Administrator Properties - General

What can I do here?

Configure and manage administrators, authentication methods and permissions.

Getting Here - SmartConsole > Manage & Settings > Permissions and Administrators > Administrators > New or double-click an account > General tab Or: SmartConsole for Multi-Domain Server > Multi Domain > Permissions and Administrators > Administrators > New or double-click an account > General tab

Configuring Administrator Properties

• Enter a unique name for the administrator - The user name property is required and case sensitive.
• Select an authentication method:
  • Undefined users are not authenticated and access is always denied or authentication is based on a certificate (as defined in the Admin Certificates tab).
  • SecurID users are challenged to enter the number displayed on the Security Dynamics SecurID card. There are no scheme-specific parameters for the SecurID authentication scheme. The Security Gateway acts as an ACE/Agent 5.0.
  • Check Point Password means that users are challenged to enter the internal Check Point password on the gateway, defined here.
    • Enter and confirm the password in the specified fields.
  • OS Password users are challenged to enter their Operating System password for the Security Management Server.
  • RADIUS users are challenged for the response, as defined by the RADIUS server.
    • Select a Radius server from the list.
  • TACACS passwords are forwarded to the TACACS server to determine whether access is allowed.
    • Select a TACACS server from the list.

    Note - For RADIUS AND TACACS authentication. If you generate a user certificate with a non-Check Point Certificate Authority, enter the Common Name (CN) component of the Distinguished Name (DN). For example, if the DN is: [CN = James, O = My Organization, C = My Country], enter James as the user name. If you use Common Names as user names, they must contain exactly one string with no spaces.

• Assign a permissions profile - When you configure an administrator, you must assign a permissions profile. A permissions profile is a predefined set of permissions that you assign to individual administrators. Complex, granular permissions for many administrators can be configured in one profile.

  To create a new permissions profile, click New.

• Set an expiration date - Assign an expiration date for each administrator or configure the account never to expire. After account expiration, the administrator cannot log in to SmartConsole (or SmartConsole clients such as SmartEvent).

  Note: Account expiration has no effect on the OS administrator account. System administrators on the OS are different from administrators defined in SmartConsole for the Security Management Server.