Purpose
This document describes how to create a user on HIAB/OUTSCAN.
Introduction
The Manage Users module allows for viewing and editing of all the users that you are allowed to administer in the system. As the main user you can add and manage more users as well as create and assign user roles.
Prerequisites
User Roles need to be created before the user to be available for selection.
See User Roles for more information on how to create roles.
Create a User
To create a user:
-
Click Main Menu > Settings > Manage User.
-
In the Manage User Accounts window select User Accounts tab.
The buttons at the top center of the screen ids used to create, delete, or import users from LDAP/AD.
The Import from LDAP/AD function is only available on HIAB. See LDAP/AD user guide for more information on setting up and mapping users in LDAP.
-
Click + New to create a user.
-
In the Maintaining User Account window, fill in the Account Details and Login Details.
In the grid on the lower half of Maintaining User Account window, the account access and rights can be further set up in the different tabs. Note that the tabs differs depending on your license.
Account Details
|
Option |
Description |
|---|---|
|
Parent Account |
Sets the parent account, could be used to create hierarchy structures. |
|
First name |
The first name of the user. |
|
Last name |
The last name of the user. |
|
|
A valid email address to the user. |
|
Mobile number |
The mobile number of the user. |
|
Country |
The country of the user. |
|
State |
The state of the user (Active if Country is United States). |
|
Email PGP public key |
Select PGP public key or click the + sign to upload a PGP key.
|
Login Details
|
Option |
Description |
|---|---|
|
Authentication
(HIAB Only) |
Choose if the user credentials should be verified against the local database or the defined LDAP or Active Directory server. |
|
Username |
Enter a username. |
|
Password |
Enter a password, or generate a password using the password button. Passwords are generated according to the password policy located in the Security Policy tab under Main Menu > Settings > Account. See section Password Policy in Account Settings document for information on how to set password policies. |
|
Password again |
Confirm the password by re-typing in this field. |
|
Require password change on next logon |
If enabled, forces the user to change his/her password the next time they log in to the system. |
|
2-Factor Authentication |
If enabled, you may set up the mode of authentication from here. Mobile Security Code or Google Authenticator can be used for authentication. The method used for authentication can be limited, depending on the options configured for two factor authentications in the security policy. When Google authentication is selected, you will be asked to enter the credential ID which is used to set up the account. |
-
In Account Settings tab you can deactivate an account and set the users notification.
|
Option |
Description |
|---|---|
|
Active |
Activate or deactivate account. |
|
Super User |
A user with Super User enabled will have the same rights as the main account (which is unrestricted). |
|
Receive System Notifications |
When Super User is active, the user can receive system notifications, or have it deactivated. |
|
Allow Enroll HIAB |
Allow the user to enroll HIABs. |
|
Send Informative Email |
If Send Informative Email is activated, then the system will send an email to the sub user when their account has been changed. |
|
Escalate tickets to |
The Escalate tickets to drop down menu allow you to define who should receive any tickets which has not been resolved prior to its due date (which were assigned to this specific user). |
-
Assign the user with one or more Granted User Roles otherwise the user will not be allowed to perform any actions in the system.
For more information on how to create user roles, see User Roles.
-
In the Granted Targets tab, you can define which targets and scanners (if enabled) the user should have access to.
-
Not all Targets Granted limits the target groups and targets a user can see and administrate. The target list feature should be used sparsely since it create an overhead when it comes to administrative task in the long run. The only time you should use this feature is when you would like to grant access to a whole IP range without having to define all targets within the system.
-
Not all Scanners Granted works in a similar way as Not all Target Granted and limits the scanners a user can see and administrate.
-
-
Once the user has been set up, click Save.
Related Articles
- Windows 10/Windows 2019 Server
- HIAB Updates
- General Information about SMB/WinRM Scanning
- Change Risk Levels
- Removing an Agent from Windows
- ServiceNow - Legacy
- Windows 8.1
- Netsec Filters
- Discovering the Agent in OUTSCAN
- Technical Specification
- Account Settings
- How to Test SMB Authentication
- Windows 2016 Server
- Identity Provider Settings
- HIAB Server Settings
- Installing a Linux Agent
- Okta Identity Provider Configuration
- Scanning-Less Scanning
- Check Connectivity to Agent Server
- Scan Scheduling Errors
- Overview
- Event Notification Module
- HIAB Maintenance Settings
- HIAB Deployment Guide
- Database Connector (HIAB only)
- Azure AD Identity Provider Configuration
- Add Comments
- Target Groups
- Checking if Agent is Running
- Core Installation
- Windows 2008 R2 Server
- Agent Installation Introduction
- Automatic Asset Joining With Netsec
- Manage Users
- Firewall Setup for Agents
- Scanning Range
- SNMP (HIAB only)
- ADFS Identity Provider Configuration
- Splunk
- Agent Call Home
- Advanced Report Filters
- Accept Risks
- SMB Authentication from OUTSCAN/HIAB
- Virtual HIAB Appliance
- Using the Agent Info Command
- Amazon
- User Roles
- Removing an Agent from Linux
- Retrieving the Agent UUID
- Atlassian Jira
- Understanding Scanner and Scheduler
- Finding the Agent Version
- Create and Edit Event Notifications
- Installing a macOS Agent
- Syslog (HIAB only)
- Setting Up an Agent Using System Proxy
- ServiceNow - App
- Thycotic
- DNS Lookup in UI and in Console
- HIAB Console
- Auditing Guide
- Adding Agent Attributes
- HIAB Distribution Settings
- Run Verification Scans
- Agent Latest Version
- Finding New Agents In OUTSCAN
- Setting up a HIAB as an Appsec Scale Scanner
- Hardening the HIAB
- Performing a PCI DSS Scan
- Two Factor Authentication
- Attributes
- Firewall Rules
- HIAB Enrollment
- Supported Platforms for Authenticated SSH Scanning
- Authenticated Scanning Using WinRM
- OneLogin Identity Provider Configuration
- Windows 7
- HIAB Remote Support
- Compliance Scanning
- Manage Targets
- Assign Tasks
- Authenticated Scanning Using SSH
- Tickets Quick Start Guide
- Retrieving Results From the Agent in OUTSCAN
- Appliance Logs
- Converting Normal with Webapp Scans (Netsec) to Portal Workflows
- Updating the Agent
- Troubleshooting SMB Authentication
- Agent Licensing
- Mark as False Positives
- Installing a Windows Agent
- Using Farsight in Netsec
- Testing Target System for Open TCP Ports
- HIAB Restore
- Scan Stages
- Request Clarifications
- HIAB Setup Guide
- Updating Agent Attributes
- CyberArk
- LDAP/AD
- Checking if the Agent has Produced Results
- ArcSight (HIAB only)
- HIAB E-mail Whitelisting
- Adjust Identity Provider SAML Metadata File
- Scanning Critical Industrial Devices/Machines
- Reporting Tools
- Scan Scheduling
- Scanning Performance and Impact Tuning
- PCI Compliance Scanning
- Configuring and Accessing the HIAB console using SSH
- User Groups
- Create Users
- HIAB Remote SSH Guide
- Download Agents
- Create Targets
- Windows 2012 R2 Server
- HIAB Backup
- Report Scheduling
- Access Tokens
- O24AUTH
- Complementary Authenticated Scan on Default Credentials
- Authenticated Scanning Using SMB
- Dynamic Target Group