Adding a local account
Next steps
To add local administrator accounts:
- Navigate to the page
The Add Local Account page displays.
and click Add Local Account. - Enter a unique Name.
- The name must be between 1 and 50 characters long, and cannot include any of the following characters:
* < > ' ‘ { } ~ ! $ % & @ # . " | \ & + = ? / ; : , ^ ( )
- Names can include spaces and dashes.
- The name must be between 1 and 50 characters long, and cannot include any of the following characters:
- Enter a valid Email address for the user.
This email address is used to send account information to the new administrator.
- Enter and confirm a Password for this user.The password must be 8–255 characters and include at least one of each of the following:
- uppercase letter
- lowercase letter
- number
- special character (such as hyphen, underscore, or blank)
Note:- If certificate authentication is enabled and password authentication is disabled on the page General > Two- Factor Auth, password logon is not available for the local account.
-
When SSO is enabled, all local accounts will not be able to configure their passwords. Only Global Security Administrator can have a password configured.
-
When SSO is disabled, make sure to configure passwords for local accounts. The local account will be able to generate a temporary password by clicking Forgot password? link on the login page.
- When SSO is enabled, only the Global Security Administrator can generate a temporary password by clicking Log in as Global Administrator from SSO login page and selecting the Forgot password link, in case the login password is forgotten.
- Under Administrator type, select either User or Application. (Added version 8.6.3)
- Select User for administrator accounts that require access to the Security Manager. This is the standard type for all administrators.
- Select Application if the account is used to access REST API services in the Data Security module. The Application type provides permissions to perform API requests
to the Security Manager.
The Email Address provided for this account will be used as the Application owner’s contact. Forcepoint DLP uses this email address if there is an issue with the Application.
If you select Application, then all module access permission options on this page are disabled. The Application type grants access to the Data module by default and grants no permissions to the other modules. These permissions cannot be edited. Also, the Notify administrator of the new account via email and Force administrator to create a new password at logon options are not available.
- To create an administrator with full permissions across all Security Manager modules and functions, mark the check box Global Security Administrator.Note: Only Global Security Administrators can create other Global Security Administrators.
- To send account information and access instructions to the new administrator via email, mark the check box Notify administrator of the new account via email.
To send administrator emails, you must set up SMTP details on the Notifications page. Optionally, also customize the contents of the email message on the Notifications page (see Setting email notifications).
- To require the administrator to change the account password the first time he or she
logs on to the Security Manager, mark the check box Force administrator to
create a new password at logon. Note:
When SSO is enabled, the Force administrator to create a new password at logon option is enabled only when the Global Security Administrator option is checked.
When SSO is enabled and both Global Security Administrator and Force administrator to create a new password at logon options are checked, the Global Security Administrator is forced to create a new password only when Global Security Administrator clicks on Log in as Global Security Administrator on the login page.
- If certificate authentication is enabled on the page
- Click Certificate Authentication.
- Browse to the location of the certificate to use for administrator authentication for this account.
- Click Upload Certificate.
For more information, see Configuring two-factor authentication.
: - If this account is not a Global Security Administrator, in the section Module Access Permissions, select the permissions to give to the new administrator.
- Choose a setting under each of the available options (Web, Data, Email) to give the new administrator permissions to manage one or more of the Security
Manager modules. The options available depend on the modules in your subscription.For each module, choose whether the new administrator has:
- No access to that module
- Only access to the module
- Both access and the ability to manage other administrators in that module For more information see Security Manager administrators.
Note: Administrators can assign access permissions only for the Security Manager modules for which they have management permissions.
- Choose a setting under each of the available options (Web, Data, Email) to give the new administrator permissions to manage one or more of the Security
Manager modules. The options available depend on the modules in your subscription.
- When you are finished making changes, click OK.
The changes are saved.
- Enabling access to the Security Manager
- Adding a network account
- Editing a local account