Creating a New KeyControl-Managed User Account

Log into the KeyControl webGUI using an account with Security Admin privileges.
In the top menu bar, click Security.
Click the KeyControl Managed Users tab.
Select Actions > Create User.

On the User tab, enter the following information. All fields on this tab are required.

Field Descriptions

Field	Description
Login Name	The login name for the KeyControl-managed user account. The login name is case-sensitive, so you could have three different accounts called CloudAdmin, Cloudadmin, and cloudadmin. The login name can contain standard alphanumeric characters, hyphens (-), underscores (_), and periods (.). It cannot contain spaces or other special characters.
Full Name	The full name of the user associated with the account. This name is included on any audit log messages generated by that user's activity. Therefore, we recommend that you specify a unique full name for each KeyControl user.
Email Address	If your system is configured to send email alerts, they will be sent to this email address. The alerts a user sees depends on their user role and group access.
Account Expiration	The date on which this user account should expire. The default is one year from the creation date. KeyControl automatically disables expired accounts but does not delete them. Disabled accounts can be re-enabled in the KeyControl webGUI.
Account Enabled	Check this box to have the account be available as soon as you create it. If you clear this check box, KeyControl sets the account status to Disabled and you will need to manually enable it through the webGUI.

On the Authentication tab, select the type of authentication you want to use.

Options

Authentication Method	Description
Locally by KeyControl	In the Authentication drop-down, select Local. In the Password and Repeat Password fields, enter the password for this user account. In the Password Expiration field, enter the date on which the password should expire. Once this date is reached, the user will be prompted to enter a new password the next time they log into KeyControl. The expiration date cannot be longer than the number of days defined in the default local authentication settings. For more information, see Configuring Local Authentication Settings. Tip: If you want to force the user to change their password the first time they log in, select a date in the past for the Password Expiration date.
Externally by a RADIUS authentication server	In the Authentication drop-down, select RADIUS. If you want to use the pre-configured RADIUS settings, leave the Use default Radius settings check box checked and continue to the next step. If you want to change the default RADIUS settings, clear the Use default Radius settings check box and enter the RADIUS server address, port number, shared secret, and authentication method in the designated fields. For more information, see Specifying Default RADIUS Authentication Server Settings. To test the connection to the server, click Test RADIUS Server.
Externally by an LDAP authentication server	In the Authentication drop-down, select LDAP. KeyControl does not currently support individual LDAP settings. Instead, every LDAP user account must use the global LDAP configuration. For more information, see Specifying an LDAP/AD Authentication Server.

Authentication Method

Description

Locally by KeyControl

In the Authentication drop-down, select Local.
In the Password and Repeat Password fields, enter the password for this user account.
In the Password Expiration field, enter the date on which the password should expire. Once this date is reached, the user will be prompted to enter a new password the next time they log into KeyControl.

The expiration date cannot be longer than the number of days defined in the default local authentication settings. For more information, see Configuring Local Authentication Settings.

Tip: If you want to force the user to change their password the first time they log in, select a date in the past for the Password Expiration date.

Externally by a RADIUS authentication server

In the Authentication drop-down, select RADIUS.
If you want to use the pre-configured RADIUS settings, leave the Use default Radius settings check box checked and continue to the next step.
If you want to change the default RADIUS settings, clear the Use default Radius settings check box and enter the RADIUS server address, port number, shared secret, and authentication method in the designated fields. For more information, see Specifying Default RADIUS Authentication Server Settings.
To test the connection to the server, click Test RADIUS Server.

Externally by an LDAP authentication server

In the Authentication drop-down, select LDAP.

KeyControl does not currently support individual LDAP settings. Instead, every LDAP user account must use the global LDAP configuration. For more information, see Specifying an LDAP/AD Authentication Server.

When you have finished specifying the authentication method, click Next.
On the Privileges and Groups tab:
1. Check one or more of the user role check boxes to assign this user Security Admin, Domain Admin, and/or Cloud Admin privileges. Security Admins configure KeyControl and create user accounts and Cloud Admin Groups, Domain Admins manage the KeyControl servers in the cluster, and Cloud Admins manage the VMs registered with KeyControl. For a complete list of the privileges associated with each user role, see KeyControl User Accounts.
2. If you assigned the Cloud Admin user role to this account, in the Available Groups list box, select one or more Cloud Admin Groups to which this user should belong and click the right arrow to move the selected groups to the Assigned Groups list box.
  
  When you add a Cloud Admin to a Cloud Admin Group, that user can see and manage all VMs registered with all of the Cloud VM Sets associated with that group. A Cloud Admin can belong to any number of Cloud Admin Groups.
3. Click Create.
When you see the User Successfully Created message, click Close or Create More Users.