Managing administrators from local and external directories

There are three ways to manage the authentication of administrators on the SMC server:

  • Create local accounts on the SMC server,
  • Configure a connection to a LDAP server from the SMC server,
  • Configure a connection to a RADIUS server from the SMC server.

In the Maintenance > SMC Server > Administrators menu in the web administration interface, administrators who have local accounts on the SMC server or accounts from other Radius or LDAP authentication servers can be managed. The panel displayed depends on whether you are connected to the server as the super administrator (“admin” user) or as another administrator.

The two administrator profiles have the following rights:

 

Super administrator

Administrator
Administrators Add/Remove/Edit Modify personal password
SNS firewall configuration

  • Add/Remove/Edit

  • Deployment

  • Automatic and manual backup

If read/write rights:

  • Add/Remove/Edit

  • Deployment

  • Manual backup
SMC maintenance

  • Install and update license

  • Update server

  • Save and restore server configuration

  • Define server's network interfaces

  • Generate a diagnostics report

  • Enable DR mode

  • Manage access to SLS server

  • Generate a diagnostics report

  • Enable DR mode

  • Manage access to SLS server
Manage API keys

  • Enable public API

  • Revoke API keys

 Create/revoke API keys if rights enabled

When the super administrator tries to connect, the SMC server looks for the ID and password from its local user database.

When a simple administrator attempts to connect, the SMC server will first search for the ID and password on the Radius server if it has been configured, then on the LDAP server if it has been configured, then in its local database if it has been configured.

Several administrators can be connected at the same time to the web interface with read/write access and to the command line interface. As such, changes made by any administrator will instantly appear on the screens of the other administrators, including items imported via CSV file. Refer to audit logs for full details on what changes were made.

When an administrator deploys a configuration on firewalls, the other administrators see that a deployment is in progress and who launched it.

NOTE
The “root” user does not appear in the list of administrators, but holds access privileges to the server in SSH or via the console on a hypervisor. However, the super administrator cannot access the server in SSH or via a console.

To manage administrators as the super administrator, go to the Administrators menu:

  • To add an administrator, click on Add an administrator.
  • To edit an administrator profile, double click on the administrator line or move the mouse over the administrator name and select the pencil icon Edit parameters icon. An administrator's Read/WriteSMC privilege cannot be withdrawn if this administrator holds active API keys that also have the Read/Write privilege. For more information, please refer to the section Enabling and managing SMC's public API.
  • To remove an administrator, move the mouse over the administrator name and select the red cross icon Delete administrator icon. Administrators that hold active API keys cannot be deleted. For more information, please refer to the section Enabling and managing SMC's public API.

The admin user cannot be removed.

NOTE
Only the super administrator is allowed to update the SMC server, back up and restore the SMC configuration and enable or disable automatic backups from the web administration interface.