Help Center/ Cloud Bastion Host/ Getting Started/ Step 2: Create a CBH System User
Updated on 2024-11-12 GMT+08:00

Step 2: Create a CBH System User

Scenarios

Before using your bastion host for O&M, administrators need to create system users in the bastion host and assign different system roles to them based on their responsibilities.

System users then can access the modules within the permissions.

Only the admin user has the permissions to manage system roles.

Procedure

Table 1 Different user creation methods

Creation Method

Description

Creating a User

Create system users one by one. This method applies to create an administrator.

Batch Importing Users Using an Excel File

Configure user information in the Excel template and import the generated Excel file to the CBH system.

This feature enables you to add system users in batches.

Synchronizing AD Domain Users

Synchronize system users from the AD domain server.

You can use the username and password of a user synchronized from the AD domain to log in to the CBH system, and the login is authenticated by the AD domain server.

Configuration Description

Table 2 User information description

Parameter

Description

LoginName

Specifies the username for system users to log in to the CBH system.

The LoginName must be unique in the CBH system and cannot be changed after it is created.

Verification Type

Specifies the identity authentication methods for logging in to the CBH system.
  • Local: (default method) The user is verified against the account management system of the CBH system.
  • AD: The user is verified against the Windows AD domain server.
  • LDAP: The user is verified against the third-party authentication server through the LDAP protocol.
  • RADIUS: The user is verified against the third-party authentication server through the RADIUS protocol.
  • Azure AD: The user is verified against the Azure platform based on Security Assertion Markup Language (SAML) configuration.

Password/Confirm Password

Specifies the password for the user to log in to the CBH system.

UserName

Specifies the user-defined name used to differentiate CBH system users.

Mobile

Specifies the phone number of the user. This phone number is used by the user to receive SMS messages for identity authentication or get the password back.

Email

Specifies the email address of the user. This email address can be used to receive system notifications.

Role

Specifies the role to be assigned to the user. Only one role can be selected for each user.

Only the admin user can customize roles or edit the permissions granted to default roles.

By default, system roles include DepartmentManager, PolicyManager, AuditManager, and User.

  • DepartmentManager: responsible for managing the department system. This role has permissions to configure all modules except the User and Role modules.
  • PolicyManager: responsible for configuring policy permissions. This role has the configuration permissions for the User Group, Account Group, and ACL Rules modules.
  • AuditManager: responsible for auditing system and maintenance data. This role has the configuration permission for Live Session, History Session, and System Log modules.
  • User: common system users and resource operators. This role has the permissions for the Host Operation, App Operation, and Ticket approval modules.

Department

Specifies the department to which the user belongs.

Remarks

(Optional) Provides supplementary information about the user.