Recently Viewed Topics
Path: Users > Users
You can create more than one Administrator per SecurityCenter, and you can create multiple Security Managers per organization. Tenable™ recommends you make at least one TNS-authenticated Administrator and Security Manger user per organization. If the LDAP service becomes unavailable, you can still log in.
User Account Options
When adding a new user, different options appear on the Add User page for Administrators and Security Managers. The options you see depend on your selections within other options.
The role assigned to the user. For more information, see User Roles.
A user may only create new users with permissions that the creating user currently has. For example, if a user is an Auditor, they can create new Auditors or lesser roles.
Note: Administrator users can create Administrator or Security Manager user accounts. All other users can create user accounts at their own privilege level or lower. For example, if a Custom Role user has the Create Policies privilege but not the Update Feeds privilege, that user can create users with the Create Policies privilege, but not the Update Feeds privilege.
The group where you want to assign the user account. A user's group determines their access to SecurityCenter resources.
|Organization||The organization where you want to assign the user account.|
|First Name / Last Name||(Optional) The given first name and last name for the user.|
|Username / Password (TNS only)||
The username and password for the user account.
When selecting a username, it is sometimes easier to focus on the person’s real name as a convention (e.g., Bob Smith would become bsmith). However, it may also be useful to assign names based on role, such as auditNY.
Note: The username value is case-sensitive.
Tip:Tenable™ recommends using passwords that meet stringent length and complexity requirements.
The type of authentication you want to perform on the user:
If you have not configured an LDAP server within your organization, the Type option is hidden and TNS authentication is performed.
|User Must Change Password (TNS only)||
When enabled, the user must change their password upon initial login.
|LDAP Server (LDAP only)||The server you want to use to authenticate the user.|
|Search String (LDAP only)||
The LDAP search string you want to use to filter your user search. Use the format: attribute=<filter text>. You can use wildcards, and the option accepts up to 1024 characters.
|LDAP Users Found (LDAP-only)||
A filtered list of LDAP user accounts retrieved by the Search String. Your selection in this option populates the Username option.
The username, populated by your LDAP Users Found selection. This username must match a user on the LDAP server in order to authenticate successfully.
|Time Zone||The time zone for the user.|
|Scan Result Default Timeframe||
The default Completion Time filter you want applied when the user accesses or refreshes the scan results page.
(Optional) When enabled, SecurityCenter caches plugin policy information and performs plugin policy downloads once per page load.
This sets the default permissions the user has assigned when you add the user to a new group.
If both Manage Objects and Manage Users are enabled, the user has those permissions for all subsequent groups to which the user is assigned.
If one or both are disabled, each subsequent new group has those permissions by default, and you may modify the permissions on a group by group basis.
(Optional) Assigns a user to an asset list for which the user is responsible. Assigning a user to an asset list makes it easier to determine who in a Group or Organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.
|Contact Information||(Optional) The contact information for the user.|