Add and manage users

Deep Security has users, roles, and contacts that can be created and managed under Administration > User Management.

• Users are Deep Security account holders who can sign in to the Deep Security Manager with a unique user name and password. You can Synchronize users with an Active Directory or Add or edit an individual user
• Roles are a collection of permissions to view data and perform operations within Deep Security Manager. Each user is assigned a role. See Define roles for users.
• Contacts do not have a user account and cannot sign in to Deep Security Manager but they can be designated as the recipients of email notifications and scheduled reports. See Add users who can only receive reports.

Synchronize users with an Active Directory

If you use Active Directory to manage users, you can synchronize Deep Security with the Active Directory to populate the user list. Users can then sign into Deep Security Manager using the password stored in the directory.

To successfully import an Active Directory user account into Deep Security as a Deep Security user or contact, the Active Directory user account must have a userPrincipalName attribute value. The userPrincipalName attribute corresponds to an Active Directory account holder's User logon name.

If you are using Deep Security in FIPS mode, you must import the Active Directory's SSL certificate before synchronizing with the Directory. See Manage trusted certificates.

1. In Deep Security Manager go to Administration > User Management > Users.
2. Click Synchronize with Directory to open the Synchronize with Directory dialog.
3. Type the address of the directory server.
4. Enter your access credentials, which should at a minimum have the Active Directory READ permission. Note that members of the Domain User group have READ permissions by default.
5. Click Next to trigger an attempt to connect to the Active Directory.
   If you are using Deep Security in FIPS mode, click Test Connection in the Trusted Certificate section to check whether the Active Directory's SSL certificate has been imported successfully into Deep Security Manager.
   
6. Use the next dialog to enter an Active Directory group name or part of a group name into the search field, and then press enter. Move the group to the Groups to synchronize pane using the >> button.
   The Deep Security Manager imports the users in these Active Directory groups to the Deep Security Manager's Users list. Once they have been imported, you are given the option to create a scheduled task to periodically synchronize with the directory to keep your list up to date.
   

The imported list of users are locked out of the Deep Security Manager by default. You have to modify their properties to allow them to sign in to the Deep Security Manager.

If you delete a user from Deep Security Manager who was added as a result of synchronizing with an Active Directory and then resynchronize with the directory, the user will reappear in your user list if they are still in the Active Directory.

Add or edit an individual user

1. In Deep Security Manager go to Administration > User Management > Users.
2. Click New to add a new user or double-click an existing user account to edit its settings.
3. Specify the general properties for the user, including:
• Username: The username that the user will enter on the Deep Security Manager login screen.
• Password and Confirm Password: Note the password requirements listed in the dialog box. You can password requirements in the user security settings (see Enforce user password rules).
• Name: (Optional) The name of the account holder.
• Description: (Optional) A description of the account.
• Role: Use the list to assign a predefined role to this user. You can also assign a role to a user from the Users list, by right-clicking a user and then clicking Assign roles.

  Deep Security Manager is preconfigured with two roles: Full Access and Auditor. The Full Access role grants users all possible privileges for managing the Deep Security system, such as creating, editing, and deleting computers, computer groups, policies, rules, and so on. The auditor role gives users the ability to view all of the information in the Deep Security system but not the ability to make any modifications except to their personal settings (password, contact information, view preferences, and so on). Roles with various levels of system access rights can be created and modified on the Roles page or by selecting New in the Role list.

• Language: The language that will be used in the interface when this user logs in.
• Time zone: Time zone where the user is located. This time zone is used when displaying dates and times in the Deep Security Manager.
• Time format: Time format used to display time in the Deep Security Manager. You can use 12-hour or 24-hour format.
• Password never expires: When this option is selected, the user's password will never expire. Otherwise, it will expire as specified in the user security settings (see Enforce user password rules).
4. If you want to enable multi-factor authentication (MFA), click Enable MFA. If MFA is already enabled for this user, you can select Disable MFA to disable it. For details, see Set up multi-factor authentication.
5. Click the Contact information tab and enter any contact information that you have for the user and also indicate if they are your primary contact or not. You can also check the Receive Alert Emails check box to include this user in the list of users who receive email notifications when alerts are triggered.
6. You can also edit the settings on the Settings tab. However, increasing some of these values will affect Deep Security Manager performance. If you make changes and aren't happy with the results, you can click Reset to Default Settings (at the bottom of the tab) to reset all settings on this page to their default values:

   Module

   • Hide Unlicensed Modules: This setting determines whether unlicensed modules will be hidden rather than simply grayed out for this User. This option can be set globally on the Administration > System Settings > Advanced tab.

   Refresh Rate

   • Status Bar: This setting determines how often the status bar of the Deep Security Manager refreshes during various operations such as discovering or scanning computers.
   • Alerts List/Summary: How often to refresh the data on the Alerts page in the List view or Summary view.
   • Computers List: How often to refresh the data on the Computers page.

     The Last Successful Update column value is not recalculated unless the page is manually reloaded.

   • Computer Details: The frequency with which an individual computer's property page refreshes itself with the latest information (if required).

   List Views

   • Remember last Tag filter on each page: Events pages let you filter displayed events by tags. This List Views setting determines if the Tag filter setting is retained when you navigate away from and return to an Events page.
   • Remember last Time filter on each page: Events pages let you filter displayed events by time period and computers. These List Views settings determine if the Period and Computer filter settings are retained when you navigate away from and return to an Events page.
   • Remember last Computer filter on each page: Events pages let you filter displayed events by time period and computers. These List Views settings determine if the Period and Computer filter settings are retained when you navigate away from and return to an Events page.
   • Remember last Advanced Search on each page: If you have performed an Advanced Search on an Events page, this setting determines whether or not the search results are kept if you navigate away and then return to the page.
   • Number of items to show on a single page: Screens that display lists of items display a certain number of items per Page. To view the next page, you must use the pagination controls. Use this setting to change the number of list items displayed per page.
   • Maximum number of items to retrieve from database: This setting limits the number of items that can retrieved from the database for display. This prevents the possibility of Deep Security Manager getting bogged down trying to display an excessive number of results from a database query. If a query produces more than this many results, a message appears at the top of the display informing you that only a portion of the results are being displayed.
   Increasing these values affects the Deep Security Manager performance.

   Reports

   • Enable PDF Encryption: When this option is selected, reports exported in PDF format are password-protected with the Report Password.

Change a user's password

To change a user's password, click Administration > User Management > Users, right-click the user, and click Set Password. You will be prompted for the old password as well as the new password.

Lock out a user or reset a lockout

If a user enters the wrong password too many times when trying to sign in, they will be locked out automatically. If you have resolved the situation and want to allow the user the log in, see Unlock a locked out user name.

View system events associated with a user

To see any system events associated with a user, click Administration > User Management > Users, right-click the user, and click View System Events.

Delete a user

To remove a user account from Deep Security Manager, click Administration > User Management > Users, click the user, and then click Delete.

If you delete a user from Deep Security Manager who was added as a result of synchronizing with an Active Directory and then resynchronize with the directory, the user will reappear in your user list if they are still in the Active Directory.