• SonicOS and SonicOSX 7 Users
• Configuring Users Status
  • Logging Out Users
    • Logging Out a Single User
    • Logging Out Multiple Users
  • Displaying Inactive Users
  • Displaying Unauthenticated Users
  • Displaying the User Count
  • Refreshing the Users List
• Configuring User Settings
  • User Login Settings
    • Setting the Authentication Method for Login
    • Setting the Single-Sign-On Methods
    • Requiring User Names be Treated as Case-Sensitive
    • Preventing Users From Logging in from More than One Location
    • Forcing Users to Log In Immediately After Changing Their Passwords
    • Displaying User Login Information Since the Last Login
  • One-Time Password Settings
  • Configuring the User Web Login Settings
    • Setting the Timeout for the Authentication Page
    • Setting How the Browser is Redirected
    • Managing Redirections to the Login Page
    • Using a CHAP challenge to Authenticate Users
    • Redirecting Unauthenticated Users
    • Adding URLs to Authentication Bypass
  • User Session Settings
    • User Session Settings for SSO-Authenticated Users
    • User Session Settings for Web Login
  • Accounting
    • Configuring RADIUS Accounting
      • Sending RADIUS Accounting Information to Servers
      • Configuring User Accounting
      • Testing RADIUS Accounting
      • Editing RADIUS Servers
      • Deleting RADIUS Servers
    • Configuring TACACS+ Accounting
• Configuring Guest Services
  • Adding Guest Profiles
  • Editing Guest Profiles
  • Deleting Guest Profiles
• Configuring Guest Accounts
  • Adding Guest Accounts
  • Editing Guest Accounts
  • Deleting Guest Accounts
    • Deleting a Guest Account
    • Deleting Multiple Guest Accounts
    • Deleting All Guest Accounts
  • Managing Guest Status
    • Logging Out Guests
    • Logging Out All Guests
• Configuring Local Users and Groups
  • About Authentication and Passwords
    • Using Two-Factor Authentication
    • Enforcing First Login Password Change
  • Configuring Local Users
    • Quota Control for all Users
    • Viewing Local Users
    • Adding Local Users
      • Configuring Local Users Settings
      • Configuring Local Users Groups
      • Configuring Local Users VPN Access
      • Configuring Local Users User Quota
    • Editing Local Users
  • Configuring Local Groups
    • Adding Local Groups
      • Configuring Local Groups Settings
      • Configuring Local Group Settings Members
      • Configuring Local Group Settings VPN Access
      • Configuring Local Group Settings Administration
    • Editing Local Groups
• SonicWall Support
  • About This Document

Configuring Local Users Settings

You can add local users to the internal database on the network security appliance from the Users > Local Users & Groups page.

To create a user for an SSL VPN client, refer to SonicOS/X 7 SSL VPN.

To add local users to the database

1. Navigate to Users > Local Users & Groups.
2. Click the Add User icon. The User Settings page displays.
3. Select This represents a domain user if:
   • If This represents a domain user is checked then any group memberships, access rights, etc. that are set using this user object will apply for users who log in using the named domain account (authenticated via RADIUS or LDAP) or who are identified as that domain user by SSO. When it is checked you can then choose to have it apply for the named user account in a specific domain, or for a user with the given name in any domain.
   • If This represents a domain user is not checked, then it is a local account and anything that is set using it will apply only for users who log in using it, authenticated locally (a password must be set here for this case).
4. In the Name field, enter the name associated with the user.
5. In the Password and Confirm Password fields, enter the password assigned to the user.
6. Optional: select User must change password to force users to change their passwords the first time they login. This option is not selected by default.

7. From the One-time password method list, select the method to require SSL VPN users to submit a system-generated password for two-factor authentication:

   When a Local User does not have a one-time password enabled, while a group it belongs to does, ensure the user’s email address is configured, otherwise this user cannot login.

   To avoid another password change request for this user, this option applies only to the first login.

   • Disabled (default) – If User must change password is selected, a dialog to change it displays at the first login attempt.
   • OTP via Mail – Users receive a temporary password by email after they enter their user name and first password. After receiving the password-containing email, they can enter the second password to complete the login process.

   • TOTP – Users receive a temporary password by email after they input their user name and first password, but to use this feature, users must download a TOTP client app (such as Google Authentication, DUO, or Microsoft Authentication) on their mobile device.

     The unbind totp key displays.

8. In the E-mail Address field, enter the user’s email address so they can receive one-time passwords.
9. Optional: In the Comment field, enter any comments.
10. Click Save.