Configuring Local ObserveIT Identification Users
After creating Forced-Identification users, you must configure an authentication target. This authentication target can be one or more Active Directory Identification targets (or domains) or Local ObserveIT Identification Users.
When no central Active Directory is available against which ObserveIT Identification services can authenticate, you will need to use local ObserveIT targets for user authentication.
This feature does NOT create any actual local users. It just configures ObserveIT to check if the credentials of a Forced-Identification user at log on match those of any Local ObserveIT User.
This topic describes how to configure the local ObserveIT targets against which the users will authenticate. (It also describes how to delete local ObserveIT users.)
To configure Local ObserveIT Identification users
-
Navigate to the Configuration > Security & Privacy > Identification page.
-
In the Local ObserveIT Identification Users section, click Create.
The Add Operator window opens.
-
Type the user name, the required password, and confirm the password. You MUST enter a password.
The user name and password are created locally inside the ObserveIT database, and are not matched against any external source. When a Forced-Identification user logs on to any ObserveIT-monitored server, they must enter this user name and password for secondary authentication in the ObserveIT Windows log on screen/Unix prompts. For further details, see Configuring ObserveIT Identification Services.
-
Click Add.
-
Repeat steps 2 and 3 for each user that you want to add.
The new Local ObserveIT users are displayed in the Local ObserveIT Identification Users section.
Local ObserveIT users cannot be modified. If you need to change the user's password or log on name, you must first delete the user, and re-create it.
After configuring the users, whenever a Forced-Identification users logs on to a monitored server, they will be able to use the user name and password credentials that were configured for this Local ObserveIT Identification User for secondary authentication.
In addition, the ObserveIT administrator or security auditor will be able to see exactly who used the Administrator's built-in account by looking at the Endpoint Diary, User Diary, Search, or Reports page.
Deleting Local ObserveIT Users
Deleting a Local ObserveIT user does not have any effect on the actual user object, either in Active Directory or on the Windows Local Users. However, if this user is still listed in the Forced-Identification Users section and configured in one or more Server Policies, then since it will not be able to authenticate against any available Local ObserveIT user, that user will NOT be able to log on to the ObserveIT-monitored server. Therefore, use caution before deleting Local ObserveIT users.
To delete a Local ObserveIT user from the list
-
Navigate to the Configuration > Security & Privacy > Identification page.
-
In the Local ObserveIT Identification Users section, click the relevant Delete link of the user that you want to delete.
A window opens, warning that you are about to delete a Local ObserveIT Identification user.
- Click OK to delete the user.