Administrator Properties - General

What can I do here?

Configure and manage administrators, authentication methods and permissions.

Configuring Administrator Properties

• Enter a unique name for the administrator - The user name property is required and case sensitive.
• Select an authentication method:
  • Undefined users are not authenticated and access is always denied or authentication is based on a certificate (as defined in the Admin Certificates tab).
  • SecurID users are challenged to enter the number displayed on the Security Dynamics SecurID card. There are no scheme-specific parameters for the SecurID authentication scheme. The Security Gateway acts as an ACE/Agent 5.0.
  • Check Point Password means that users are challenged to enter the internal Check Point password on the gateway, defined here.
    • Enter and confirm the password in the specified fields.
  • OS Password users are challenged to enter their Operating System password for the Security Management Server.
  • RADIUS users are challenged for the response, as defined by the RADIUS server.
    • Select a Radius server from the list.
  • TACACS passwords are forwarded to the TACACS server to determine whether access is allowed.
    • Select a TACACS server from the list.

    Note - For RADIUS AND TACACS authentication. If you generate a user certificate with a non-Check Point Certificate Authority, enter the Common Name (CN) component of the Distinguished Name (DN). For example, if the DN is: [CN = James, O = My Organization, C = My Country], enter James as the user name. If you use Common Names as user names, they must contain exactly one string with no spaces.

• Assign a permissions profile - When you configure an administrator, you must assign a permissions profile. A permissions profile is a predefined set of permissions that you assign to individual administrators. Complex, granular permissions for many administrators can be configured in one profile.

  To create a new permissions profile, click New.

• Set an expiration date - Assign an expiration date for each administrator or configure the account never to expire. After account expiration, the administrator cannot log in to SmartConsole (or SmartConsole clients such as SmartEvent).

  Note: Account expiration has no effect on the OS administrator account. System administrators on the OS are different from administrators defined in SmartConsole for the Security Management Server.

Configuring Check Point Password Authentication for Administrators

These instructions show how to configure Check Point Password authentication for administrators.

To configure a Check Point password for a SmartConsole administrator:

1. Go to Manage & Settings > Permissions & Administrators > Administrators.
2. Click New.
3. The New Administrator window opens.
4. Give the administrator a name.
5. In Authentication method, select Check Point Password.
6. Click Set New Password, type the Password, and Confirm it.
7. Assign a Permission Profile.
8. Click OK.
9. Click Publish.

Configuring OS Password Authentication for Administrators

These instructions show how to configure OS Password Authentication for administrators.

To configure an OS password for a SmartConsole administrator:

1. Go to Manage & Settings > Permissions & Administrators > Administrators.
2. Click New.
3. The New Administrator window opens.
4. Give the administrator a name.
5. In Authentication method, select OS Password.
6. Assign a Permission Profile.
7. Click OK.
8. Click Publish.

Configuring a RADIUS Server for Administrators

These instructions show how to configure a RADIUS server for SmartConsole administrators. To learn how to configure a RADIUS server, refer to the vendor documentation.

To configure a RADIUS Server for a SmartConsole administrator:

1. In SmartConsole, click Objects > More Object Types > Server > More > New RADIUS.
2. Configure the RADIUS Server Properties:
   1. Give the server a Name. It can be any name.
   2. Click New and create a New Host with the IP address of the RADIUS server.
   3. Click OK.
   4. Make sure that this host shows in the Host field of the Radius Server Properties window.
   5. In the Shared Secret field, type the secret key that you defined previously on the RADIUS server.
   6. Click OK.
   7. Click Publish.
3. Add a new administrator:
   1. Go to Manage & Settings > Permissions & Administrators > Administrators.
   2. Click New.

      The New Administrator window opens.

   3. Give the administrator the name that is defined on the RADIUS server.
   4. Assign a Permission Profile.
   5. In Authentication method, select RADIUS.
   6. Select the RADIUS Server defined earlier.
   7. Click OK.
4. Click Publish.

Configuring a SecurID Server for Administrators

These instructions show how to configure a SecurID server for SmartConsole administrators. To learn how to configure a SecurID server, refer to the vendor documentation.

To configure the Security Management Server for SecurID:

1. Connect to the Security Management Server.
2. Copy the sdconf.rec file to the /var/ace/ folder

   If the folder does not exist, create the folder.

3. Give the sdconf.rec file full permissions. Run:

   chmod 777 sdconf.rec

To configure a SecurID Server for a SmartConsole administrator:

1. In SmartConsole, click Objects > More Object Types > Server > More > New SecurID.
2. Configure the SecurID Properties:
   1. Give the server a Name. It can be any name.
   2. Click Browse and select the sdconf.rec file. This must be a copy of the file that is on the Security Management Server.
   3. Click OK.
3. Add a new administrator:
   1. Go to Manage & Settings > Permissions & Administrators > Administrators.
   2. Click New.

      The New Administrator window opens.

   3. Give the administrator a name.
   4. Assign a Permission Profile.
   5. In Authentication method, select SecurID.
4. In the SmartConsole Menu, click Install Database.

Configuring a TACACS Server for Administrators

These instructions show how to configure a TACACS server for SmartConsole administrators. To learn how to configure a TACACS server, refer to the vendor documentation.

To configure a TACACS Server for a SmartConsole administrator:

1. In SmartConsole, click Objects > More Object Types > Server > More > New TACACS.
2. Configure the TACACS Server Properties:
   1. Give the server a Name. It can be any name.
   2. Click New and create a New Host with the IP address of the TACACS server.
   3. Click OK.
   4. Make sure that this host shows in the Host field of the TACACS Server Properties window.
   5. In the Shared Secret field, type the secret key that you defined previously on the TACACS server.
   6. Click OK.
   7. Click Publish.
3. Add a new administrator:
   1. Go to Manage & Settings > Permissions & Administrators > Administrators.
   2. Click New.

      The New Administrator window opens.

   3. Give the administrator the name that is defined on the TACACS server.
   4. Assign a Permission Profile.
   5. In Authentication method, select TACACS.
   6. Select the TACACS Server defined earlier.
   7. Click OK.
4. Click Publish.