SonicOS/X 7 Users for TZ and NSv Series

Configuring Local Users and Groups > Configuring Local Users > Adding Local Users > Configuring Local Users Settings
Table of Contents

Configuring Local Users Settings

You can add local users to the internal database on the network security appliance from the Users > Local Users & Groups page.

To create a user for an SSL VPN client, refer to SonicOS/X 7 SSL VPN.

To add local users to the database

  1. Navigate to Users > Local Users & Groups.
  2. Click the Add User icon. The User Settings page displays.
  3. Select This represents a domain user if:
    • If This represents a domain user is checked then any group memberships, access rights, etc. that are set using this user object will apply for users who log in using the named domain account (authenticated via RADIUS or LDAP) or who are identified as that domain user by SSO. When it is checked you can then choose to have it apply for the named user account in a specific domain, or for a user with the given name in any domain.
    • If This represents a domain user is not checked, then it is a local account and anything that is set using it will apply only for users who log in using it, authenticated locally (a password must be set here for this case).
  4. In the Name field, enter the name associated with the user.
  5. In the Password and Confirm Password fields, enter the password assigned to the user.
  6. Optional: select User must change password to force users to change their passwords the first time they login. This option is not selected by default.

  7. From the One-time password method list, select the method to require SSL VPN users to submit a system-generated password for two-factor authentication:

    When a Local User does not have a one-time password enabled, while a group it belongs to does, ensure the user’s email address is configured, otherwise this user cannot login.

    To avoid another password change request for this user, this option applies only to the first login.

    • Disabled (default) – If User must change password is selected, a dialog to change it displays at the first login attempt.
    • OTP via Mail – Users receive a temporary password by email after they enter their user name and first password. After receiving the password-containing email, they can enter the second password to complete the login process.

    • TOTP – Users receive a temporary password by email after they input their user name and first password, but to use this feature, users must download a TOTP client app (such as Google Authentication, DUO, or Microsoft Authentication) on their mobile device.

      The unbind totp key displays.

  8. In the E-mail Address field, enter the user’s email address so they can receive one-time passwords.
  9. Optional: In the Comment field, enter any comments.
  10. Click Save.