Set Up Users

The procedures to set up a new user are described below.

Add a User and Assign a Role

All NetWitness users must have a local or external user account. You can add a new user to each type of user account, local and external. You can assign role to a local user.

The following considerations are important when managing local and external user accounts.

Local User Account External User Account
Managed within NetWitness. Managed externally and outside the scope of this document.
Roles assigned directly. Roles assigned by external group mapping.
Derives permissions from each role assigned to the user Derives permissions from each role mapped to the account's external user group, as explained in (Optional) Map User Roles to External Groups.
NetWitness manages all user information. NetWitness manages user identification only. This includes Username, Full Name and Email.

 

Each of the following procedures starts on the Users tab. To navigate to the Users tab, go to netwitness_adminicon_25x22.png (Admin) > Security. The Security view is displayed with the Users tab open.

Add a Local User

To add a local user account and assign a role to the user:

  1. In the Users tab, click netwitness_icon-add.png in the toolbar.

    The Add User dialog is displayed.

    netwitness_addusrdg_321x385.png

  2. Type the following account information for the new user:

    • Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user. This option is only displayed when there are AD or PAM configurations set up to allow for selecting that authentication type.

      Note: If there are no AD or PAM configurations, the authentication type is set to NetWitness automatically and there are no other options available.

    • Username for logging on to NetWitness
    • Email address
    • Password for logging on to NetWitness, in the Password and Confirm Password fields
    • Full Name of the new user
    • (Optional) Description of the user account
  3. To expire the user password the next time the user logs on, select Force password change on next login.

    This does not affect any active user sessions. The netwitness_icon_clock.png appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.

  4. To assign a role to the user, click netwitness_icon_add.png in the Roles tab.

    The Add Role selection dialog shows the list of available roles.

    netwitness_addroleselect_521x351.png

  5. Select each role to assign and click Add.

    The Add User dialog shows each role assigned to the user.

    netwitness_addusrdgex_334x401.png

  6. (Optional) To assign attributes to a user, go to Attributes and modify the appropriate values. These attributes are unique to the user and follow all the same rules for attributes within roles. For more information on attributes, see Query and Session Attributes.

    netwitness_adduserattributesex_380x416.png

  7. (Optional) Select a role and click netwitness_icon_showperms.png to Show all permissions for the role.
  8. Click Save.

    The Users tab shows the new user and each role assigned to the user. The account is active immediately.

    122_UsersTabExAdam_1122.png

Add a User for External Authentication

To add a user for external authentication:

  1. In the Users tab, click netwitness_add_icon.png in the toolbar.

    The Add User dialog is displayed.

  2. For Authentication Type, select either Active Directory or PAM. The dialog will update to show the required fields for the selected external authentication type.

    netwitness_addusrdgad_332x397.png netwitness_addusrdgpam_332x398.png

  3. Type the following information:

    • Domain (if select Active Directory authentication only): Select the Active Directory domain for the user from the drop-down list of available domains.
    • Username for logging on to NetWitness
    • Email address
    • Full Name of the new user
    • (Optional) Description of the user account
  4. In the Attributes section, type the following information.
    1. Core Query Timeout- most permissive (highest) value of all assigned roles is applied to the user.
    2. Core Session Threshold - query prefixes of each of the user roles are AND'd together.
    3. Core Query Prefix - highest value of all the assigned roles is applied to the user.
  5. Click Save. The Users tab shows the new user account, which still needs a role and permissions.
  6. To map a role to the new user, see (Optional) Map User Roles to External Groups.​

Change User Information or Roles

To change a user's account information or assigned roles:

  1. In the Users tab, select a user and click netwitness_icon_edit.png in the toolbar.

    The Edit User dialog is displayed.

  2. To edit user information, change any of the following fields:

    • Email
    • Full Name
    • Description
  3. To expire the internal user password the next time the user logs on, select Force password change on next login.

    This does not affect any active user sessions. The netwitness_icon_clock.png appears in the user row to show that the user password expired. After a password is expired, you cannot undo it. This checkbox is cleared the next time you edit the user account.

  4. In the Roles section:

    • To assign another role, click netwitness_icon_add.png , select a role and click Add.
    • To remove an assigned role, select the role and click netwitness_icon_delete.png.
  5. Click Save.

Delete a User

To delete a user:

  1. In the Users tab, select a user.
  2. In the toolbar, click netwitness_icon_delete.png.
  3. Click Save.

Note: To fully delete a user that is externally authenticated by Active Directory, you must also delete the user from the AD Group.

Reset a User Password

To reset a user password:

  1. In the Users tab, select a user.
  2. In the toolbar, click Reset Password.

    netwitness_resetusrpwd_354x199.png

    The Password Format Requirement section lists the specific requirements for the password. Administrators can adjust these requirements for all internal users in the password policy. See Configure Password Complexity.

  3. Choose whether to force a password change the next time the user logs in to NetWitness.
  4. Click Save.

Enable, Unlock, and Delete User Accounts

All users of NetWitness must either have a local user account with username and password or have an external user account. Within NetWitness, you can enable, disable, and delete local user accounts.

The first time an external user logs into NetWitness, a new user entry is automatically created with NetWitness. NetWitness manages only user identification information; for example, Full Name and Email.

You can unlock locked accounts for both local and external users.

Enable Disabled NetWitness User Accounts

To enable NetWitness user accounts that have been disabled:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Security.

    The Security view is displayed with the Users tab open.
    122_UsersTabEx_1122.png

  2. In the Users grid, select one or more accounts.
  3. Click netwitness_button_enable.png.
    A successful message displays for enabled accounts, and the users can log in to NetWitness.

Disable NetWitness User Accounts

You can block user access by disabling users. Disabling the user does not delete user preferences. This action blocks user access without deleting user preferences so that upon re-enabling users, user preferences are intact. You can re-enable users to restore user access. Disabling users applies only to Local users and not External Users.

To disable NetWitness user accounts:

  1. In the Users grid, select one or more accounts.
  2. Click netwitness_button_disable.png.
    A successful message displays for disabled accounts, and the users can no longer log in to NetWitness.

Unlock Locked NetWitness User Accounts

A user is locked out for a period of time after a number of failed consecutive login attempts. To unlock NetWitness user accounts that are locked due to excessive failed login attempts:

  1. In the Users grid, select one or more accounts.
  2. Click netwitness_button_unlock.png.
    A successful message displays for unlocked accounts, and the users can log in to NetWitness.

Delete NetWitness User Accounts

If not using External Authentication, a user can log on to NetWitness using a local account. These local accounts are directly managed using NetWitness. To revoke access to a local user, either disable the account or delete the account completely from the system.

Note: This deletes all user preferences for the account from NetWitness. If this is not the intention, disable the user instead of deleting the user.

To delete NetWitness user accounts:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Security.

    The Security view is displayed with the Users tab open.

  2. In the Users list, select one or more accounts.
  3. Click netwitness_ic-delete.png.

    A warning dialog requests confirmation.

  4. If you want to delete the accounts, click Yes.

    The accounts are removed from NetWitness, and the users can no longer log in to NetWitness.