User - General Information

Name

Identifying name.

Description

Optional descriptive text.

User is disabled

To disable a user, check User is disabled.
A disabled user cannot access the TrueSight Server Automation system until you enable the user by clearing*User is disabled*. When you disable a user, that user is no longer pushed to agents the next time you perform an ACL Push Job.

User participates in directory synchronization

To specify that a user is not subject to processes that synchronize users in the RBAC database with external user databases such as Active Directory, clear User participates in directory synchronization.
If a user is created through a synchronization process, this option is automatically checked. For more information, see Synchronizing-users-with-LDAP-servers. If a user is created using the New User wizard, this option is automatically cleared.

Allow Secure Remote Password Authentication

Enables the user to authenticate using SRP. If you check this option you must fill in the SRP Authentication Options listed below.

Allow Active Directory/Kerberos Authentication

Select to enable the AD/Kerberos or Domain Authentication.

Allow LDAP Authentication

Select to enable user authentication with LDAP.

Allow SecurID Authentication

Select to enable user authentication with RSA SecurID.

Allow PKI Authentication

Select to enable user authentication with public key infrastructure.

Automatically disable account if inactive

Select to disable this user's account if he or she does not log on during a specified period of time.
You must use the blasadmin utility to enable a task that runs every 24 hours and disables inactive users. For more information, see Setting-logon-requirements. You can also use blasadmin to specify the period of time during which a user must log on to remain active. 
You cannot disable the BLAdmin and RBACAdmin users.

Select to disable access to the TrueSight Server Automation Console for the user account.

You can use this flag to disable access for the users like automation engineers who are not expected to log on to the TrueSight Server Automation Console. If you select this option, the restricted user will still be able to log on to TrueSight Server Automation by using all the other means such as NSH, Web Services, and REST API.

Note: You cannot disable TrueSight Server Automation Console access for the BLAdmin and RBACAdmin users. Also you cannot enable or disable your own access.

SRP Authentication Options

These SRP options apply only if you checked Allow Secure Remote Password Authentication:

• For Password, enter the user's password. Then, confirm the password by entering it again in Retype Password.
• To specify that a user must change his or her password the next time he or she logs on, check User must change password at next logon.
• To specify that a user's password never expires, check Password never expires.
  Clearing Password never expires means a user's password expires after the period of time specified by the Application Server's MaxPasswordAge option. To set a value for that option, use the Application Server Administration console (that is, the blasadmin utility). For more information, see Setting-logon-requirements.
• To unlock a user whose logon is locked out, clear User is locked out.
  Users are locked out when their logon attempts repeatedly fail and the number of failed attempts exceeds a certain threshold. To specify that threshold, use the blasadmin utility to set a value for the AccountLockoutThreshold option.