Authentication Options and Adding User Accounts

Learn about user authentication options and how to add and configure user accounts and permissions in Oracle Communications Unified Assurance.

About Configuring Users, Permissions, Authentication, and Security

Use the AAA configuration interfaces to create and edit users, set up user permissions, configure authentication, and manage security.

To configure access to Unified Assurance:

1. Configure the authentication types you want to use.
2. Create roles to define permissions.
3. Create user groups and assign roles to them.
4. Create users and add them to groups. The users are automatically granted permissions based on the role assigned to their group.

Unified Assurance includes default users, roles, and groups that you can clone or edit for your organization's needs. Before you begin, define the initial user groups that you will need, and identify what each group should be able to access within Unified Assurance.

About Authentication Types

You can configure Unified Assurance to use the following user authentication methods using the Authentication Types configuration interface:

• Internal: Used for backup accounts and environments without external authentication. This is active by default.

• Active Directory - Used for Microsoft Active Directory integration.

• LDAP - Used for OpenLDAP integration.

• SAML - Used for SAML integration.

Information Required for Using External Authentication Types

If you are using external authentication, gather the following information before setup:

• Active Directory:

  • The primary and secondary server IP addresses or DNS names

  • The domain suffix

  • The CA certificate, if you are using a secure connection

• LDAP:

  • The primary and secondary server IP addresses or DNS names

  • The distinguished name

  • The CA certificate, if you are using a secure connection

  • Optionally, the LDAP port

• SAML:

  • The SAML IDP Entity ID link

  • The Single SignOn service link

  • The Single Logout service link

  • The IDP certificate data

  • The NameID format

• Gather user account names. The user names you create in Unified Assurance must match those used in the external authentication source.

About Roles

You use roles to control the permissions for user groups in the Roles interface.

You can customize permissions for a user group for each individual user interface in Unified Assurance. For example, a user may have full create, read, update, and delete access to every events interface, read-only access to the dashboard interface, and be denied access to the Broker Scheduled Jobs and Services interfaces.

To see or edit permissions granted by roles:

1. Navigate to the Roles UI and select a role.

   Configuration -> AAA -> Roles

   The Role(Edit) form opens to the right of the grid.

2. In the form, under Permissions, review the permissions selected for the role. You can toggle between selected and available permissions.

3. Deselect or select permissions as needed.

4. Click Submit to save any changes.

About User Groups

You use groups to organize users in the User Groups interface. A user group lets you control permissions for multiple users with a single administration element. You can assign different permissions to different groups based on their role in the system, their specific customer devices, or their default dashboard view.

To see or edit user groups:

1. Navigate to the User Groups UI and select a user group.

   Configuration -> AAA -> User Groups

   The User Group (edit) form appears to the right of the grid.

2. In the Properties section, configure which elements the group members have access to, such as device groups, event filter groups, and dashboard groups.

3. In the Preferences section, configure the group preferences, such as the default navigation interface to open when a user logs in, the refresh rate of the UI, and the default time zone for the group members.

   Use the lock icon to lock the preferences, which prevents users from changing their preferences when they log in.

4. In the Users section, toggle between available and selected users and click the Add, Add All, Remove, and Remove All buttons to add or remove users to or from the group.

5. Click Submit to save any changes.

About Unified Assurance Users

Unified Assurance has three default user accounts:

• Administrator: Full and write access to every element of Unified Assurance. The first time you log in, you must change the default password for this account.

• Operator: Read-only access

• API User: Full read and write access, other than the Delete permission, for most areas of the application to allow external applications to interact with Unified Assurance without logging in

You can select an existing user to edit its properties, and you can use the UI button bar to:

• Add a new user. Click the Add button to open a blank User (New) form to the right of the grid. Fill in the form and click Submit to add the new user to the system.

• Clone an existing user. Select a user and click the Clone button to create a cloned copy of the selected user. Make changes in the form and click Submit to add the cloned user to the system.

• Delete a user. Select a user and click the Delete button to remove the selected user from the system.

Changing the Default Administrator Password

To change the default administrator password:

1. Navigate to the Users UI, and select the Administrator user.

   Configuration -> AAA -> Users

   The User (Edit) form opens to the right of the grid.

2. In the password fields, enter your new administrator password and re-enter it to confirm.

3. Click Submit to save the changes.

Creating an Example Role, Group, and User

This procedure describes how to set up an example role, group, and user, and validate the settings and permissions based on the default Operator role, group, and user.

1. Log in to the Unified Assurance UI as the Administrator user.

2. Create the role:

   1. Navigate to the Roles UI.

      Configuration -> AAA -> Roles

   2. Select the Operator role and click the Clone button.

      The Role (New) form opens with the Operator role details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • Role Name: Example Role

      • Description: Example Role for demonstration purposes

      • In the Selected section, beside Jobs, select Create and Update.

