12.2. Realm Administrators

Access control to the web management console for the realm is implemented by creating additional realm administrator accounts and assigning them access profiles.

Note

When creating a managed realm, the UGMC administrator creates a root administrator for the realm who has full access rights to this realm.

To create additional realm administrator accounts, follow these steps:

Task	Description
Step 1. Log in to the web management console as the root realm administrator.	Log in to the management console as the root realm administrator created for this realm by entering the login name as administrator_login/codename, e.g., Admin/UG.
Step 2. Create a realm administrator access profile.	In the Administrators --> Administrator profiles section of the realm management console, click Add and provide the desired settings.
Step 3. Create an administrator account and assign it one of the administrator profiles created earlier.	In the Administrators section, click Add and select the desired option. Add local administrator: create a local user, set a password for the user, and assign them one of the access profiles created earlier. Add LDAP user: add a user from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section of the realm. When logging in to the administrative console, the user name must be specified in the user@domain format. Assign this group a profile created earlier. Add LDAP group: add a user group from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section of the realm. When logging in to the administrative console, the user name must be specified in the user@domain format. Assign this group a profile created earlier. Add administrator with auth profile: create a user and assign them an administrator profile created earlier and an auth profile (this requires correctly configured auth servers).

Task

Description

Step 1. Log in to the web management console as the root realm administrator.

Log in to the management console as the root realm administrator created for this realm by entering the login name as administrator_login/codename, e.g., Admin/UG.

Step 2. Create a realm administrator access profile.

In the Administrators --> Administrator profiles section of the realm management console, click Add and provide the desired settings.

Step 3. Create an administrator account and assign it one of the administrator profiles created earlier.

In the Administrators section, click Add and select the desired option.

Add local administrator: create a local user, set a password for the user, and assign them one of the access profiles created earlier.
Add LDAP user: add a user from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section of the realm. When logging in to the administrative console, the user name must be specified in the user@domain format. Assign this group a profile created earlier.
Add LDAP group: add a user group from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section of the realm. When logging in to the administrative console, the user name must be specified in the user@domain format. Assign this group a profile created earlier.
Add administrator with auth profile: create a user and assign them an administrator profile created earlier and an auth profile (this requires correctly configured auth servers).

When creating an administrator access profile, specify the following parameters:

Name	Description
Name	Profile name.
Description	Profile description.
Realm access permissions	Set permissions to the settings sections of the realm, such as administrators, auth servers, device templates, template groups, managed devices, and logs and reports. The following access options are available: No access. Read only. Read and write.
Template access permissions	Set the rights to view and/or modify the settings for all or specific existing templates here. The settings are presented as UserGate NGFW console tree objects available for delegation. The following access options are available: No access. Read only. Read and write. For example, you can allow access to network settings for one administrator group and NGFW policies for another.

You are here

Search form

12.2. Realm Administrators