User Accounts

The Users page displays the user accounts on Tenable.sc, limited by your account privileges. You can sort the columns or apply filters to locate specific user accounts. You can also add a user (Add a TNS-Authenticated User, Add an LDAP-Authenticated User, or Add a SAML-Authenticated User) or Delete a User.

You can create one or more administrator accounts on Tenable.sc. You can create one or more organizational users (security managers and/or custom roles) per organization. Tenable recommends you make at least one TNS-authenticated administrator and security manager user per organization. If the LDAP or SAML service becomes unavailable, you can still log in.

Linked User Accounts

You can create linked user accounts to allow an Administrator user to switch to one or more Security Manager accounts without logging out and logging back in to Tenable.sc. For more information, see Linked User Accounts.

API Keys

You can generate API keys to authenticate as a specific user for Tenable.sc API requests. For more information, see API Key Authentication.

User Account Options

Option Authentication Type Description
Role

All

The role assigned to the user. For more information, see User Roles.

Administrator users can create Administrator or Security Manager user accounts. Organizational users can create Auditor, Credential Manager, Executive, No Role, Security Analyst, Security Manager, or Vulnerability Analyst accounts at their own privilege level or lower. For example:

  • If a user is an Auditor, they can create new Auditors or lesser roles.
  • If a custom user has the Create Policies privilege but not the Update Feeds privilege, that user can create users with the Create Policies privilege, but not the Update Feeds privilege.
Organization

All

The organization where you want to assign the user account.
First Name / Last Name

All

(Optional) The given first name and last name for the user.
Type

All

The type of authentication you want to perform on the user:

  • Tenable (TNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Security Assertion Markup Language (SAML)

You must configure an LDAP server or SAML authentication in order to see LDAP or SAML in the Type drop-down box.

Username / Password TNS

The username and password for the user account.

When selecting a username, it is sometimes easier to focus on the person’s real name as a convention (e.g., Bob Smith would become bsmith). However, it may also be useful to assign names based on role, such as auditNY.

Note: The username value is case-sensitive.

Tip:Tenable recommends using passwords that meet stringent length and complexity requirements.

For information about Tenable.sc password data encryption, see Encryption Strength.

Username SAML

The user's SAML username. Type the username exactly as it appears in your identity provider SAML configuration for this user.

User Must Change Password TNS

(Optional) When enabled, the user must change their password upon initial login.

LDAP Server LDAP The server you want to use to authenticate the user.
Search String LDAP

The LDAP search string you want to use to filter your user search. Use the format: attribute=<filter text>. You can use wildcards, and the option accepts up to 1024 characters.

Examples

sAMAccountName=*

mail=a*

displayName=C*

LDAP Users Found LDAP

A filtered list of LDAP user accounts retrieved by the Search String. Your selection in this option populates the Username option.

The Username for this account must match a user on the LDAP server in order to authenticate. LDAP

(Optional) If the user was created via LDAP user provisioning, the username on the LDAP server associated with the Tenable.sc user account. If you select a username in the drop-down, Tenable.sc overwrites the Tenable.sc user account using information from the new LDAP user you selected. By default, this option is blank.

You do not need to configure this option to enable user provisioning or automatic synchronization of user data between your LDAP server and Tenable.sc.

For more information, see LDAP User Provisioning.

Username LDAP

(Required) The username, populated by your LDAP Users Found selection. This username must match a user on the LDAP server in order to authenticate successfully.

Time Zone

All

(Required) The time zone for the user.
Scan Result Default Timeframe

All

The default Completion Time filter applied when the user accesses or refreshes the scan results page.

Cached Fetching

All

(Optional) When enabled, Tenable.sc caches plugin policy information and performs plugin policy downloads once per page load.

Dark Mode All

(Optional) When enabled, sets the Tenable.sc user interface to dark mode for the user.

Group

All

The group where you want to assign the user account. A user's group determines their access to Tenable.sc resources. For more information about groups, see Groups.

To grant a user limited privileges to other groups' resources, see Custom Group Permissions.

Asset

All

(Optional) Assigns a user to an asset list for which the user is responsible. Assigning a user to an asset list makes it easier to determine who in a group or organization should be assigned tickets, notifications, and other tasks to resolve particular issues. Selecting an asset updates the User Responsibility Summary in the Vulnerability Analysis section.

Contact Information

All

(Optional) The contact information for the user.