Configure Users

A user is a person who logs into the system to perform application-related operations. Before this user can access any operations, they must be added to a user group. Each user group has a defined set of privileges. The operations that a user can do depends on the privileges of the user group to which the user belongs.

The following users are created by default when OCSDM is installed:

• admin—Inherits the privileges from the administrators group.
• LIadmin—Inherits the privileges from the LIadministrators group.

Note:

Upon installation of OCSDM, if R226 compliance is enabled, the Lawful Intercept and SIPREC features and their attributes are hidden from view and are not configurable.

Users (other than the default users) are created, added, and given the privileges of the user groups to which they are assigned so that they can access OCSDM.

Add a User

1. Expand the Security Manager slider and select User Management, Users.
2. In the Users pane, click Add.
3. In the Add User dialog box, complete the following fields:

   Group section Assigned group drop-down list	Choose from the following pre-existing user groups: administrators—This super user group privileged to perform all operations. LIAdministrators—This user group is privileged to perform most operations including Lawful Intercept (LI) configuration changes. These privileges do not include changing the default administrator user credentials. For example, users assigned to the default LI administration group cannot enable or disable accounts, change passwords, or expiration dates for other users in the default LI administration and administration groups. provisioners—This group is privileged to configure Oracle Communications Session Delivery Manager and save and apply the configuration with the exception of a LI configuration. monitors—This group is privileged to view configuration data and other types of data only. This group cannot configure Oracle Communications Session Delivery Manager, and has the fewest privileges. Note: Upon installation of OCSDM, if R226 compliance is enabled, the Lawful Intercept and SIPREC features and their attributes are hidden from view and are not configurable.
   User information User name field	The name of the user using the following guidelines: Use a minimum of 3 characters and maximum of 50 characters. The name must start with an alphabetical character. The use of alphanumeric characters, hyphens, and underscores are allowed. The name is case insensitive. The name cannot be the same as an existing group name.
   User information Password field	The password is entered for this user using the following password rules guidelines: The password must be at least 8 characters long. Use at least one numeric character from 0 to 9 in the password. Use at least one alphabetic character from the English language alphabet in the password. Special characters include {, |, }, ~, [, \, ], ^, _, ‘, :, ;, <, =, >, ?, !, “, #, $, %, &, `, (, ), *, +, ,, -, ., and /
   User information Confirm password field	The same password entered again to confirm it.
   User account expiration dates Account field	Uncheck the check box to change the user account expiration date. Click the calendar icon to open a calendar to choose the date after which the user account expires. Note: If the check box is checked (default) the user account never expires.
   Password expiration dates Password field	Uncheck the check box to change the password expiration date. Click the calendar icon to open a calendar to choose the date after which the user password expires. Note: If the check box is checked (default) the password never expires.

4. Click OK.
   The following information displays in the Users table:

   User name column	The user name.
   Group column	The user group to which the user belongs.
   Status column	The status of the user account is either enabled or disabled.
   Operation status field	The state of the user account and its expiration date: active—The account is valid and the user can log in. Neither the account nor password expiration dates have been exceeded. account expired—The account expiration date has expired. password expired—The password expiration date has expired. password deactivated—The failed login attempts by the user exceeded the allowed number of tries as specified by the value set for password reuse count parameter in password rules. locked out—The user has exceeded the login failures and the account is disabled until the lockout duration has passed.

Edit a User

1. Expand the Security Manager slider and select User Management, Users.
2. In the Users pane, select a user and click Edit.
3. In the User tab , change the following fields:

   Assigned group drop-down list	You can change a user group that you created or one of the four default groups: administrators—This super user group privileged to perform all operations. LIAdministrators—This user group is privileged to perform most operations including Lawful Intercept (LI) configuration changes. These privileges do not include changing the default administrator user credentials. For example, users assigned to the default LI administration group cannot enable or disable accounts, change passwords, or expiration dates for other users in the default LI administration and administration groups. provisioners—This group is privileged to configure OCSDM and save and apply the configuration with the exception of a LI configuration. monitors—This group is privileged to view configuration data and other types of data only. This group cannot configure OCSDM, and has the fewest privileges. Note: Upon installation of OCSDM, if R226 compliance is enabled, the Lawful Intercept and SIPREC features and their attributes are hidden from view and are not configurable.
   User status Administrative status drop-down list	Select either enabled or disabled as the user status.
   Expiration dates Account field	Uncheck the check box to change the user account expiration date. Click the calendar icon to open a calendar to choose the date after which the user account expires. Note: If the check box is checked (default) the user account never expires.
   Expiration dates Password field	Uncheck the check box to change the password expiration date. Click the calendar icon to open a calendar to choose the date after which the user password expires. Note: If the check box is checked (default) the password never expires.

