User Account Options

You can configure the following options for Tenable Security Center user accounts. The available options depend on the user type, the user's role, and the role of the user adding or editing the user.

For more information about user accounts in Tenable Security Center, see User Accounts.

TNS User Account Options

To add a TNS-authenticated user, see Add a TNS-Authenticated User.

Option

Description

First Name

The user's first name.

Last Name

The user's last name.

Type

(If LDAP or SAML are configured) The type of authentication you want to perform on the user:

  • Tenable (TNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Security Assertion Markup Language (SAML)

You must configure an LDAP server or SAML authentication in order to select LDAP or SAML from the Type drop-down box.

Username

(Required) The username for the user account.

Note: The username value is case-sensitive.

Password

(Required) The password for the user account.

Tip:Tenable recommends using passwords that meet stringent length and complexity requirements.

For information about Tenable Security Center password data encryption, see Encryption Strength.

When editing a user, type a new password to change the password for the user account.

Confirm Password

(Required) When creating a user or changing a user's password, re-type the password for the user account.

Password Change

Click Change Password to change the password for the user account.

To change a user password:

  1. Begin editing a user account, as described in Manage User Accounts or Edit Your User Account.

  2. Click Change Password.

  3. In the Current Password box, type your password. If you do not have a password (for example, you have a SAML-authenticated or LDAP-authenticated user account), type any string of characters in this field.

  4. In the Password box, type a new password.
  5. In the Confirm Password box, type the new password again.
  6. Click Submit.

    Tenable Security Center saves your configuration.

Current Password

(If you click Change Password) Type your password. If you do not have a password (for example, you have a SAML-authenticated or LDAP-authenticated user account), type any string of characters in this field.

User Must Change Password

When enabled, the user must change their password upon initial login.

Account Locked

When enabled, the user cannot log in to Tenable Security Center. An administrator must unlock the user's account to allow them to log in.

Time Zone

(Required) The time zone for the user.

Scan Result Default Timeframe

The default Completion Time filter applied when the user accesses or refreshes the scan results page.

Cached Fetching

When enabled, Tenable Security Center caches plugin policy information and performs plugin policy downloads once per page load.

Password Expiration

Password Never Expires

When enabled, the user's password will never expire. Any password expiration settings at the user or organization level will not apply to this user.

Enable Password Expiration or Custom Password Expiration

When enabled, the user's password will expire after the number of days specified in the Expiration Days box.

When disabled, the user's password expiration settings will default to the organization settings. For more information about organization options, see Organizations.

The user will receive daily password expiration notifications at login, starting 14 days before the password expires. After the password expires, the user must change their password at the next login. For more information about Tenable Security Center notifications, see Notifications.

Expiration Days

The number of days before the user's password expires. You can enter a number between 1 and 365.

Membership

Role

(Required) The role assigned to the user. For more information, see User Roles.

Administrator users can create Administrator or Security Manager user accounts. Organizational users can create Auditor, Credential Manager, Executive, No Role, Security Analyst, Security Manager, or Vulnerability Analyst accounts at their own privilege level or lower. For example:

  • If a user is an Auditor, they can create new Auditors or lesser roles.
  • If a custom user has the Create Policies privilege but not the Update Feeds privilege, that user can create users with the Create Policies privilege, but not the Update Feeds privilege.

Organization

(Required) The organization where you want to assign the user account.

Group

(Required) The group where you want to assign the user account. A user's group determines their access to Tenable Security Center resources. For more information about groups, see Groups.

To grant a user limited privileges to other groups' resources, see Custom Group Permissions.

Group Permissions

Manage All Users

When enabled, allows the user to manage users in all of the user's assigned groups. For more information, see Custom Group Permissions.

Manage All Objects

When enabled, allows the user to manage objects in all of the user's assigned groups. For more information, see Custom Group Permissions.
Responsibility

Asset

Assigns a user to an asset list for which the user is responsible. Assigning a user to an asset list makes it easier to determine who in a group or organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.

Display Options

Dark Mode

When enabled, sets the Tenable Security Center user interface to dark mode for the user.

Contact Information

Title

The contact information for the user.

Address

City

State

Country

Email

Phone

LDAP User Account Options

You must configure an LDAP server to add LDAP-authenticated users. For more information, see LDAP Authentication.

To add an LDAP-authenticated user, see Add an LDAP-Authenticated User.

Option

Description

First Name

The user's first name.

Last Name

The user's last name.

Type

(If LDAP or SAML are configured) The type of authentication you want to perform on the user:

  • Tenable (TNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Security Assertion Markup Language (SAML)

You must configure an LDAP server or SAML authentication in order to select LDAP or SAML from the Type drop-down box.

LDAP Server

The LDAP server you want to use to authenticate the user.

