Local Users
Overview
A user needs to log in to HySecure to either access the applications securely over the network OR to manage the HySecure Gateway through the Management Console.
Organizations integrate HySecure with AD/LDAP/SAML - third-party authentication methods for user authentication. However, there are situations where organizations do not have third-party authentication methods or do not wish to use them for internal reasons. In such cases, HySecure supports creating users in its local database. These are called Local Users.
This page provides details on Local Users management.
Note
Avoid creating local user accounts for integrated authentication server users (e.g. AD, LDAP, RADIUS, SAML IdP).
User Roles
Local Users can have the following roles:
| User Role | Privileges |
|---|---|
| Low Security User | Low Security Users log in with basic authentication using the username and password. See configuring Authentication Servers for more information. |
| High Security User | High Security Users use certificate-based authentication to log in. Security Officers, Administrators, and Monitoring Users are High Security Users by default. |
| Administrator (Admin) | The Administrator can manage other Administrators, High and Low Security users, Applications, and Access Control Lists (ACLs) for various users and application groups. However, they cannot Add, Modify, or Delete a Security Officer. They do not have the right to apply licenses, updates, or upload certificates. |
| Security Officer (SO) | The Security Officer (SO) has the highest level of access in HySecure. The SO can Create, Modify, and Delete users, including other Security Officers, Administrators, and High/Low Security Users. An SO can manage ACLs for User Groups and applications. Only an SO has the right to change the Server State, Database Password, and Basic Authentication Method, and Enable or Disable SSH. |
| Monitoring User | This role enables users to manage registered devices and monitor the Dashboard. They can also monitor and export Active users, Registered users, Turbo active users, and Remote meeting users. In addition, they can download reports, logs, and archived logs. |
| L1 Support User | The L1-level Support user have the right to: 1. Monitor the dashboard. 2. Monitor and export active users, turbo active users, and remote meeting users. 3. Monitor and export registered users. 4. Monitor, export, and manage registered devices. 5. Monitor and download reports and logs. 6. Download archived logs. 7. Modify host scan policies. |
Important
As a best practice, it is recommended that the Security Officers, Administrators, and High Security Users log in to HySecure using basic authentication unless otherwise required. When logging in with a login ID and password as a Low Security user, they will not have the privileges of a Power User.
View Local Users
- Log on to the Management Console.
- Go to Users > Local Users.
All the users created so far will be visible on this page in a tabular form with the following information: 
| Field | Description |
|---|---|
| User ID | Displays the user ID used to log in to HySecure. |
| User Name | Displays the user name entered while adding the user. |
| Displays the Email ID entered for the user while adding. | |
| Role | Displays the role assigned to the user such as Security Officer, Low/High Security User, Administrator, or Monitoring User. For more information on each role, check the User Roles section. |
| ID | Displays the user number generated by the system. |
| Account Enabled | Displays the status of the account whether enabled (ticked) or disabled (blank). |
Search for a Local User
In case there are a large number of local users, the administrator can filter or search a particular user based on any one of the following fields:
- User ID
- User Name
- Role
- User Status
Filter the search for a user based on any of the above-mentioned parameters except the system-generated ID.
Add/Create a User
- Log on to the Management Console.
- Go to Users > Local Users and click Add.
| Field | Description |
|---|---|
| User Name | Enter the given name of the user. |
| User E-mail Address | Enter the complete Email address associated with the user. |
| Administrator E-mail Address | Enter the complete Email address associated with the administrator. |
| Mobile number | Enter the complete mobile number to which the messages will be sent. |
| Role | Select the role, that is to be assigned to the user from the drop-down list. Note that High Security User and Low Security User are created to provide application access, whereas the primary function of the Administrator, Security Officer, and Monitoring User is to manage the system. |
| User must change password at next logon | Check this box to force the user to change the password at the next login. |
| Password never expires | Check this box to set a non-expiring password for the user. |
| Send details via email | Check this box to email the authentication details, except the password, to the user’s E-mail Address. |
| Send details on mobile | Check this box to send authentication details via SMS to the user’s mobile number. |
| Account is disabled | Check this box to temporarily disable a new user account. |
| Account expires on | The Administrator can set an expiration date when the account will automatically expire. After the given date the user account will get disabled. This option is applicable only for the basic authentication and certificate users. Note that this option does not apply to Security Officers and Administrators. |
| Password expires after | Enter the number of days to set the timeline for user password expiration. The password will expire after the number of days specified here. Note that this option will not be available if the Password never expires check box is selected. |
Login details
| Field | Description |
|---|---|
| User ID | Enter the user ID, which the user will use to log in to the HySecure Gateway. This does not apply to Machine-Class users. |
| Password | Enter the password used to log into the HySecure Gateway. |
| Confirm Password | Re-enter the password to confirm. |
| Subscribed User Groups | Click Subscribe User to User Group to assign the user to local groups. A dialog box will appear with all the available groups to add. |
Click Submit to Create the user successfully.
Note
All High Security Users must enroll to access the Gateway.
Modify User Details
To modify a user's details, select them on the Local Users page and click Modify. Make the necessary changes and click Submit.
The changes will be effective once the user logs in the next time.
Note
The Username, User ID, and Role cannot be changed.
Reset Passphrase
Steps to reset a certificate user's passphrase:
- Go to the Local Users.
- Select the user whose passphrase needs to be reset.
- Click on the Reset Passphrase.
- The new passphrase will be sent to the user's email address.
Note
To reset the passphrase, the user should be enrolled for the passphrase.`
Delete a User
On the Local Users page, select the user to be deleted and click Delete. Upon confirmation, the user would be deleted.
Import Users
Note
Import Users only works with Low Security users who log in using usernames and passwords.
- Log on to the Management Console.
- Go to Users > Local Users and click Import.
- Choose the .csv file by clicking Choose File.
-
Select one of the following import preferences:
-
Don't update existing users accounts: Select this option if the existing user accounts are not to be updated.
-
Update existing users accounts and append new ones (if any): Select this option if the existing user accounts are to be updated and new accounts are to be added.
-
Replace all user accounts: Select this option if all the existing low security users are to be replaced by the users uploaded from the .csv file.
-
Export Users List
- Log on to the Management Console.
- Go to Users > Local Users and click Export. The list of users will be exported and downloaded in a CSV file format.