NetCyte NAC Management User Interface supports Role-based access management integration with Active Directory.
You can control all user access privileges under Settingsà.User Management Menu. You can define a user as a local user, this user will be created in NAC Database, or you can integrate with your Active Directory. User’s access privilege is defined in the assigned role to the user.
Roles define access privileges of assigned users, so it is an important part of user creation. For managing roles, navigate to SettingsàUser ManagementàRole Management.
There are three built-in roles, Root role, Admin role and ReadOnly role. You can not edit or delete these roles, but you can create a copy of them by clicking the copy icon in the modify column of each row.
Under each role, there are a set of tickets or access information which are enabled or disabled. If you want to give permission access to your user, you need to select related tickets in the assigned role.
You can create your rule, or you can use built-in rule. Every user must have an assigned role to access the system.
Under the role management page, you can create your rule by
clicking
the button on the top of the
Role section. On the window, give a name to your rule and save it.
After Saving your rule, new ticket set is created under your rule name for editing. You can select a ticket and subsections to enable permission for the new role.
If you integrate Management User Interface with you Active
Directory, you do not need to create local users. Simply, you can manage login
accounts via Active Directory. For integration,
navigate to Settings àUser
Management à
User Repository Management and click button to define Integration
Parameters.
Define your parameters based on below definitions. Once you
finish, do not forget to test the connection by using the “Test Connection”
button.
Parameter Name |
Explanation |
Name |
Logical name of your repository. |
Prefix |
Your domain NETBIOS name. |
Host |
Active Directory Server IP address. |
Port |
Active Directory Service binds TCP port. |
Path |
Location of user search begins in Active Directory. During the authentication, system search user below this path in Active Directory. |
User Name |
The user name that is used for connection Active Directory. Ths user has search privilege under defined Path location. |
Password |
The Password of the user which is used to connect Active Directory. |
Table 1 Active Directory Integration Parameters
Once you create Roles and configure Active Directory integration, user creation is a simple process. To Create user navigate to Settingsà User ManagementàUser Management ad click “Add New User” button to open a new user definition window.
The difference between Active Directory and Local User definitions is: you do not need to provide password information if you are defining user from your Active Directory.
Parameters |
Explanations |
Authorization Type |
Location of User. I can be local or Active Directory User Repository. |
User Name |
User name of the user. If you select Active Directory User Repository, then user name in the Active Directory. |
First Name |
First name of the user. |
Surname |
Last name of the user. |
|
Email Address of the user. |
Password Fileds |
Password field of the user if you select Local User Repository. If you choose “Active Directory user repository” password fields are not available. |
Role |
The role assigned to the user. |
Theme |
The theme of user interface appearance. It can be light or dark. |
Region |
Region of the user. You can divide your network into segments and user only access device within that Region. |
Home Page |
Landing Page of the user when logs in to the system. |
Status |
Enable/Disable user account. |
Once you finish your user definitions, your user ready to log in to the system with assigned Role privileges.
All user activities are logged in to the system. You can
access the user activity log under Block&Audit Managementà GUI Logs. User
Activity logs are divided into five different types. You can access different
log type of logs by selecting available log types on the top of Monitoring
page.