Search String

The LDAP search string you want to use to filter your user search. Use the format: attribute=<filter text>. You can use wildcards, and the option accepts up to 1024 characters.

Examples

sAMAccountName=*

mail=a*

displayName=C*

LDAP Users Found

A filtered list of LDAP user accounts retrieved by the Search String. Your selection in this option populates the Username option.

The Username for this account must match a user on the LDAP server in order to authenticate.

If the user was created via LDAP user provisioning, the username on the LDAP server associated with the Tenable Security Center user account. If you select a username in the drop-down, Tenable Security Center overwrites the Tenable Security Center user account using information from the new LDAP user you selected. By default, this option is blank.

You do not need to configure this option to enable user provisioning or automatic synchronization of user data between your LDAP server and Tenable Security Center.

For more information, see LDAP User Provisioning.

Username

(Required) The username, populated by your LDAP Users Found selection. This username must match a user on the LDAP server in order to authenticate successfully.

Time Zone

(Required) The time zone for the user.

Scan Result Default Timeframe

The default Completion Time filter applied when the user accesses or refreshes the scan results page.

Cached Fetching

When enabled, Tenable Security Center caches plugin policy information and performs plugin policy downloads once per page load.

Membership

Role

(Required) The role assigned to the user. For more information, see User Roles.

Administrator users can create Administrator or Security Manager user accounts. Organizational users can create Auditor, Credential Manager, Executive, No Role, Security Analyst, Security Manager, or Vulnerability Analyst accounts at their own privilege level or lower. For example:

  • If a user is an Auditor, they can create new Auditors or lesser roles.
  • If a custom user has the Create Policies privilege but not the Update Feeds privilege, that user can create users with the Create Policies privilege, but not the Update Feeds privilege.

Organization

(Required) The organization where you want to assign the user account.

Group

(Required) The group where you want to assign the user account. A user's group determines their access to Tenable Security Center resources. For more information about groups, see Groups.

To grant a user limited privileges to other groups' resources, see Custom Group Permissions.

Group Permissions

Manage All Users

When enabled, allows the user to manage users in all of the user's assigned groups. For more information, see Custom Group Permissions.

Manage All Objects

When enabled, allows the user to manage objects in all of the user's assigned groups. For more information, see Custom Group Permissions.

Responsibility

Asset

Assigns a user to an asset list for which the user is responsible. Assigning a user to an asset list makes it easier to determine who in a group or organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.

Display Options

Dark Mode

When enabled, sets the Tenable Security Center user interface to dark mode for the user.

Contact Information

Title

The contact information for the user.

Address

City

State

Country

Email

Phone

SAML User Account Options

You must configure SAML authentication to add SAML-authenticated users. For more information, see SAML Authentication.

To add a SAML-authenticated user, see Add a SAML-Authenticated User.

Option

Description

First Name

The user's first name.

Last Name

The user's last name.

Type

(If LDAP or SAML are configured) The type of authentication you want to perform on the user:

  • Tenable (TNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Security Assertion Markup Language (SAML)

You must configure an LDAP server or SAML authentication in order to select LDAP or SAML from the Type drop-down box.

Username

(Required) The user's SAML username. Type the username exactly as it appears in your identity provider SAML configuration for this user.

Time Zone

(Required) The time zone for the user.

Scan Result Default Timeframe

The default Completion Time filter applied when the user accesses or refreshes the scan results page.

Cached Fetching

When enabled, Tenable Security Center caches plugin policy information and performs plugin policy downloads once per page load.

Membership

Role

(Required) The role assigned to the user. For more information, see User Roles.

Administrator users can create Administrator or Security Manager user accounts. Organizational users can create Auditor, Credential Manager, Executive, No Role, Security Analyst, Security Manager, or Vulnerability Analyst accounts at their own privilege level or lower. For example:

  • If a user is an Auditor, they can create new Auditors or lesser roles.
  • If a custom user has the Create Policies privilege but not the Update Feeds privilege, that user can create users with the Create Policies privilege, but not the Update Feeds privilege.

Organization

(Required) The organization where you want to assign the user account.

Group

(Required) The group where you want to assign the user account. A user's group determines their access to Tenable Security Center resources. For more information about groups, see Groups.

To grant a user limited privileges to other groups' resources, see Custom Group Permissions.

Group Permissions

Manage All Users

When enabled, allows the user to manage users in all of the user's assigned groups. For more information, see Custom Group Permissions.

Manage All Objects

When enabled, allows the user to manage objects in all of the user's assigned groups. For more information, see Custom Group Permissions.

Responsibility

Asset

Assigns a user to an asset list for which the user is responsible. Assigning a user to an asset list makes it easier to determine who in a group or organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.

Display Options

Dark Mode

When enabled, sets the Tenable Security Center user interface to dark mode for the user.

Contact Information

Title

The contact information for the user.

Address

City

State

Country

Email

Phone