Access to the UserGate LogAn web console is controlled by creating additional administrator accounts, assigning them access profiles, defining an administrator password management policy, and configuring web console access with the correct permissions for the service in the network zone properties.
Note
A local superuser named Admin is created during the initial setup of UserGate LogAn.
To create additional device administrator accounts, follow these steps:
Task |
Description |
---|---|
Step 1. Create an administrator access profile. |
In the Administrators --> Administrator profiles section, click Add and enter the desired settings. |
Step 2. Create an administrator account and assign it one of the administrator profiles created earlier. |
In the Administrators section, click Add and select the desired option.
|
When creating an administrator access profile, specify the following parameters:
Name |
Description |
---|---|
Name |
Profile name. |
Description |
Profile description. |
Permissions |
The list of web console tree objects available for delegation. The following access options are available:
|
User roles |
Defines the user roles for performing actions on incidents and analytics rules assigned to the administrators with this profile. For more details on roles, see the section User Roles and Role Permissions. |
Note
Do not confuse roles and role permissions with permissions for objects in the management console. Object permissions allow the user to view or edit certain objects, such as incidents, whereas roles and role permissions allow a user to perform certain actions with object elements --- e.g., create an incident, add an assignee to it, etc. Generally, for a user to work anywhere in a system, object permissions and certain role permissions need to be delegated to the user.
A UserGate LogAn administrator can configure additional administrator account protection settings, such as password complexity and temporary account blocking on exceeding the max failures limit of authentication attempts.
To configure the above settings, follow these steps:
Task |
Description |
---|---|
Step 1. Configure the password policy. |
In the Administrators --> Administrators section, click Configure. |
Step 2. Fill in the relevant fields. |
Provide values for these fields:
|
The Administrators --> Administrator sessions section displays all administrators who are logged in to the UserGate LogAn administrative web console. Any of the administrator sessions can be closed (reset) if necessary.
The administrator can define the zones from which access to the web console service will be allowed (TCP port 8010).
Note
Web console access should not be allowed for zones connected to uncontrolled networks (e.g. the Internet).
To allow the web console service for a specific zone, go to the zone properties and allow access to the Administrative console service in the Access control section. For more details on configuring zone access control, see the section Zone Configuration.