Create User elements

The User element defines who your users are and how they can identify themselves to get access to networks and services as defined in your Firewall Access rules.

You create Users as members of a User Group. You do not have to specify all user parameters separately for each individual User. A User that is a member of a User Group can inherit, for example, the Authentication Method and account expiration time from the User Group. Each User Group must belong to an LDAP Domain. We recommend creating a separate user account used for each user. Each user can belong to several User Groups within the LDAP Domain. User-specific properties can override properties defined at the User Group level.

You can import and export Users and User Groups through an LDIF file to or from some other Management Server.

Note: Although you cannot edit User Group memberships in the User element properties, each user can belong to several User Groups. After creating the User element, drag and drop it to other User Groups to add more group memberships.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to User Authentication.
  2. Browse to Users.
  3. Add a user to a User Group in one of the following ways:
    • Right-click a User Group and select New > Internal User (for the internal stonegate parent group).
    • Right-click a User Group and select New Internal User (for a User Group under the internal stonegate parent group).
  4. In the Name field, enter a unique name to identify the User in the directory.
    The name is used as the common name (CN) for the User. The distinguished name (DN) is inherited from the LDAP Domain to which the User belongs.
  5. (External directory only) Enter additional user information.
  6. (Optional) Change the Activation settings for the user account.
  7. Click the Authentication tab.
  8. Click Add to select the Authentication Methods for the user.
    • You can add more than one authentication method for each user. This way, you can put the User in more than one User Group when the User Groups have different authentication methods.
    • If you have not configured any Authentication Methods yet, you can create them in this dialog box.
  9. Define the properties for the selected Authentication Method.
    CAUTION:
    Use strong passwords that are at least eight characters long and that contain numbers, letters, and special characters. Do not base passwords on personal information such as names, birthdays, ID numbers, phone numbers, street names, registration plate numbers, or relatives’ names.
  10. Click OK.

Result

The user account is created. If the user is stored in the internal LDAP database, the information is automatically synchronized to the local databases on the Firewalls unless user database replication has been disabled.

Internal User Properties dialog box

Use this dialog box to define internal user properties.

Option Definition
General tab
Name Specifies the user name in the directory.
Comment An optional comment for your own reference.
DN Inherited from the LDAP Domain to which the user belongs.
Always Active Specifies that the user account is considered active immediately and is never automatically disabled.
Activation Date Specifies the date when the user account becomes active.
Inherit Expiration Period The expiration period is inherited from the User Group to which the User belongs.
Expiration After Specifies the number of days after which the user account is automatically disabled.
Expiration Date Specifies the date when the user account is automatically disabled.
Member of Shows the Domains to which the user belongs.
Option Definition
Authentication tab
Authentication Methods Shows the authentication methods that have been selected for the user.
Add Opens the Select Element dialog box.
Remove Removes the element from the Authentication Methods list.
Client Certificate Properties

(Client Certificate method only)

Alternative Subject Name or CN For example, alice.smith@example.com or 192.168.254.200.

The value you enter must match the value entered in the corresponding field of the certificate request.

Password Properties

(User password method only)

Password Specifies the user password.
Confirm Password Confirms that user password.
Pre-Shared Key Properties

(Pre-Shared Key method only)

Pre-Shared Key Specifies the pre-shared key.
Confirm Pre-Shared Key Confirms the pre-shared key.