20 Managing users and authentication

The appliance requires users to log in with a valid user name and password, and security is maintained through user authentication and role based authorization. User accounts can be local, where the credentials are stored on the appliance or can be on a company or organizational directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts the defined directory server to verify user credentials.

UI screens and REST API resources

UI screen

REST API resource

Users and Groups

users, roles, authz, logindomains,

 

logindomains/global-settings, and

 

logindomains/grouptorolemapping

20.1Roles

Minimum required privileges: Infrastructure administrator

20.2Tasks

The appliance online help provides information about using the user interface or the REST APIs to:

Add a user with local authentication.

Add a user with directory-based authentication.

Add a group with directory-based authentication.

Designate user privileges.

Edit a user account, including updating a user password.

Remove a user account.

Reset the administrator password.

Add an authentication directory service.

Allow local logins.

Disable local logins.

Change the authentication directory service settings.

Set an authentication directory service as the default directory.

Remove an authentication directory service from the appliance.

20.3About user accounts

The appliance provides default roles to separate responsibilities in an organization. A user role enables access to specific resources managed from the appliance.

Role-based access control enforces permissions to perform operations that are assigned to specific roles. You assign specific roles to system users or processes, which gives them permission to perform certain system operations. Because a user is not assigned permissions directly, but only acquires them through their role (or roles), individual user rights are managed by assigning the appropriate roles to the user. At initial appliance startup, there is a default administrator account with full access (Infrastructure administrator) privileges. For more information about the actions each role can perform, see “Action privileges for user roles” (page 144).

20.1 Roles 143

Page 143
Image 143
HP OneView manual Managing users and authentication, About user accounts, Reset the administrator password