Authentication Options and Adding User Accounts

Learn about user authentication options and how to add and configure user accounts and permissions in Oracle Communications Unified Assurance.

About Configuring Users, Permissions, Authentication, and Security

Use the AAA configuration interfaces to create and edit users, set up user permissions, configure authentication, and manage security.

To configure access to Unified Assurance:

1. Configure the authentication types you want to use.

2. Create roles to define permissions.

3. Create user groups and assign roles to them.

4. Create users and add them to groups. The users are automatically granted permissions based on the role assigned to their group.

Unified Assurance includes default users, roles, and groups that you can clone or edit for your organization's needs. Before you begin, define the initial user groups that you will need, and identify what each group should be able to access within Unified Assurance.

About Authentication Types

You configure the following user authentication methods in the Authentication Types UI:

• Internal: Used for backup accounts and environments without external authentication. This is enabled by default. You cannot create more than a single internal instance, and you cannot delete it. The concept of transient users does not apply.

• Active Directory: Used for Microsoft Active Directory integration. You can create multiple instances of this authentication type, and it can support transient users.

• LDAP: Used for OpenLDAP integration. You can create multiple instances of this authentication type, and it can support transient users.

• SAML: Used for SAML integration. You can create multiple instances of this authentication type, and it can support transient users.

See Configuring External Authentication Types for information about how to support transient users and multiple authentication types, and the required information and configurations for each authentication type.

About Roles

You use roles, managed in the Roles UI, to control the permissions for user groups.

You can customize permissions for user groups for each individual UI in Unified Assurance. For example, a user may have full create, read, update, and delete access to everything in events-related UIs, read-only access to the Dashboards UI, and be denied access to the Broker Scheduled Jobs and Services UIs.

Unified Assurance includes default roles to get you started. You can customize them or add new ones to meet your needs.

To see or edit permissions granted by roles:

1. From the main navigation menu, select Configuration, then AAA, then Roles, and then select a role.

   See Roles in Unified Assurance User's Guide for information about this UI.

   The Role (edit) form appears.

2. In the form, under Permissions, review the permissions selected for the role. You can toggle between selected and available permissions.

3. Deselect or select permissions as needed.

4. Click Submit to save any changes.

About User Groups

You use groups, managed in the User Groups UI, to organize users. User groups let you control permissions for multiple users with a single administration element. You can assign different permissions to different groups based on their role in the system, their specific customer devices, or their default dashboard view.

Unified Assurance includes default user groups to get you started. You can customize them or add new ones to meet your needs.

To see or edit user groups:

1. From the main navigation menu, select Configuration, then AAA, then User Groups, and then select a user group.

   See User Groups in Unified Assurance User's Guide for information about this UI.

   The User Group (edit) form appears.

2. In the Properties section, configure which elements the group members have access to, such as device groups, event filter groups, and dashboard groups.

3. In the Preferences section, configure the group preferences, such as the default navigation interface to open when a user logs in, the refresh rate of the UI, and the default time zone for the group members.

   Use the lock icon to lock the preferences, which prevents users from changing their preferences when they log in.

4. In the Users section, toggle between available and selected users and click the Add, Add All, Remove, and Remove All buttons to add or remove users to or from the group.

5. Click Submit to save any changes.

About Unified Assurance Users

Unified Assurance includes three default user accounts:

• Administrator: Full read and write access to every element of Unified Assurance. The first time you log in, you must change the default password for this account.

• Operator: Read-only access

• API User: Full read and write access, other than the Delete permission, for most areas of the application to allow external applications to interact with Unified Assurance without logging in

You use the Users UI to manage users. See Users in Unified Assurance User's Guide for information about this UI.

You can select an existing user to edit its properties, and you can use the UI button bar to:

• Add a new user. Click the Add button to open the User (New) form. Fill in the form and click Submit to add the new user to the system.

• Clone an existing user. Select a user and click the Clone button to create a cloned copy of the selected user. Make changes in the form and click Submit to add the cloned user to the system.

• Delete a user. Select a user and click the Delete button to remove the selected user from the system.

Changing the Default Administrator Password

To change the default administrator password:

1. From the main navigation menu, select Configuration, then AAA, and then Users.

   See Users in Unified Assurance User's Guide for information about this UI.

2. Select the Administrator user.

   The User (edit) form appears.

3. In the password fields, enter your new administrator password and re-enter it to confirm.

4. Click Submit to save the changes.

Creating an Example Role, Group, and User

This procedure describes how to set up an example role, group, and user, and validate the settings and permissions based on the default Operator role, group, and user.

1. Log in to the Unified Assurance UI as the Administrator user.

2. Create the role:

   1. From the main navigation menu, select Configuration, then AAA, and then Roles.

      See Roles in Unified Assurance User's Guide for information about this UI.

   2. Select the Operator role and click Clone.

      The Role (New) form opens with the Operator role details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • Role Name: Example Role

      • Description: Example Role for demonstration purposes

      • In the Selected section, beside Jobs, select Create and Update.

   4. Click Submit to save the new role.

3. Create the user group:

   1. From the main navigation menu, select Configuration, then AAA, and then User Groups.

      See User Groups in Unified Assurance User's Guide for information about this UI.

   2. Select the Operators user group and click Clone.

      The User Group (New) form opens with the Operators user group details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • User Group Name: Example Group

      • Role: Example Role

   4. Click Submit to save the new user group.

4. Create the user:

   1. From the main navigation menu, select Configuration, then AAA, and then Users.

      See Users in Unified Assurance User's Guide for information about this UI.

   2. Click Add.

      The User (New) form opens.

   3. Fill out the following form fields in the form, leaving the other fields as they are:

      • Username: Example

      • Full Name: Example User

      • Password/Repeat Password: A password of your choice.

      • User Group Name: Example Group

      • Status: Enabled

   4. Click Submit.

5. Validate the settings:

   1. Log out of the Unified Assurance UI, and log back in using the new Example user credentials.

   2. Notice that the Links navigation pane is open to the left by default, as specified in the Preferences section of the Example group.

   3. From the Configuration menu, select AAA, then select Roles.

   4. Notice that the Add, Clone and Delete buttons are missing, because the Example user has read-only access, as set in the Example role assigned to the Example group.

   5. From the Configuration menu, select Broker Control.

   6. Notice that the Licensing page is not visible, because the Example user has no permission to access it.

   7. From the Configuration menu, select Broker Control, and then Jobs.

      See Jobs in Unified Assurance User's Guide for information about this UI.

   8. Notice that the Add and Clone buttons are visible, because the Example user has read, write, and update permission for this page.

AAA Properties and Preferences

This section describes the properties and preferences that you can set in the AAA UIs to customize the user experience in Unified Assurance.

User Properties

User properties are additional settings applicable to the user.

The following table contains user properties:

User Group Properties

User group properties let you customize viewing and multitenant restrictions for users within the user group. You can use these properties to set up different views in multitenant environments, so that users see only the devices or data pertinent to them.

For any properties that are not set, users in the group have an unrestricted view of items related to that property. For example, if you don't set RestrictiveDeviceGroupID, users in the user group will be able to view devices in all device groups.

The following table contains user group properties that you can set for user groups:

Preferences

Preferences are a set of common settings between both user and their user group that control the user experience and how the Unified Assurance UI is used. Users inherit preference settings from their user group, but these defaults can be overridden on a per-user basis. Administrators can also lock preferences, which prevents users from overriding the preferences and creates a more unified environment for the users in that group.

The following table contains preferences that you can set for users and user groups: