Create and Manage Administration Users

Note: Administration console users are specific to the AAA Server Administration Console and do not correspond to any user in your LDAP directory.
You can enable the initial console Administrator to use an authentication device rather than a static password to log on. However, it is recommended that you keep the initial Administrator authenticating with a static password login. This eliminates the danger of a lost or broken device, which would prevent access by the initial console Administrator. Keep the initial Administrator’s ID and password in a safe place where nobody can access it unless there is an emergency.
Prerequisites: Do NOT attempt to create Administration Console users until you have created device repositories and imported devices. Otherwise, you will not be able to define the rights of your Administration Console users properly or assign them authentication devices.
  1. In the tree in the left pane of the Administration Console, select Company.

  2. Click on the icon.


  3. Click Add to "create" an Administration Console user.

    If you have already created users, and you want to Modify a profile or Remove someone from the system, select a user from the list presented, then click on the button corresponding to the action you want to perform.

    Note: You cannot modify or remove your own administrator UserID/role.

  4. In the Username field, enter a name for the user. (You cannot change an Administration Console user’s name after you have created the user.)

  5. From the Role drop-down list, select the appropriate profile for the new user.

    The available options on the Add New User screen vary depending on the profile you select.

    For further information on the Administration Console user roles, see Console User Profiles.

    6. Important: Once you create an Audit Manager, console Administrators can no longer access the Audit tab in the Tools > Options menu bar. Only the new Audit Manger (and other Audit Managers) can access the Audit tab selection. However, Audit Mangers can select a option on the Audit tab screen to permit Administrators access to Audit management.

  6. For use with asynchronous authentication only, the user can authenticate to the Administration Console with an authentication device (recommended for greater security). Select the device to assign to the user from the Device drop-down list. Keep the default selection of None to have the user authenticate with a static password.

    Devices are displayed in the Device drop-down list only when they are initialized. You can modify the user’s method of authentication later, if no devices are currently available to assign.

  7. If you selected None from the Device drop-down list, then in the Password and Confirm fields, enter and confirm a static password for the user.

  8. Select Allow Import/Export Devices when you want to allow Device Managers to import or export devices. This option is not available for other users.

    9. Note: To export devices, a pre-existing cipher key must be created by an Administrator user.
  9. By default, all new users can manage all available groups. In the Group Administration section of the screen, if you do NOT want the user to be able to manage all user groups, then clear Manage all groups and then select the appropriate group(s) in the Available group(s) list.
  10. Click > to move the selected group(s) to the Selected group(s) list.

  11. Click Root Repository to limit the rights of a Device Manager to that of initializing devices and storing them in a particular Device Repository.

    12. Note: You cannot change an Administrator’s Root Repository rights. All Administrators have full rights to all repositories.
  12. Click OK to return to the Add New User screen.
  13. Click OK.