4. Click Apply.

Reactivate a User

A user can be denied access to OCSDM if the user is disabled, expired, the user password expired, or the user logs in more times (due to failed log in attempts) than is allowed by the maximum login fail attempts value.

You can reactivate a user by editing the user profile to reset the status of the user to enable, then reset the expiration in days for the account and password parameters. You can also delete the expired user and recreate the user.

The following table lists the possible causes for user deactivation and how to reactivate the user.

Cause	Action
User expired	Reset the calendar to a new date.
Password expired	Reset the password calendar to a new date.
Password deactivated	Reactivate the user account by: Changing the user password if all expiration dates are still valid. Extending the account expiration date. Extend the password expiration date.
User disabled	Reset the user to enabled.

Delete a User

1. Expand the Security Manager slider and select User management, Users.
2. In the Users pane, select a user and click Delete.
3. In the Delete dialog box, click Yes.
4. In the success dialog box, click OK.
   The user name is removed from the Users table.

Reset a User Password

Pre-requisites: You must have the proper permissions to reset passwords.

1. Expand the Security Manager slider and select User management, Users.
2. In the Users pane, click a user from the table and click Reset Password.
3. In the Reset password dialog box, enter a new password for the user in the field provided.
4. The dialog box indicates if you entered the new password successfully. Click OK.

Change a User Password

If you have administrative operations permission, you can change the password of a user.

1. Expand the Security Manager slider and select User Management, Users.
2. In the Users pane, click a user from the table and click Change Password.
3. In the Change password dialog box, complete the following fields:

   Enter your password field	Enter the password of the logged in user.
   Enter new password for user field	The new password for the user.
   Confirm new password for user field	The new password is entered again to confirm it.

4. Click OK.

Change User Password Rules

Use this task to change the password rules that specify the length of the password, how many times it can be reused, and whether specific characters, such as a numeric value, can be used.

1. Expand the Security Manager slider and select User management, Password rules.
2. In the password rules pane, complete the following fields:

   Maximum login fail attempts For administrator users and For non-administrator users fields	The value that indicates the maximum login attempts allowed before the user is locked out of the system. You can set a different value for both administrator users and non-administrator users. The default value is 5 attempts.
   Account lockout duration For administrator users (minutes) field	Enter the number of minutes that an administrator user is locked out after the maximum login fail attempts For administrator users value has been reached. The default is 15 minutes. Note: This parameter applies to Administrator users only. Non-administrator users remain locked out until their login is reset.
   Password reuse count For all users field	The value that indicates the number of counts to use to prevent the reuse of a password. The reuse count restricts the user from reusing the password entered in the last number of counts. For example, if you enter 2 here the user cannot reuse the same password used on the previous two occasions. You can change the password for this user by using the guidelines below.
   Password length for administrator users Minimum length and Maximum length fields	The values for the minimum (no less than six characters) and maximum (up to 16 characters) length of a password for a user who has administrator privileges.
   Password length for non-administrator users Minimum length and Maximum length fields	The values for the minimum (no less than six characters) and maximum (up to 16 characters) length of a password for a user who does not have administrator privileges.
   Password contains at least one of the following	Check the checkbox for each of the following rules that you want to enforce: Numeric character—Use at least one numeric character from 0 to 9 in the password. Alphabetic character—Use at least one alphabetic character from the English language alphabet in the password. Special character—You can include the following: {, |, }, ~, [, \, ], ^, _, ‘, :, ;, <, =, >, ?, !, “, #, $, %, &, `, (, ), *, +, ,, -, ., and /

3. Click Apply.

Notify When to Change the User Password

You can configure when the user is notified to change their password before it expires.

When the user logs into OCSDM, the system checks user credentials and the password expiry time for the user. If the password is due to expire, a warning is displayed that prompts the user to change their password.

1. Expand the Security Manager slider and select User management, Password notification.
2. In the Password expiration notification panel, enter a value in the Days prior to password expiration field.
3. Click Apply.