   4. Click Submit to save the new role.

3. Create the user group:

   1. Navigate to the User Groups UI.

      Configuration -> AAA -> User Groups

   2. Select the Operators user group and click the Clone button.

      The User Group (New) form opens with the Operators user group details in the form fields.

   3. Change the following form fields to the following values, leaving the other fields as they are:

      • User Group Name: Example Group

      • Role: Example Role

   4. Click Submit to save the new user group.

4. Create the user:

   1. Navigate to the Users UI.

      Configuration -> AAA -> Users

   2. Click the Add button.

      The User (New) form opens.

   3. Fill out the following form fields in the form, leaving the other fields as they are:

      • Username: Example

      • Full Name: Example User

      • Password/Repeat Password: a password of your choice

      • User Group Name: Example Group

      • Status: Enabled

   4. Click Submit.

5. Validate the settings:

   1. Log out of the Unified Assurance UI, and log back in using the new Example user credentials.

   2. Notice that the Links navigation pane is open to the left by default, as specified in the Preferences section of the Example group.

   3. From the Configuration menu, select AAA, then select Roles.

   4. Notice that the Add, Clone and Delete buttons are missing, because the Example user has read-only access, as set in the Example role assigned to the Example group.

   5. From the Configuration menu, select Broker Control.

   6. Notice that the Licensing page is not visible, because the Example user has no permission to access it.

   7. From the Configuration menu, select Broker Control, then select Jobs.

      Configuration -> Broker Control -> Jobs

   8. Notice that the Add and Clone buttons are visible, because the Example user has read, write, and update permission for this page.

AAA Properties and Preferences

This section describes the properties and preferences that you can set in the AAA UIs to customize the user experience in Unified Assurance.

User Properties

User properties are additional settings applicable to the user.

User Group Properties	Description
Reset Question	Lets the user create a password reset question. Not currently used.

User Group Properties

User group properties let you customize viewing and multi-tenant restrictions for users within the user group. You can use these properties to set up different views in multi-tenant environments, so that users see only the devices or data pertinent to them.

If a setting is not set, users in the group will have an unrestricted view of the items in the particular section.

User Group Properties	Description
RestrictiveDashboardGroupID	Restricts dashboard navigation to only Adhoc dashboards and dashboards within the specified Dashboard Group and any subgroups.
RestrictiveDeviceGroupID	Restricts device navigation and device-related data viewing to only devices within the specified Device Group and any subgroups.
RestrictiveDiagramGroupID	Restricts diagram navigation to only those within the specified Diagram Group and any subgroups.
RestrictiveEventMenuID	Restricts context menu selection when configuring and using event list tools to only those in the specified Menu and any submenus.
RestrictiveFilterGroupID	Restricts event filter navigation to only private and those within the specified Filter Group and any subgroups.
RestrictiveLinkGroupID	Restricts link navigation to only links within the specified Link Group and any subgroups.
RestrictiveTopologyMenuID	Restricts context menu selection when configuring and using topology tools to only those in the specified Menu and any submenus.

Preferences

Preferences are a set of common settings between both user and their user group that control the user experience and how the Unified Assurance UI is used. Users inherit preference settings from their user group, but these defaults can be overridden on a per-user basis. Administrators can also lock preferences, which prevents users from overriding the preferences and creates a more unified environment for the users in that group.

The following are the preferences that you can set for users and user groups:

Preferences	Description	Default
DefaultDisplayID	Default display used when showing the event list	Default
DefaultLink	Link to use as the landing page after initial login	No default
DefaultLocale	Locale settings when displaying numbers, dates, etc	en_US
DefaultTheme	Theme directory containing CSS and icon resources	light
DefaultTimeZone	Time zone when displaying dates and times from database	CST6CDT
EventEditCreatesJournal	Create a Journal entry when an event is edited in the UI	No default
EventListPageSize	Default pagination setting for event lists	100
EventListRefreshRate	How often in seconds to refresh open event lists	60
MaxPageSize	Custom maximum selection for pagination	NA
MaxPauseTime	How long in seconds after the event list is paused for the pause button to begin flashing	300
Navigation	Open selected item in Classic (main page) or Modern (viewed next to tree)	No default
PageSize	Default pagination setting for grid views	1000
RefreshRate	How often in seconds to refresh open dashboards	60
ShowFilterBar	Show the filter bar	No default
UILoadTimeout	Custom timeout for page requests in seconds	No default

---

Title and Copyright Information

Security Guide

F88948-01

Copyright © 2024, Oracle and/or its affiliates.