, the user cannot log in to the console.

Create a BeyondInsight Local User Account

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.

 

  1. Select Create a New User.

 

  1. Complete the Identification and Credentials / Change Password sections. These fields are required.
  1. Enter the user’s contact information (Optional).
  2. Select an Activation Date and an Expiration Date for the user account.
  3. Enable the User Active option to activate the user account.
  4. Leave the Account Locked and Account Quarantined options disabled.
  5. Select a two-factor authentication method and mapping information, if applicable.
  6. Click Create User.

Screenshot of User Details > Groups - assign a group to a user.

  1. The user is created and User Details > Groups is displayed. You can filter the list of groups displayed by type, name, or description. Select a group, and then click Assign Group.

The user must belong to at least one group

 

Screenshot of removing a group from a user.

  1. To remove the user from a group, select Assigned Groups from the Show dropdown, and then select a group and click Remove Group.

 

Add an Active Directory User

Active Directory users can log in to the management console and perform tasks based on the permissions assigned to their groups. The user can authenticate against either a domain or domain controller.

Active Directory users must log in to the management console at least once to receive email notifications.

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.

 

  1. Select Add an Active Directory User.

 

Add an Active Directory User - Search Active Directory

  1. Select a credential for the directory, or click Manage Credentials to add or edit a credential.

 

  1. If not automatically populated, enter the name of a domain or domain controller.
  1. After you enter the domain or domain controller credential information, click Search Active Directory. A list of users in the selected domain is displayed.

For performance reasons, a maximum of 250 groups from Active Directory is retrieved. The default filter is an asterisk (*), which is a wild card filter that returns all groups. Use the group filter to refine the list.

  1. Set a filter on the groups that will be retrieved, and then click Search Active Directory.
Sample filters:
  • a* returns all group names that start with "a"
  • *d returns all group names that end with "d"
  • *sql* returns all groups that contain "sql" in the name
  1. Select a user, and then click Add User.
  2. Assign at least one group to the user.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

Add an LDAP User

  1. Navigate to Configuration > Role Based Acess > User Management.

User Management > Create New User

  1. Click Users to display the list of users in the grid.
  2. Click Create New User.

 

  1. Select Add an LDAP User from the list.

Add an LDAP User - Search LDAP

  1. Select a credential for the directory, or click Manage Credentials to add or edit a credential.

 

  1. Click Fetch to load the list Domain Controllers, and then select one.
  2. To filter the group search, enter keywords in the group filter or use a wild card.
  3. Click Search LDAP.
  1. Select a user, and then click Add User.
  1. Assign at least one group to the user.

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

Edit a User Account

Administrators can edit user details such as change the name, username, email, and password, update active status, lock and unlock the account, and update multi-factor authentication settings as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  1. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.

Click the More Options button, and then select User Details.

  1. Select a user, and then click the More Options button, then select Edit User Details.
  2. In the Edit User pane, update the details as required, and then click Update User.

 

Add Groups to User

  1. From the User Management page, click Users to display the list of users in the grid.
  2. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.

Click the Add User to Groups button

  1. Select a user or users, and then click the Add User to Groups button above the grid.

 

Add Groups to Users

  1. Search for the group or groups, and then select the group or groups to assign currently selected users to the selected groups.

If a group already contains all of the selected users, a check mark is displayed next to the group name.

 

Delete a User Account

Administrators can delete user accounts as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  2. Optionally, filter the list of users displayed in the grid using the Filter By dropdown.
  3. For local accounts, select the user, click the Delete button above the grid, and then click Delete to confirm.
  4. For directory accounts, select the user, click the vertical ellipsis, select Delete User, and then click Delete to confirm.

If a user account is linked to any Password Safe session recordings, you cannot delete it for auditing reasons; however, you may disable the account.

Directory accounts may be deleted only if they do not belong to any groups.