- Print
- PDF
Access to the Skylight orchestrator web user interface and web services is controlled by means of user accounts and user roles. System administrators manage user accounts and must assign a user role to each account. Each role has a predefined set of permissions.
Skylight orchestrator users can be authenticated by a RADIUS system. To learn how RADIUS authentication can be used with Skylight orchestrator, see "Configuring User Authentication".
Viewing User Accounts
Administrators can view and manage web user accounts in the Admin ▶ Users page. This page displays a list of all users with access to the Skylight orchestrator web interface.
Users page
Note: Skylight orchestrator includes a default user (called admin) with ADMIN permissions. For more information about the default admin user, see "About the Default Admin User".
The following table explains the information displayed for each account in the Users page.
User Account Information (Admin ▶ Users)
Parameter | Description |
---|---|
Name | User name associated with the account. |
Type | User roles assigned to the user account. Each user role has a predefined set of permissions. These roles are called "Local roles" because they are defined in Skylight orchestrator. A Skylight orchestrator user can have multiple roles. For example, this is necessary for a user that will use the REST API. These are the user roles available for local Skylight orchestrator accounts:
|
Lock state | Indicates whether or not the user is currently locked out of Skylight orchestrator. Possible values:
You can unlock a user by double-clicking the user in the list and checking the Unlock user box in the User configuration dialog. For more information about password policy and user lockout,see "Editing Security Settings Related to User Accounts". |
User Type | Indicates the authentication system in which the user account is defined. Possible values:
|
Last login | Indicates the authentication method, Role and IP address that was used the last time the user logged in successfully. |
Last login time | Timestamp of the user's last successful login. |
Adding and Editing User Accounts
System administrators (user accounts with ROLE_ADMIN) can add and edit user accounts for Skylight orchestrator.
To set up a user account
Select Admin ▶ Users to view the list of all user accounts for Skylight orchestrator.
Click the button (above the list) to add an account or double-click an existing account to edit it.
The User configuration dialog is displayed.Complete or update the user settings as required.
Click Apply.
For more information on specific parameters, see the following table.
User Configuration dialog (Admin ▶ Users)
Parameter | Description |
---|---|
Username | Name of the user account. |
New password | The user password. Passwords can be up to 64 characters long. For information about password policies, see: "Editing Security Settings Related to User Accounts"; "About Password Policies". |
Confirm password | Confirmation of the user password. |
Change password at next login | Check this box to force users to change their password the next time they log in to Skylight orchestrator. |
Unlock user | Check this box to unlock the user if they were locked out because of a password policy issue. For more information about password policy, see "Editing Security Settings Related to User Accounts". |
Role | The role assigned to this user. The following user roles are available:
|
Manager Role | Note: Not supported in this release. |
User type | Indicates the type of authentication used to verify a user's credentials when they attempt to log in to the Skylight orchestrator web interface. The possible values are:
|
Resetting a User Password
System administrators (user accounts with ROLE_ADMIN) can reset the password for a user account.
To reset a user password
- Select Admin ▶ Users to view the list of all user accounts defined on Skylight orchestrator.
- Double-click the account whose password you want to reset.
The User configuration dialog for the selected user is displayed. - Enter the new password in the Password and Confirm Password fields.
- To force the user to enter a new password the next time they log in, check the Change password at next login checkbox.
- Click Apply. The new password is effective immediately.
Deleting a User Account
System administrators (user accounts with ROLE_ADMIN) can delete user accounts for the Skylight orchestrator web interface.
To delete a user account
- Select Admin ▶ Users to view the list of all user accounts defined on Skylight orchestrator.
- Select the user account that you want to delete.
- Click the button (above the list) to remove the account.
- Click Ok in the confirmation dialog to delete the account permanently.
Editing Security Settings Related to User Accounts
System administrators (user accounts with ROLE_ADMIN) can configure these security features related to user accounts:
- Password policy
- User session timeout
- User lockout after failed login attempts.
To edit the security settings
Select Admin ▶ Users to view the list of all user accounts defined on Skylight orchestrator.
Select the icon (above the list) to open the Security settings dialog.
Change the settings as required. For more information about the settings, see the table below this procedure.
Click Apply to confirm your settings, then click Close.
Users - Security settings dialog (Admin ▶ Users)
Password policy settings
Setting | Description |
---|---|
Maximum changes per day | The number of times a user can change their password in one 24-hour period. Possible values: 1, 2, 3 |
Password minimum length | The password must contain this number of characters or more. Possible values: 4, 5, 6, 7, 8 |
Upper and lower case | The password must include at least one upper case character and one lower case character. |
Digit required | The password must contain at least one character that is a digit. |
Leading digit | The first character in the password must be a number. |
Special characters | The password must contain at least one of the following special characters: ! " # $ % & ' ( ) * + , - . / { |
Require 3 out of 4 types | If you check this checkbox, the password that the user enters will have to pass three of the four character policies in order to be accepted:
If you check this box, the checkboxes for the four character policies will become unavailable and any checkboxes that are checked will be ignored. Uncheck this box if you want to choose among the four character policies by checking and unchecking the checkboxes |
Password expiration interval | The number of days after which a password expires. When a password expires, the user will be required to enter a new one the next time they attempt to log in. |
Session settings
Setting | Description |
---|---|
Session timeout interval (min) | The timeout for a user logged in to the Skylight orchestrator web interface. If the user does not interact with the system via the web interface for this amount of time, the user will be automatically logged out and prompted to log in again. The new timeout interval only affects sessions that start after the change is applied. Sessions that started before the change will time out after the old interval. |
Webservice session timeout interval (min) | The timeout for a user logged in to the Skylight orchestrator REST API. If the web user client does not interact with the system via the API for this amount of time, it will be automatically logged out. The new timeout interval only affects sessions that start after the change is applied. Sessions that started before the change will time out after the old interval. |
User lockout
Setting | Description |
---|---|
Enable user lockout | Check this box to lock a user out of the system after a number of failed attempts to log in. Here are some points to note about user lockout:
|
Lock after (*) attempts | Set the number of failed attempts after which a user will be locked out. The default is 3 attempts. |
Permanent | Check this box to lock out the user permanently (indefinitely). Even if a user is locked out permanently, an administrator can unlock their account, as explained in "Unlocking a User Account". To lock the user out temporarily, leave this box unchecked and enter the lockout time in the Lock for field. |
Look for | The number of hours that the user will be locked out. The default is 1 hour. |
Unlocking a User Account
An administrator can unlock other non-admin users who have been locked out.
To unlock a user account
- Select Admin ▶ Users to view the list of all user accounts defined on Skylight orchestrator.
- Double-click the user in the list.
The User configuration dialog for the selected user is displayed. - Check the Unlock user checkbox.
- Click the Apply button.
The user can try logging in again immediately. - Click the Close button to close the dialog.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks