Administrators

Access to the LogAn web console is controlled by creating additional administrator accounts, assigning them access profiles, defining an administrator password management policy, and configuring web console access with the correct permissions for the service in the network zone properties.

NoteA local superuser named Admin is created during the initial setup of LogAn.

To create additional device administrator accounts, follow these steps:

Name

Description

Step 1. Create an administrator access profile.

In the Administrators ➜ Administrator profiles section, click Add and enter the desired settings.

Step 2. Create an administrator account and assign it one of the administrator profiles created earlier.

In the Administrators section, click Add and select the desired option.

  • Add local administrator: create a local user, set a password for the user, and assign them one of the access profiles created earlier.

  • Add LDAP user: add a user from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section. When logging in to the administrative console, the username must be specified in the user@domain format. Assign this user a profile created earlier.

  • Add LDAP group: add a user group from an existing domain. This requires a correctly configured LDAP connector in the Auth servers section. When logging in to the administrative console, the username must be specified in the user@domain format. Assign this user a profile created earlier.

  • Add administrator with auth profile: create a user and assign them an administrator profile created earlier and an auth profile (this requires correctly configured auth servers).

When creating an administrator access profile, specify the following parameters:

Name

Description

Name

Profile name.

Description

Profile description.

Permissions

The list of web console tree objects available for delegation. The following access options are available:

  • No access

  • Read only

  • Read and write.

A LogAn administrator can configure additional administrator account protection settings, such as password complexity and temporary account blocking on exceeding the max failures limit of authentication attempts.

To configure the above settings, follow these steps:

Name

Description

Step 1. Configure the password policy.

In the Administrators ➜ Administrators section, click Configure.

Step 2. Fill in the relevant fields.

Provide values for these fields:

  • Strong password: enables the additional password complexity settings presented below, such as Minimum length, Minimum uppercase letters, Minimum lowercase letters, Minimum digit letters, Minimum special characters, and Maximum characters repetition block.

  • Number of invalid auth attempts: the number of failed attempts to authenticate as an administrator after which the account is blocked for Block time.

  • Block time: the time for which the account is blocked.

The Administrators ➜ Administrator sessions section displays all administrators who are logged in to the LogAn administrative web console. Any of the administrator sessions can be closed (reset) if necessary.

The administrator can define the zones from which access to the web console service will be allowed (TCP port 8010).

Note Web console access should not be allowed for zones connected to uncontrolled networks (e.g. the Internet).

To allow the web console service for a specific zone, go to the zone properties and allow access to the Administrative console service in the Access control section. Более подробно о настройке контроля доступа к зонам можно прочитать в разделе Настройка зон.