The following procedure explains how to add and configure new users. You add each new user by opening and completing the User Information form. This form records each user’s individual settings. It also allows you to record a user’s email addresses, which the Manager can use to notify the user when an appropriate alert event occurs.
Starting with LEM version 5.4, the Build > Users component of the LEM console integrates with Microsoft Active Directory. Import domain users or groups to create LEM console users with domain credentials.
Note: Before you import any user into LEM, be sure the account in Active Directory includes a valid email address if you plan to send that user email messages for LEM rules. After you import a user, you cannot change or add the email address for the LEM user account.
To add a new user:
1. Open the Build >Users view.
2. At the top of the Users grid, click Add User. Below the grid, a blank User Information form appears. A completed form is shown here for reference purposes.
3. Complete the User Information form, as described in the following table.
Field Description
Manager list
In the upper-right corner of the form, select the Manager this user will be associated with.
User Name Type the user’s system user name. This is the name the user will use when logging into the Manager.
Note: User names admin_role,audit_role, and reports_ role cannot be used.
First Name Type the user’s first name. Last Name Type the user’s last name.
Password Type the user’s system password. This is the password the user will use when logging into the Manager. This can be an initial system password or a temporary password that is assigned to replace a forgotten password.
If you have the Must Meet Complexity Requirements option checked in the Appliances view's Settings tab, the Console enforces the following password policy:
l Passwords must have a minimum of six characters.
Spaces are not allowed.
l Passwords must have two of the following three
Field Description
l At least one special character l At least one number
l A mix of lowercase and uppercase letters.
Confirm Password
Type the password a second time to verify that you entered it correctly.
Role Select the appropriate role for this user:
l Administrators are users who have full access to the
system, and can view and modify everything.
l Auditors are users who have extensive view rights to
the system, but cannot modify anything other than their own filters.
l Monitors are users who can access the Console, but
cannot view or modify anything, and must be provided a set of filters.
l Contacts are users who cannot access the Console,
but do receive external notification.
l Guests are users who have extensive view rights to
the system, but cannot modify anything other than their own filters.
View Role After selecting a user role, you can click the View Role button to open the Privilegesform, which shows the system privileges for that role. This information is provided here for reference purposes and cannot be changed.
Description Type a brief description (up to 50 characters) of the user’s title, position, or area of responsibility.
Contact Information
Use this section to record the user’s email addresses, so the Manager can notify users of network security events by email. You can add as many email addresses as you need for each user.
Field Description
It is always a good idea to test each email address to confirm that it has been entered correctly and that it works properly. To add the user’s email address:
1. Click the “add” button.
2. In the box that appears (shown here), type the user’s email address and then click Save.
3. The email address appears in the Contact Information section.
4. Repeat this procedure as needed, to record each email address that applies to the user.
To test an email address:
In the User Information form’s Contact Information area, click the test button for the email address you want to test. Verify that the user has received the email test message. If the message was not received, you may need to edit email address.
Note: In order for the Manager’s notification system to work, you must have the Manager’s Email Connector Settings set up properly..
4. When you are finished, click Save to save the new user; otherwise, click Cancel.
To create a user from an Active Directory user:
2. Configure the Directory Service Query connector on your LEM appliance if you haven't already. For additional information, see Configuring the
Directory Service Query Connector. 3. Click Build and then select Users.
4. Click the plus button, and then select Directory Service User.
5. Select the Organizational Unit and Group where you want to add the user. 6. Select the user you want to add from the Available Users column, and then
click Select User.
7. Select a LEM Role in the User Information form. Click View Role to see details about each role.
8. Enter a user description. If you change the Description field, your changes only apply to the LEM user account, not the Active Directory account. 9. Click Save.
To create users from an Active Directory group:
1. Open your LEM console and authenticate to your LEM appliance.
2. Configure the Directory Service Query connector on your LEM appliance if you haven't already. For additional information, see Configuring the
Directory Service Query Connector 3. Click Build , and then select Users.
4. Click the plus button, and then select Directory Service Group.
5. Select the Organizational Unit to which the group you want to add belongs. 6. Select the group you want to add from the Available Groups column, and
then click Select Group.
7. Select a LEM Role in the User Information form. Click View Role to see details about each role.
Note: If you want members of this group to have different LEM user roles, change their roles individually after you complete this procedure.
8. Enter a description for these users if you want. If you change the Description field, your changes only apply to the LEM user accounts, not the Active Directory accounts.