Creating a New User Account

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
  2. In the top menu bar, click Security.
  3. Click the Users tab.
  4. Select Actions > Create User.

  5. On the User tab, enter the following information. All fields on this tab are required.

    ClosedField Descriptions
    Field Description
    Login Name

    The login name for the user account. The login name is case-sensitive, so you could have three distinct accounts called CloudAdmin, Cloudadmin, and cloudadmin.

    The login name can contain standard alphanumeric characters, hyphens (-), underscores (_), and periods (.). It cannot contain spaces or other special characters.
    Full Name

    The full name of the user associated with the account. This name is included on any audit log messages generated by that user's activity. Therefore, we recommend that you specify a unique full name for each KeyControl user.
    Email Address

    If your system is configured to send email alerts, they will be sent to this email address. The alerts a user sees depends on their user role and group access.

    Account Expiration

    The date on which this user account should expire. The default is one year from the creation date.

    KeyControl automatically disables expired accounts but does not delete them. Disabled accounts can be re-enabled in the KeyControl webGUI.

    Account Enabled

    Check this box to have the account be available as soon as you create it. If you clear this check box, KeyControl sets the account status to Disabled and you will need to manually enable it through the webGUI.

  6. On the Authentication tab, select the type of authentication you want to use.

    ClosedOptions
    Authentication Method Description
    Managed by KeyControl
    1. In the Authentication drop-down, select Local.
    2. In the Password and Repeat Password fields, enter the password for this user account.

    3. In the Password Expiration field, enter the date on which the password should expire. Once this date is reached, the user will be prompted to enter a new password the next time they log into KeyControl.

      The expiration date cannot be longer than 60 days.
    Managed by RADIUS
    1. In the Authentication drop-down, select RADIUS.
    2. If you want to use the pre-configured RADIUS settings, leave the Use default Radius settings check box checked and continue to the next step.
    3. If you want to change the default RADIUS settings, clear the Use default Radius settings check box.
    4. Enter the RADIUS server address, port number, and password in the designated fields.
    5. To test the connection to the server, click Test RADIUS Server.
    Managed by LDAP

    In the Authentication drop-down, select LDAP.

    KeyControl does not currently support individual LDAP settings. Instead, every LDAP user account must use the global LDAP configuration. For more information, see Configuring Default LDAP Settings.
  7. When you have finished specifying the authentication method, click Next.

  8. On the Privileges and Groups tab:

    1. Check one or more of the user role check boxes to assign this user Security Admin, Domain Admin, and/or Cloud Admin privileges. For a list of the privileges assocated with each user role, see KeyControl User Accounts. KeyControl populates the Available Groups list box based on the selected user roles.

    2. If you assigned the Domain Admin or Cloud Admin user role to this account, in the Available Groups list box, select one or more groups to which this user should belong and click the right arrow to move the selected groups to the Assigned Groups list box.

      If this account has only the Security Admin user role, there will be no groups avaiable. In this case, you can skip this step.

    3. Click Create.
  9. When you see the User Successfully Created message, click Close.

 

HyTrust DataControl v 4.1

Copyright © 2017 HyTrust, Inc. All Rights Reserved.

Follow us: