Create and Manage User Accounts

User accounts create the user identity that BeyondInsight uses to authenticate and authorize access to specific system resources. You can create BeyondInsight users, as well as add Active Directory and LDAP users into BeyondInsight.

A user account must be a member of a BeyondInsight group. If a user is not a member of any groups in BeyondInsight, the user will not be able to log in to the console.

Create a BeyondInsight Local User Account

  1. Select Configuration.
  2. Under Role Based Access, select User Management.

User Management > Create New User

  1. Select Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Create a New User.

 

  1. Complete the Identification and Credentials / Change Password sections. These fields are required.
  1. Enter the user’s contact information (Optional).
  2. Select an Activation Date and an Expiration Date for the user account.
  3. Enable the User Active option to activate the user account.
  4. Leave the Account Locked and Account Quarantined options disabled.
  5. Select a two-factor authentication method and mapping information, if applicable.
  6. Click Create User.

Screenshot of User Details > Groups - assign a group to a user.

  1. The user is created and User Details > Groups is displayed. You can filter the list of groups displayed by type, name, or description. Select a group, and then click Assign Group.

The user must belong to at least one group

.

Screenshot of removing a group from a user.

  1. To remove the user from a group, select Assigned Groups from the Show dropdown, and then select a group and click Remove Group.

 

Add an Active Directory User

Active Directory users can log in to the management console and perform tasks based on the permissions assigned to their groups. The user can authenticate against either a domain or domain controller.

Active Directory users must log in to the management console at least once to receive email notifications.

  1. Select Configuration.
  2. Under Role Based Access, select User Management.

User Management > Create New User

  1. Select Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Add an Active Directory User.

 

Add an Active Directory User - Search Active Directory

  1. Select a credential for the directory, or click Manage Credentials to add or edit a credential.

 

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

  1. If not automatically populated, enter the name of a domain or domain controller.
  1. After you enter the domain or domain controller credential information, click Search Active Directory. A list of users in the selected domain is displayed.

For performance reasons, a maximum of 250 groups from Active Directory is retrieved. The default filter is an asterisk (*), which is a wild card filter that returns all groups. Use the group filter to refine the list.

  1. Set a filter on the groups that will be retrieved, and then click Search Active Directory. Example filters:
    • a* returns all group names that start with a.
    • *d returns all group names that end with d.
    • *sql* returns all groups that contain sql in the name.
  1. Select a user, and then click Add User.
  2. Assign at least one group to the user.

Add an LDAP User

  1. Select Configuration.
  2. Under Role Based Access, select User Management.

User Management > Create New User

  1. Select Users to display the list of users in the grid.
  2. Click Create New User.
  1. Select Add an LDAP User from the list.

Add an LDAP User - Search LDAP

  1. Select a credential for the directory, or click Manage Credentials to add or edit a credential.

 

For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.

  1. Click Fetch to load the list Domain Controllers, and then select one.
  2. To filter the group search, enter keywords in the group filter or use a wild card.
  3. Click Search LDAP.
  1. Select a user, and then click Add User.
  1. Assign at least one group to the user.

Edit a User Account

Administrators can edit user details such as change the name, username, email, and password, update active status, lock and unlock the account, and update multi-factor authentication settings as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  1. Optionally, filter the list of users in the grid by Type, Username, Name, Domain, or Email.

Click the More Options button, and then select User Details.

  1. Select a user, and then click the More Options button, then select Edit User Details.
  2. In the Edit User pane, update the details as required, and then click Update User.

 

Add Groups to User

  1. From the User Management page, click Users to display the list of users in the grid.
  2. Optionally, filter the list of users in the grid by Type, Username, Name, Domain, or Email.

Click the Add User to Groups button

  1. Select a user or users, and then click the Add User to Groups button above the grid.

 

Add Groups to Users

  1. Search for the group or groups, and then select the group or groups to assign currently selected users to the selected groups.

If a group already contains all of the selected users, a check mark will be displayed next to the group name.

 

Delete a User Account

Administrators can delete user accounts as follows:

  1. From the left navigation pane in the console, select Configuration.
  2. Under Role Based Access, select User Management.
  1. Click Users to display the list of users in the grid.
  2. Optionally, filter the list of users in the grid by Type, Username, Name, Domain, or Email.

Screenshot of deleting a user account in the console.

  1. Select a user, and then click the Delete button above the grid, or click the More Options button, and then select Delete User.

This process only removes the selected user(s) from their assigned group(s). It does not delete the user from BeyondInsight.