Authentication Options and Adding User Accounts

Learn about user authentication options and how to add and configure user accounts and permissions in Oracle Communications Unified Assurance.

About Configuring Users, Permissions, Authentication, and Security

Use the AAA configuration interfaces to create and edit users, set up user permissions, configure authentication, and manage security.

To configure access to Unified Assurance:

1. Configure the authentication types you want to use.
2. Create roles to define permissions.
3. Create user groups and assign roles to them.
4. Create users and add them to groups. The users are automatically granted permissions based on the role assigned to their group.

Unified Assurance includes default users, roles, and groups that you can clone or edit for your organization's needs. Before you begin, define the initial user groups that you will need, and identify what each group should be able to access within Unified Assurance.

About Authentication Types

You can configure Unified Assurance to use the following user authentication methods using the Authentication Types configuration interface:

• Internal: Used for backup accounts and environments without external authentication. This is active by default.

• Active Directory - Used for Microsoft Active Directory integration.

• LDAP - Used for OpenLDAP integration.

• SAML - Used for SAML integration.

Information Required for Using External Authentication Types

If you are using external authentication, gather the following information before setup:

• Active Directory:

  • The primary and secondary server IP addresses or DNS names

  • The domain suffix

  • The CA certificate, if you are using a secure connection

• LDAP:

  • The primary and secondary server IP addresses or DNS names

  • The distinguished name

  • The CA certificate, if you are using a secure connection

  • Optionally, the LDAP port

• SAML:

  • The SAML IDP Entity ID link

  • The Single SignOn service link

  • The Single Logout service link

  • The IDP certificate data

  • The NameID format

• Gather user account names. The user names you create in Unified Assurance must match those used in the external authentication source.

About Roles

You use roles to control the permissions for user groups in the Roles interface.

You can customize permissions for a user group for each individual user interface in Unified Assurance. For example, a user may have full create, read, update, and delete access to every Events interface, read-only access to the Dashboard interface, and be denied access to the Broker Scheduled Jobs and Services interfaces.

To see or edit permissions granted by roles:

1. Navigate to the Roles UI and select a role.

   Configuration -> AAA -> Roles

   The Role (edit) form opens to the right of the grid.

2. In the form, under Permissions, review the permissions selected for the role. You can toggle between selected and available permissions.

3. Deselect or select permissions as needed.

4. Click Submit to save any changes.

About User Groups

You use groups to organize users in the User Groups interface. A user group lets you control permissions for multiple users with a single administration element. You can assign different permissions to different groups based on their role in the system, their specific customer devices, or their default dashboard view.

To see or edit user groups:

1. Navigate to the User Groups UI and select a user group.

   Configuration -> AAA -> User Groups

   The User Group (edit) form appears to the right of the grid.

2. In the Properties section, configure which elements the group members have access to, such as device groups, event filter groups, and dashboard groups.

3. In the Preferences section, configure the group preferences, such as the default navigation interface to open when a user logs in, the refresh rate of the UI, and the default time zone for the group members.

   Use the lock icon to lock the preferences, which prevents users from changing their preferences when they log in.

4. In the Users section, toggle between available and selected users and click the Add, Add All, Remove, and Remove All buttons to add or remove users to or from the group.

5. Click Submit to save any changes.

About Unified Assurance Users

Unified Assurance has three default user accounts:

• Administrator: Full read and write access to every element of Unified Assurance. The first time you log in, you must change the default password for this account.

• Operator: Read-only access

• API User: Full read and write access, other than the Delete permission, for most areas of the application to allow external applications to interact with Unified Assurance without logging in

You can select an existing user to edit its properties, and you can use the UI button bar to:

• Add a new user. Click the Add button to open a blank User (New) form to the right of the grid. Fill in the form and click Submit to add the new user to the system.

• Clone an existing user. Select a user and click the Clone button to create a cloned copy of the selected user. Make changes in the form and click Submit to add the cloned user to the system.

• Delete a user. Select a user and click the Delete button to remove the selected user from the system.

Changing the Default Administrator Password

To change the default administrator password:

1. Navigate to the Users UI, and select the Administrator user.

   Configuration -> AAA -> Users

   The User (edit) form opens to the right of the grid.

2. In the password fields, enter your new administrator password and re-enter it to confirm.

3. Click Submit to save the changes.

Creating an Example Role, Group, and User

This procedure describes how to set up an example role, group, and user, and validate the settings and permissions based on the default Operator role, group, and user.

1. Log in to the Unified Assurance UI as the Administrator user.

2. Create the role:

   1. Navigate to the Roles UI.

      Configuration -> AAA -> Roles

   2. Select the Operator role and click the Clone button.

      The Role (New) form opens with the Operator role details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • Role Name: Example Role

      • Description: Example Role for demonstration purposes

      • In the Selected section, beside Jobs, select Create and Update.

   4. Click Submit to save the new role.

3. Create the user group:

   1. Navigate to the User Groups UI.

      Configuration -> AAA -> User Groups

   2. Select the Operators user group and click the Clone button.

      The User Group (New) form opens with the Operators user group details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • User Group Name: Example Group

      • Role: Example Role

   4. Click Submit to save the new user group.

4. Create the user:

   1. Navigate to the Users UI.

      Configuration -> AAA -> Users

   2. Click the Add button.

      The User (New) form opens.

   3. Fill out the following form fields in the form, leaving the other fields as they are:

      • Username: Example

      • Full Name: Example User

      • Password/Repeat Password: a password of your choice

      • User Group Name: Example Group

      • Status: Enabled

   4. Click Submit.

5. Validate the settings:

   1. Log out of the Unified Assurance UI, and log back in using the new Example user credentials.

   2. Notice that the Links navigation pane is open to the left by default, as specified in the Preferences section of the Example group.

   3. From the Configuration menu, select AAA, then select Roles.

   4. Notice that the Add, Clone and Delete buttons are missing, because the Example user has read-only access, as set in the Example role assigned to the Example group.

   5. From the Configuration menu, select Broker Control.

   6. Notice that the Licensing page is not visible, because the Example user has no permission to access it.

   7. From the Configuration menu, select Broker Control, then select Jobs.

      Configuration -> Broker Control -> Jobs

   8. Notice that the Add and Clone buttons are visible, because the Example user has read, write, and update permission for this page.

AAA Properties and Preferences

This section describes the properties and preferences that you can set in the AAA UIs to customize the user experience in Unified Assurance.

User Properties

User properties are additional settings applicable to the user.

The following table contains user properties:

User Group Properties

User group properties let you customize viewing and multitenant restrictions for users within the user group. You can use these properties to set up different views in multitenant environments, so that users see only the devices or data pertinent to them.

For any properties that are not set, users in the group have an unrestricted view of items related to that property. For example, if you don't set RestrictiveDeviceGroupID, users in the user group will be able to view devices in all device groups.

The following table contains user group properties that you can set for user groups:

Preferences

Preferences are a set of common settings between both user and their user group that control the user experience and how the Unified Assurance UI is used. Users inherit preference settings from their user group, but these defaults can be overridden on a per-user basis. Administrators can also lock preferences, which prevents users from overriding the preferences and creates a more unified environment for the users in that group.

The following table contains preferences that you can set for users and user groups: