Applies To:

Show Versions Show Versions

Manual Chapter: Managing User Account Data
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

11 
When you manage BIG-IP® systems, you usually create and manage user accounts individually on each of these devices. If you have a large number of systems, it can be labor intensive to keep track every users specific privileges on each device.
Using Enterprise ManagerTM to manage user accounts saves you valuable time by providing you lists of all users in your network, and each device on which they have access privileges. You can also view user accounts in the context of device groups to see which users have access to which devices in a custom device group.
Note: See the Managing User Accounts chapter in the TMOS® Management Guide for BIG-IP® Systems for further information about user accounts, including understanding user account types and user roles, and managing an authentication source.
You can view all users for the managed devices in your network from the Enterprise Manager user list. The user list provides you centralized access to details about each user account, without requiring that you to log on to the individual devices.
On the navigation pane, expand Enterprise Manager and click Users.
The users list displays. The numbers in the Devices and Device Group columns indicate how many devices or device groups to which a user has access.
Figure 11.1 User list example
For either option you choose, the user properties list opens, listing the users web access and shell (or console) access roles on each device or device group. From these screens, you can drill down further for more detail about the users roles on devices and in device groups.
Note: On the user-specific device groups screen, a role may be labeled as Mixed. This indicates that the user has different roles on at least two unique devices that are members of the selected device group.
1.
On the Main tab, expand Enterprise Management and click Devices.
The Device list screen opens.
3.
On the menu bar, click Launch Pad.
The Launch Pad screen opens.
4.
In the Device Settings table, in the Type column, click the Users link.
The device user list opens to display all the users on the currently selected device.
On some user screens, Enterprise Manager provides a link to the managed devices Configuration utility. You can use this link to manage a specific user account on the managed device.
On the User Properties list screen, or the Device Group User Access screen, click the Launch link to open the managed devices configuration utility to manage the adjacent user account.
When you configure user account information on a BIG-IP system, you set parameters such as user names and passwords, shell access information, web interface and root access privileges, and an authentication source. When you configure BIG-IP systems individually, you must log on to each device and specify these parameters.
To configure this information more quickly and easily, you can use the Manager Copy User Access Configuration wizard. With this feature, you can create a common user account configuration on one device, and replicate that user account information on as many devices as required. This means that you can efficiently add new users and user account information to devices in your network from one central location.
The Copy User Access Configuration wizard functions in a manner similar to other wizards in Enterprise Manager and involves starting a task, selecting a target and source device, setting task options, and reviewing task settings before starting the task.
1.
On the Main tab, expand Enterprise Management and click Tasks.
The Task list screen opens.
2.
Above the list, click the New Task button.
The New Task screen opens.
3.
In the User Access section, click Copy User Access Configuration option, and then click Next.
The Step 1 of 3 screen opens.
On the Step 1 of 3 screen of the wizard, you can select source and destination devices, and choose what type of configuration data to copy.
1.
From the Source Device list, select the device that you want to use as the data source for user configuration data.
2.
For Configuration Data, check the Select box next to each type of data that you want to copy from the source device.
3.
From the Device Group list, select an option to narrow the list of target devices in the Compatible Devices table:
To install to specific devices, select All Devices to see a list of all devices compatible with the configuration data you selected.
4.
From the Devices list, select an option to view a list of target devices that are either compatible, or not compatible with the configuration data you selected.
5.
In the Compatible Devices table, check the Select box next to each device to which you want to copy configuration data, and click Next.
The Step 2 of 3 screen opens.
1.
From the Device Users list, select one of the following options for copying user accounts to a destination device:
Add users not already present on the device
Adds users from the source device to the user list on each destination device, without changing any user account information already configured on the destination device.
Replace users on device
Deletes the user account list on the destination device and replaces it with the user account list from the source device.
2.
From the Device Error Behavior list, select one of the following options to determine how the system handles errors during the task:
Continue task on remaining devices
The system continues until it copies device configuration data to all the destination devices that you selected. Specific errors appear on the Task Properties screen.
Cancel task on remaining devices
The system stops after the first error occurs. Specific errors appear on the Task Properties screen. You must configure a new task to copy data to devices that were canceled.
3.
Click the Next button.
The Step 3 of 3 screen opens.
You can review task options and start the task from the Task Review screen. This screen summarizes the task, including the source device, the configuration data to be copied, and the destination devices.
If you need to remove any user accounts from the configuration copy task, in the Configuration Data table, click the Edit link adjacent to the Users entry.
The Configuration Data screen opens, where you can specify users to include in the task.
If these settings look correct, click Start Task.
The Task Properties screen opens and displays information about the configuration copy task.
In addition to the Copy User Access Configuration wizard, you can initiate a configuration copy task for a specific device from the device Launch Pad screen. The Launch Pad screen provides an overview of user accounts, shell access settings, and authentication information for a device.
1.
On the Main tab, expand Enterprise Management and click Devices.
The Device list screen opens.
2.
Click the name of the device that contains the user configuration data that you want to copy to another device.
The Device Properties screen opens.
3.
On the menu bar, click Launch Pad.
The Launch Pad screen opens.
5.
Below the list, click Copy.
The Step 1 of 3 screen of the Copy User Access Configuration wizard opens with the Source Device and Configuration Data settings selected.
Tip: If you want to select specific users to copy during the copy configuration task, click the Users link in the Device Settings table to open the device user list where you can select specific user accounts to include in the task.
When you use Enterprise Manager as your user management system, you can create a task to automate a password change process for any user on any managed device in your network. This saves time as well as ensures that when you change a user account password, the new password is identical for the user on each device that you select.
You can use the Change User Password to assist you with changing user passwords. This wizard works in a way similar to other wizards in Enterprise Manager, and involves four main procedures:
Selecting the user whose password you want to change and specifying the devices on which you want to change the password
1.
On the Main tab, expand Enterprise Management and click Tasks.
The Task list screen opens.
2.
Above the list, click the New Task button.
The New Task screen opens.
3.
In the User Access section, select the Change User Password option, and click Next.
The Step 1 of 4 screen opens.
1.
From the User Name list, select the user whose password you want to change.
2.
From the Device Group list, select an option to narrow the list of devices on which the user has an account:
3.
From the Devices list, select one of the following options to change the list of devices to devices displayed:
Compatible Devices - Select this option to display devices on which the user account exists.
Incompatible Devices - Select this option to display devices on which the user account does not exist.
4.
In the Compatible Devices table, check the Select box next to each device for which you want to change the users password, and click Next.
Step 2 of 4 screen opens.
1.
For the Authentication setting, in the Password box type the new user password.
2.
In the Confirm box, re-type the password.
3.
Click Next to move to the Task Options screen.
1.
In the Device Error Behavior box, select an option to determine how the system handles errors during the task:
Continue task on remaining devices: the task continues until the system finishes changing the user password on the devices that you selected. Specific errors appear on the Task Properties screen.
Cancel task on remaining devices: the task stops after the first error occurs. Specific errors appear on the Task Properties screen. You must configure a new task to change a user password on devices that were cancelled.
2.
Click Next.
The Step 4 of 4 screen opens.
The Step 4 of 4 screen summarizes the task, including the user account for which you are changing the password, and the devices on which you are changing the users password.
1.
If you need to change the password you specified on the Step 2 screen, click the Edit link adjacent to the User Name entry.
The Edit Task Item screen appears where you can specify a new password for the task.
2.
If these settings look correct, click Start Task.
The Task Properties screen opens and displays information about the password change task.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)