TOC & Recently Viewed

Recently Viewed Topics

User Accounts

Path: Users > Users

The Users page displays the user accounts on SecurityCenter. You can sort the columns or apply filters to locate specific user accounts.

More than one Administrator can be created per SecurityCenter, and multiple Security Managers may be created per organization. It is recommended to make at least one TNS-authenticated Administrator and Security Manger user per organization. If the LDAP service becomes unavailable, you can still log in.

User Account Options

When adding a new user, the Add User page is different for Administrators and Security Managers and the options you see depend on your selections within other options.

Option Description
Role

The role assigned to the user. For more information, see User Roles.

A user may only create new users with permissions that the creating user currently has. For example, if a user is an Auditor, they can create new Auditors or lesser roles.

Note: Administrator users can create Administrator or Security Manager user accounts. All other users can create user accounts at their own privilege level or lower. For example, if a Custom Role user has the Create Policies privilege enabled and Update Feeds privilege disabled, that user can create users with the Create Policies privilege, but not the Update feeds privilege.

Group

The group where you want to assign the user account. A user's group determines their access to SecurityCenter resources.

Organization The organization where you want to assign the user account.
First Name / Last Name (Optional) The given first name and last name for the user.
Username / Password (TNS only)

The username and password for the user account.

When selecting a username, it is sometimes easier to focus on the person’s real name as a convention (e.g., Bob Smith would become bsmith). However, it may also be useful to assign names based on role, such as “auditNY”.

Note: The username value is case-sensitive.

Tip:Tenable™ recommends using passwords that meet stringent length and complexity requirements.

Type

The type of authentication you want to perform on the user:

  • Tenable Network Security (TNS)
  • Lightweight Directory Access Protocol (LDAP)

If no LDAP server is configured within your organization, the Type option is hidden and TNS authentication is performed.

User Must Change Password (TNS only)

When enabled, the user is prompted to change their password after initial login.

LDAP Server (LDAP only) The server you want to use to authenticate the user.
Search String (LDAP only)

The LDAP search string you want to use to filter your user search. Use the format: “attribute=<filter text>”. Wildcards are permitted and the option accepts up to 1024 characters.

Examples

sAMAccountName=*

mail=a*

displayName=C*

LDAP Users Found (LDAP-only)

A filtered list of LDAP user accounts retrieved by the Search String. Your selection in this option populates the Username option.

Username (LDAP-only)

The username, populated by your LDAP Users Found selection. This username must match a user on the LDAP server in order to authenticate successfully.

Time Zone The time zone for the user.
Enable Cached Fetching (Optional) When enabled, SecurityCenter caches plugin policy information and performs plugin policy downloads once per user session.

Group

This sets the default permissions the user gets assigned when added to a new group.

If both Manage Objects and Manage Users is enabled, the user will have those permissions for all subsequent groups to which they are assigned.

If one or both are disabled, each subsequent group will be added by default with those permissions and the permissions may be modified on a group by group basis.

Asset

(Optional) Assigns a user to an asset list for which the user is responsible for. Assigning a user to an asset list makes it easier to determine who in a Group or Organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.

Contact Information (Optional) The contact information for the user.

To add a TNS-authenticated user account as an Administrator:

  1. Log in to SecurityCenter using an Administrator account.
  2. Click Users > Users.
  3. Click Add.
  4. Select a Role.
  5. If you selected Security Manager as the Role, select an Organization.
  6. Optionally, type a First Name and Last Name.
  7. Type a Username and Password for the user.
  8. If the Type option is visible, select TNS.
  9. Optionally, enable User Must Change Password.
  10. Select a Time Zone.
  11. Optionally, enable Enable Cached Fetching.
  12. Optionally, type Contact Information for the user.
  13. Click Submit.

To add an LDAP-authenticated user account as an Administrator:

  1. Log in to SecurityCenter using an Administrator account.
  2. Configure an LDAP server, as described in LDAP Servers. If you want the new user to be a member of an organization, associate the LDAP server with an organization.

  3. Click Users > Users.
  4. Click Add.
  5. Select a Role for the user account.
  6. If you selected Security Manager as the Role, select an Organization for the user account. You must select an organization with an associated LDAP server.
  7. Optionally, type a First Name and Last Name for the user.
  8. Select a Type: LDAP.
  9. Select the LDAP Server where you want to authenticate the user.
  10. Type a Search String to find existing users on the LDAP server.
  11. Click Search.

    The page displays the LDAP Users Found by the LDAP search string.

  12. Select an LDAP user from the LDAP Users Found drop-down box.

    The page populates the Username option with your selection.

  13. View the Username. Tenable™ does not recommend modifying the Username since it must match the username on the LDAP server.
  14. Select a Time Zone.
  15. Optionally, enable Enable Cached Fetching.
  16. Optionally, type Contact Information for the user.
  17. Click Submit.

To add a TNS-authenticated user account as a Security Manager:

  1. Log in to SecurityCenter using a Security Manager account.
  2. Click Users > Users.
  3. Click Add.
  4. Optionally, type a First Name and Last Name for the user.
  5. If the Type option is visible, select TNS.
  6. Type a Username and Password for the user.
  7. Optionally, enable User Must Change Password.
  8. Select a Time Zone.
  9. Optionally, enable Enable Cached Fetching.
  10. Select a Role. For more information, see User Roles.
  11. Select a Group. For more information, see Organizations and Groups.
  12. Optionally, if you want to customize the group-related permissions for the user, modify the Group Permissions.
  13. Optionally, if you want to share an asset list with the user, select an Asset. For more information, see Assets.
  14. Optionally, type Contact Information for the user.
  15. Click Submit.

To add an LDAP-authenticated user account as a Security Manager:

  1. Log in to SecurityCenter using a Security Manager account.
  2. Confirm that an Administrator configured an LDAP server, and that the LDAP server was associated with the organization where you want to create a user account.
  3. Click Users > Users.
  4. Click Add.
  5. Optionally, type a First Name and Last Name for the user.
  6. If the Type option is visible, select LDAP.
  7. Select the LDAP Server where you want to authenticate the user.
  8. Select an LDAP user from the LDAP Users Found drop-down box.

    The page populates the Username option with your selection.

  9. View the Username. Tenable™ does not recommend modifying the Username since it must match the username on the LDAP server.
  10. Select a Time Zone.
  11. Optionally, enable Enable Cached Fetching.
  12. Select a Role. For more information, see User Roles.
  13. Select a Group. For more information, see Organizations and Groups.
  14. Optionally, if you want to customize the group-related permissions for the user, modify the Group Permissions.
  15. Optionally, if you want to share an asset list with the user, select an Asset. For more information, see Assets.
  16. Optionally, type Contact Information for the user.
  17. Click Submit.

To delete a user:

  1. Log in to SecurityCenter using an Administrator or Security Manager account.
  2. Click Users > Users.
  3. Click the gear icon next to the user you want to delete.
  4. Click Delete.

    The Delete User confirmation window appears.

  5. Optionally, click the slider to migrate the user's objects (e.g., scans and reports) to another user.

    Note: If you do not migrate the user's objects, SecurityCenter deletes the organization's objects.

  6. Click Delete.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.