Managing user accounts and user groups
Use the Manage Users dialog to manage user accounts and user group access to application features such as the WhatsUp Gold Console, Account Administration, System Administration, Monitoring, Devices, and Reports.
User Accounts
User accounts allow users to log in to the web interface of WhatsUp Gold and control access to data and functionality either through direct assignment of user rights or by membership in a user group.
User accounts can authenticate using:
- . The user account is created using the Add User dialog, and will authenticate using an Internal password.
- . The user account is created using the Add User dialog with the authentication type set to LDAP. The user will log in to WhatsUp Gold using the credentials they use to authenticate with their LDAP server. For Active Directory authentication, the user account is created when a user that belongs to an AD group that has been mapped to a WhatsUp Gold group initially authenticates with WhatsUp Gold. The user will log in to WhatsUp Gold using their Windows domain credentials, which must be configured from the Configure External Authentication dialog. For more information, see Setting LDAP or Cisco ACS credentials.
- . The user account is created when a user with a Cisco ACS authentication server has been configured to authenticate with Cisco ACS from WhatsUp Gold. The user will log in to WhatsUp Gold using their Cisco ACS credentials, which must be configured from the Configure External Authentication dialog. For more information, see Setting LDAP or Cisco ACS credentials.
User accounts gain user rights when:
- Directly assigned those rights using the Add/Edit user accounts dialog. User rights directly assigned to the user account supersede any rights prohibited by membership in a WhatsUp Gold user group.
- The user is a member of a WhatsUp Gold user group. The user will gain those rights assigned to the WhatsUp Gold user group.
- The user is a member of a AD group that has been mapped to a WhatsUp Gold user group. The user will gain those rights assigned to the WhatsUp Gold user group.
There are two default user accounts:
- . The account is given all user rights, including , which grants the the right to create and edit user accounts. The Administrator is also given all group access rights, so that when enabled, this account will be able to view and edit devices in all device groups.
- . The Guest account allows users to see the application without giving them the ability to modify any settings. By default, all user rights and all group access rights are disabled for this account. This limits the account to only seeing a limited number of information in the application. The account (or anyone else with rights) can modify the Guest account rights using the Manage Users dialog.
The account can be used to create additional user accounts as needed.
: We recommend limiting the number of users to whom you grant the right. If multiple user accounts are given permission to create and delete user accounts, confusion could surface as a result. Open communication between all user accounts with the right is crucial to a smooth network management operation.
To manage users:
- To add a new user account, click The Add User dialog appears.
- To update the displayed user rights of a user account that has the Manage Users right following upgrade to WhatsUp Gold v15.0 or later, select a user account from the account list, then click . The Edit User dialog appears. Without making any changes to the user rights, click . The user rights available to the user prior to the upgrade will be updated. Log out of WhatsUp Gold and log back in. The user account will correctly display the user rights assigned to the user account and the Admin Panel in the Admin tab () and other areas of the user interface previously hidden will display.
: When upgrading from WhatsUp Gold v14.x or earlier to WhatsUp Gold v15.0 or later, if the Manage Users rights was assigned to an account prior to the upgrade, the displayed user rights may reflect rights that have not been assigned to the user account, causing portions of the web interface to be hidden such as the Admin Panel in the Admin tab. To update the user account to reflect that the rights are assigned to the account, it is necessary to open the edit dialog for the user account, and without making any changes, click . This will update the user rights assigned to the account, and after logging out and back into the WhatsUp Gold web interface, the user rights assigned to the user will be correctly displayed.
- To change an existing user account, select a user account from the user account list, then click . The Edit User dialog appears.
- To remove a user account, select the user account from the user account list, then click . A confirmation message will appear. Click . The user account will be removed from the user account list.
- To permit a locked user to perform a log on attempt before the designated time delay has expired, click . The lock icon next to the user account will disappear and the user will be able to perform a log on attempt.
User Groups
User groups efficiently manage assignment of permissions and rights to user accounts. You can map WhatsUp Gold user groups to Active Directory groups so that users can authenticate and be assigned to WhatsUp Gold groups using their Windows domain credentials.
. The domain-guests group is created if you attempt to map AD groups before any WhatsUp Gold user groups have been created, this group is not given any user rights. Any user account with Manage Users can add user group rights to this group.
To manage groups:
- To add a new user group, click .The Add User Group dialog appears.
- To change an existing user group, select a user group from the user group list, then click . The Edit User dialog appears.
- To remove a user group, select the user group from the user group list, then click . A confirmation message will appear. Click . The user account will be removed from the user account list.
To enforce access rights set up in the Device Group Properties dialog:
Click to enforce access rights set up in the Device Group Properties dialog.
To set the password policy settings:
- Click . The Password Policy Settings dialog appears.
- . Enter the time in minutes that the system should delay before allowing a locked out user from performing a log on attempt.
- . Enter the minimum number of days required between password changes.
- . Enter the number of days before a password expires.
- . Enter the number of days to retain previously used passwords.
- . Enter the number of passwords that are not to be reused against previous passwords.
- . Enter the number of days to warn user before password expiration.
- . Enter the minimum number of characters required for the password policy. The default minimum complex password requirement is one special character, one capital (upper case) letter, one lower case letter, and one number.
- Click . The new password policy values appear in the dialog.