SonicOS 8 Users

Configuring Local Users Settings

You can add local users to the internal database on the network security appliance from the Device > Users > Local Users & Groups page.

To create a user for an SSL VPN client, refer to SonicOS 8 SSL VPN Administration Guide.

To add local users to the database

  1. Navigate to Device > Users > Local Users & Groups.
  2. Click the Add User.
  3. The User Settings select Settings tab.
  4. Select This represents a domain user if:
    • If This represents a domain user is enabled then any group memberships, access rights, etc. that are set using this user object will apply for users who log in using the named domain account (authenticated via RADIUS or LDAP) or who are identified as that domain user by SSO. When it is checked you can then choose to have it apply for the named user account in a specific domain, or for a user with the given name in any domain.
    • If This represents a domain user is not checked, then it is a local account and anything that is set using it will apply only for users who log in using it, authenticated locally (a password must be set here for this case).
  5. In the Name field, enter the name associated with the user.
  6. In the Password and Confirm Password fields, enter the password assigned to the user.
  7. Optional: select User must change password to force users to change their passwords the first time they login. This option is not selected by default.
  8. From the One-time password method list, select the method to require SSL VPN users to submit a system-generated password for two-factor authentication:

    When a Local User does not have a one-time password enabled, while a group it belongs to does, ensure the user’s email address is configured, otherwise this user cannot login.

    To avoid another password change request for this user, this option applies only to the first login.

    • Disabled (default) – If User must change password is selected, a dialog to change it displays at the first login attempt.
    • OTP via Mail – Users receive a temporary password by email after they enter their user name and first password. After receiving the password-containing email, they can enter the second password to complete the login process.
    • TOTP – Users receive a temporary password by email after they input their user name and first password, but to use this feature, users must download a TOTP client app (such as Google Authentication, DUO, or Microsoft Authentication) on their mobile device.

      The unbind totp key displays.

  9. In the E-mail Address field, enter the user’s email address so they can receive one-time passwords.
  10. In Account Lifetime, select Never expires to make the account permanently. Or select Minutes, Hours, or Days to specify a lifetime after which the user account will either be deleted or disabled.

  11. Optional: In the Comment field, enter any comments.
  12. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden