Configure individual users
View user activities and manage user settings:
-
Find users that match a variety of search criteria.
-
Manage individual users and their tokens.
Search for users
-
On the SAS onsole, select Assignment to display the Search User module.
-
Enter the search criteria that apply in the fields provided (for example, type * in the User ID field).
Field Description User ID The value the user types to identify themselves when logging in. Use * as a wildcard. Last Name The surname of the user. Use * as a wildcard. Auth Method The authentication method assigned to users:
- Any: Include users that authenticate with any method.
- Token: Include only users that authenticate with tokens.
- Password: Include only users that authenticate with a static password set in the authentication server.
- External Credentials: Include only users that are allowed to authenticate with credentials not validated by the server, such as a pass-through to an LDAP server. This option applies only to LDAP integration; it does not apply to LDAP synchronization.
Email The email address of the user. Container The container within which you want to restrict the search. Account State Locked or Unlocked. -
Click Search to display a list of users that meet the search criteria.
The search results include the following information:
-
User ID: Click a user ID to display user details and additional assignment modules that enable you to view user activities and manage user settings.
-
Last Name: The user’s surname.
-
First Name: The user’s first name.
-
Custom #1: One of three fields that can be populated with custom data to distinguish the user from other similarly named users. Examples include employee number, department etc. Note that the label Custom #1 can be changed in the Branding module of the Virtual Server.
-
Auth Method: An indication of the primary authentication method assigned to the user. Options include PwD (password stored with the user account in the Virtual Server), Token (indicates a two-factor authentication method is assigned).
-
RADIUS Attr: Indicates whether RADIUS attributes are set for the user. This does not reflect RADIUS attributes applied to a group to which the user may belong.
-
Auth State: Set to Active if the user can authenticate against the service. Set to Locked if authentication failures exceed the Account Lockout/Unlock Policy. Set to Assigned if the user has not authenticated with the assigned token. If multiple tokens are associated with the user, state precedence in the list is Locked, Active, Assigned.
-
Account State: Locked or Unlocked. Locked when an account is disabled or in breach of the dormant account policy. When an account is locked, the user's authentication attempts fail, regardless of the Auth State. When you unlock an account, you must also verify that the auth state is unlocked. The lock state of the account is local to SAS and is different from the LDAP lock state.
The REST API for SAS use a flag (isActive) that allows you to suspend or activate a user account. When a user account is suspended (isActive=false) or dormant, the Account State displays Locked. You can override the API lock from the SAS console, as described in Unlock tokens.
-
Container: Displays the container in which the user account resides.
- Provision (Button): Provision all selected users in the list with tokens in one simple operation.
- Delete (Button): Delete all selected users (excluding LDAP integrated and LDAP synchronized).
- Account Unlock (Button): Unlock an account.
-
View user details
If the account was manually created or imported, you can update the user details. However, if the user is synchronized or integrated with LDAP, update the details in LDAP.
-
On the SAS console, search for a user.
-
Select the User ID that you want to view and then expand the User Detail module.
The user details include basic information such as name, user ID, contact information, and address.
The user details also include the following information:
-
Container: Displays the container in which the user account resides.
-
Custom #1, 2, 3: The custom fields are available for holding additional information to distinguish the user from other similarly named users. Examples include employee number, department etc. Note that the label Custom #1 can be changed in the Branding module of the Virtual Server.
-
Alias #1, 2: The alias fields are alternative login credentials that can authenticate with the user’s tokens.
-
-
Under certain conditions you can edit the account:
-
If the user account was manually created or imported, the Edit button is enabled and you can update the information.
-
If the user account is synchronized or integrated with LDAP, the Edit button is disabled and you must edit the user information in LDAP.
-
View user activities and manage user settings
On the SAS console, search for a user and then click the User ID.
The additional Assignment modules are displayed, where you can manage user settings:
-
User Detail: This module displays basic user information. User detail can be modified for all users that were manually created or imported. User accounts created by LDAP synchronization must be modified in the LDAP directory.
-
Authentication Methods: Use this module to assign, provision and manage all tokens associated with an individual user.
-
Authentication Metrics: Displays the individual user’s authentication metrics over various periods of time.
-
Authentication Activity: Displays authentication history for up to 100 of the user’s most recent
-
Access Restrictions: Use this to set specific times, days, and periods during which the user is allowed to authenticate or prevent a user from being authenticated.
-
Group Membership: Use this module to add or remove group memberships for the selected user. Groups can be used to automate provisioning or determine if the user is allowed to authenticate or be granted access to specific resources.
-
RADIUS Attributes (user): Use this module to apply RADIUS attributes to the selected user.