|
|
|
@ -5,7 +5,7 @@ Users & Groups
|
|
|
|
|
.. image:: images/usermanager_groups.png
|
|
|
|
|
:width: 100%
|
|
|
|
|
|
|
|
|
|
With the local user manager of OPNsense one can add users and groups and define
|
|
|
|
|
With the local user manager in OPNsense one can add users and groups and define
|
|
|
|
|
the privileges for granting access to certain parts of the GUI (Web Configurator).
|
|
|
|
|
|
|
|
|
|
Adding Users
|
|
|
|
@ -13,19 +13,28 @@ Adding Users
|
|
|
|
|
To add a new user go to :menuselection:`System --> Access --> Users` and click on the **+** sign at
|
|
|
|
|
the bottom right corner of the form.
|
|
|
|
|
|
|
|
|
|
========================== =========== =========================================================
|
|
|
|
|
**Disabled** Unchecked *Can be used to (temporarily) disable an account*
|
|
|
|
|
**Username** John *A unique username*
|
|
|
|
|
**Password** secret *A strong password*
|
|
|
|
|
**Login shell** /bin/csh *The shell to use when logging in via the console.*
|
|
|
|
|
**Full name** John Doe *Optional, Full username*
|
|
|
|
|
**Expiration date** *Optional, if account should expire enter as mm/dd/yyy*
|
|
|
|
|
**Group Membership** *Optional, select one or more groups*
|
|
|
|
|
**Certificate** *Optional, check if a user certificate should be created*
|
|
|
|
|
**OTP seed** *Optional, enter or generate a OTP seed (base32)*
|
|
|
|
|
**Authorized keys** *Optional, paste ssh key for ssh console access*
|
|
|
|
|
**IPsec Pre-Shared Key** *Optional, IPsec PSK*
|
|
|
|
|
========================== =========== =========================================================
|
|
|
|
|
==================================================================================================
|
|
|
|
|
|
|
|
|
|
=========================== ============ =========================================================
|
|
|
|
|
**Disabled** Unchecked *Can be used to (temporarily) disable an account*
|
|
|
|
|
**Username** John *A unique username*
|
|
|
|
|
**Password** secret *A strong password*
|
|
|
|
|
**Full name** John Doe *Optional, Full username, for reference only*
|
|
|
|
|
**E-Mail** a@b.com *Optional, users email, for reference only*
|
|
|
|
|
**Comment** *Optional, comment field, for reference only*
|
|
|
|
|
**Preferred landing page** ui/page *Optional, landing page to visit after login*
|
|
|
|
|
**Login shell** /bin/csh *The shell to use when logging in via the console.*
|
|
|
|
|
**Expiration date** *Optional, if account should expire enter as mm/dd/yyy*
|
|
|
|
|
**Group Membership** *Optional, select one or more groups*
|
|
|
|
|
**Effective Privileges** *Optional, additional grants for this user,*
|
|
|
|
|
*usually these are being handled via a group*
|
|
|
|
|
**User Certificates** *Optional, check if a user certificate should be created*
|
|
|
|
|
**API keys** *Optional, when planning to use the API from*
|
|
|
|
|
*another application, create keys for this user*
|
|
|
|
|
**OTP seed** *Optional, enter or generate a OTP seed (base32)*
|
|
|
|
|
**Authorized keys** *Optional, paste ssh key for ssh console access*
|
|
|
|
|
=========================== ============ =========================================================
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Creating Groups
|
|
|
|
|
---------------
|
|
|
|
@ -34,3 +43,4 @@ corner of the form.
|
|
|
|
|
|
|
|
|
|
Enter a **Group name** and a **Description** and add users to the group.
|
|
|
|
|
|
|
|
|
|
When users should access resources on this firewall via a group, connect the relevant ones via **Assigned Privileges**.
|
|
|
|
|