Security

View, create, or modify Administrators and Roles, enable OIDC or SAML providers, and assign permissions to Roles. Changes made here affeect all licensed Tenable Patch Management products.

Access Security Settings

  1. Select UUID-75e83e2e-a225-b294-2a57-715f08a78073.png on the upper right of the Admin Portal dashboard.

  2. Select Settings > Security > Administrator to manage accounts, roles, OIDC Providers, SAML Providers, and Class Permissions.

View Administrators

  1. Select the Administrators tab of Security Settings.

    UUID-8862911a-7020-2aeb-3eb2-69000fe18b29.png

  2. Select Show All to list all Administrators in the selected folder.

Create a New Administrator

  1. Select an Administratorss tab of Security Settings, and then select + NEW to open the new administrator template.

    UUID-144397ef-f8f7-6cd5-f02d-726e7c327276.png

  2. Enter the Administrator Details:

    1. Select the Admin Type login from the list. You can choose from the following login options:

      1. Native login: Enter a username and password in the format of an email address. The email address does not need to be valid or able to receive mail. However, Tenable recommends entering a valid email when using Tenable Patch Management, or if you need to reset forgotten passwords.

        Note: Strong passwords are enforced for Tenable accounts. The password must be at least 10 characters long and contain at least one digit, an uppercase letter, and a lowercaseletter.

      2. Windows Active Directory account: Enter the email address of the domain account.

      3. OIDC-enabled account: Enter the NETBIOS domain name and account name of the user. For more information on OIDC, review the Enable OIDC on a Tenable Patch Management Server Knowledge Base article.

      4. SAML-enabled account: Enter the NETBIOS domain name and account name of the user. For more information on SAML, review the Enable SAML on a Tenable Patch Management Server Knowledge Base article.

  3. Enter the User Details:

    1. Enter the First Name and Last Name for the new administrator.

    2. Complete the additional contact information fields as required.

      Note: A red asterisk next to a field indicates a required field.

      UUID-63ba0e68-83c1-5de9-7d72-87f8023a138c.png

  4. Assign Direct Roles:

    1. Select + Manage Roles.

      UUID-78ad89fc-7e0d-c9c5-3b79-b11d07a9a743.png

    2. Select one or more roles for the new administrator:

      • High level roles include Read-only Admin Role and Super Admin Role.

        UUID-b94fe1f1-b725-27ef-2373-eda56b3072f4.png

    3. Select Manage Roles on the bottom-left corner of the dialog to return to the administrator details workspace.

  5. Select Save at the top left to save the new administrator.

    Note: The steps to manage Administrators and Roles may differ for those using Tenable Patch Management Self-hosted. For more information, refer to the Tenable Patch Management - SaaS Deployment vs Tenable Patch Management Self-hosted Customer FAQ.

View Roles

  1. Select the Roles tab of Access Security Settings.

    UUID-ae370658-8d15-a53d-23a7-2a59da13983b.png

Create a New Role

  1. Select the Roles tab of Security Settings, and then select + NEW to open a new Role template.

    UUID-867a482b-499d-723a-86f8-38da7c6ceff3.png

  2. Enter a Role Name and a detailed Role Description in the Role Properties workspace.

    UUID-49a2529f-1015-680b-92b8-9fd3d0ad029d.png

  3. Add one or more Direct Administrators or Group Administrators in the Role Membership section:

    1. Add an existing Direct Administrator.

      UUID-776cb7d2-56f7-a777-6979-976a6adf53b6.png

    2. Select Add Administrators to open the Add Administrators dialog.

    3. Select one or more administrators from the table for the new role.

      UUID-6870e93b-596c-2530-4249-3f23173a32f7.png

    4. Select Add Administrators to return to the Role template.

  4. Add an existing AD Group (Active Directory):

    1. Select Add AD Group to open the Active Directory Group dialog.

      UUID-66b331aa-5d86-25c2-2c06-ebe305423bd6.png

    2. Enter the Domain Name and Group Name, and then select Check Group to return the members of the group.

      All members are added to the role.

      UUID-3ad1ea03-6e63-273b-8252-d6581ff349a6.png

    3. Select Add AD Group to return to the Role template.

  5. Select Save at the top-left to save the new role.