✨ New: Try our AI‑powered Search (Ctrl + K) — Read more

Manage User Accounts

  • Published on Oct 22, 2025
  • 5 minute(s) read
Prev Next

The Users table, with other management options shown in tabs at the top.

The Users table, with other management options shown in tabs at the top.

User accounts are viewed and managed from the Users page. There, a table shows all registered users, along with their account information and status. This includes an indicator for SSO/LDAP-based accounts, days remaining for temporary accounts, and days of inactivity for limited accounts. On the right side of the table, there is a dropdown for each row to perform actions on the selected user.

Action Description
Block User Prevents the user from logging in, and disables their API token, if present. This is reversible.
Unblock User Available if the user is blocked. Unblocks the user, allowing them to log in and enables their API token, if present.
Generate API Token Creates an API token for the user. NOTE: This will invalidate the previously generated token for this user.
Change Role Change the user’s role to the role selected from the menu.
Disable User Permanently prevents the user from logging in or using their API token. This cannot be reversed except by Cisco support. Disabled users can still be deleted.
Delete User Removes the user from the system. NOTE: When using SSO configurations, users within your company directory may still be able to log in if they are still configured with system access via your directory. If you wish to prevent these users from accessing the system without changing your directory, it is recommended that you block or disable them instead.

Note that the only actions available for your currently logged in account are Generate API Token and Reauthorize API Token.

Create Users

The form for creating new users.

The form for creating new users.

From the Users page, navigate to the Create User tab. This will display a form to insert user information required to create an account. All fields in the form are required except the Temporary Account Expiration Days and Inactive Account Expiration Days fields. Note that the management system will not send email validation messages. Additionally, the password entered here is only temporary for the new account. For security purposes, the user will be prompted to change their password the first time they log in.

Reset Passwords

The form for admins to change another user’s password.

The form for admins to change another user’s password.

Admin users can reset passwords for other users from the Change Passwords tab on the Users page. After selecting the user, you must enter your own password for verification and the new password for the selected user.

Single Sign-On (SSO) Configuration

LDAP connection table, expanded to show details.

LDAP connection table, expanded to show details.

SSO configurations are viewed and set via the LDAP Settings page. From the Configured Connections table, pressing the + button on an entry will expand the row and show additional details about the connection. Note that sensitive fields, such as passwords and security certificates, are not displayed.

Form to add a new LDAP connection.

Form to add a new LDAP connection.

Located underneath the table is the form for creating new LDAP connections. The following fields are required for creating a new connection.

  • LDAP Server URL: URL including the protocol (LDAP or LDAPS) and port number for accessing the LDAP server. Note that the IP address/hostname must be accessible from the management system server.

  • Security Type: Options are:

    • None
    • SSL
    • TLS
    • StartTLS

    Note that SSL and TLS are for secured ports, whereas StartTLS is for securing connections to unsecured ports. Any secured options will require entering the server’s public key certificate in the additional text box that appears. These certificates typically have BEGIN CERTIFICATE on the starting line and END CERTIFICATE on the final line.

  • Authentication Type: Options are:

    • None
    • Simple

    None is for connections that do not require authentication to bind to the server and search the necessary directories. Simple authentication requires a principal and credentials, which are typically the username (distinguished name) and password for a read‑only user on the server. If Simple authentication is selected, additional input boxes will appear for these fields.

  • User Search Path: The base search directory for users in the LDAP server.

  • Username Attribute: The attribute from user entities to be used as usernames for logging in to the management system.

  • Role Groups Search Path: The base search directory for the role groups. This must contain the entries for the Admin and Statsviewer groups.

  • Role Groups ID Attribute: Identification attribute for role groups. The value for this attribute will be the Admin Group ID and Statsviewer Group ID for the admin and statsviewer groups respectively.

  • Role Member Attribute: Member attribute name for role groups.

  • Admin Group ID: Identifier for the role group containing admin users for the management system.

  • Statsviewer Group ID: Identifier for the role group containing statsviewer users for the
    management system.

SSO Configuration Example

For an LDAP server at ldap://192.168.10.100:11389 with the following example structure:

Example of an LDAP directory.

Example of an LDAP directory.

And the following role group structure:

Example of an LDAP group

Example of an LDAP group

This is how the connection form would be filled:

Example how an LDAP connection would be configured, given the example structures above.

Example how an LDAP connection would be configured, given the example structures above.

Managing SSO Users

Users registered through connected LDAP directories have an indicator in the Users table.

Users registered through connected LDAP directories have an indicator in the Users table.

LDAP‑based users are registered in the management system after the first time they have logged in and are indicated in the users table by a checkmark in the LDAP column. Personal information such as email address and first/last name are not populated, but they can be added by the individual users if desired from their Profile page (accessible from the user icon in the top right of the management system). These users cannot have their role or password changed, as this is configured in the LDAP server. Deleting a user removes their registered account but does not prevent them from logging in again and re‑registering if they are still in the company directory. They can instead be blocked or disabled to prevent them from logging in to the management system.

© 2026 Cisco and/or its affiliates. All rights reserved.

For more information about trademarks, please visit: Cisco trademarks 
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit:  Accedian legal terms and trademarks


© 2026 Cisco Privacy Statement Cookies Legal