You can view a list of all local and remote user accounts that have logged into Citrix SD-WAN Center virtual machine at least once. Remote user accounts are authenticated through RADIUS or TACACS+ authentication servers. You can also add a new local user account to Citrix SD-WAN Center.
If a user-account is available on a remote authentication server but is never used to log on to Citrix SD-WAN Center, it is not displayed in the Users list.
To view user accounts in the SD-WAN Center web interface, navigate to Administration > User/Authentication Settings.
A list of user accounts appears in the Users section.
The following information is displayed:
- Name: The user name.
Type: The type of user account, it can be one of the following:
- Local: User accounts created and managed locally using the SD-WAN Center interface.
- RADIUS: Remote user accounts authenticated by the RADIUS server.
- TACACS+: Remote user accounts authenticated by the TACACS+ server.
Level: The following are three levels of account privilege:
- Admin: Admin account has administrative privileges. It has read-write access to all the sections.
- Guest: Guest account is a read-only account with access to Dashboard, Reporting, and Monitoring page.
Security Admin: A Security Administrator has the read-write access only for the Firewall and security related settings in Config Editor, while having read-only access to the remaining sections.
The administrator can create and export the configuration and the security administrator can import the configuration and make the security related changes as required. Only a security administrator can change or modify the security feature configuration.
NOTE: Security administrator has the authority to disable the write access to firewall for other users (Admin/Guest).
A notification bar appears to all the users after the security administrator changes the firewall write permission for any specific user. This notification is shown per user and hence each logged in user must acknowledge the warning for it to removed.
Network Admin: A Network Administrator doesn’t have access for the Firewall. The Network administrator has only read-write access to the Network settings, while having read-only access to the remaining sections.
The hosted firewall node is not available for network administrator. In this case, the network administrator must import a new configuration. Both network and security related settings maintain by the super administrator (Admin).
The Network and Security administrator can only make changes to the configuration but it can be applied on network only by the Super administrator (Admin).
A super administrator (admin) has the following privileges:
- Can export the configuration to the change management inbox to perform a configuration and software update to the network.
- Can also toggle the Read and Write access of the Network and Security Admins.
- Created: For local user accounts, the date the user account was created. For a remote user account, the date of the first login session.
- Modified: For local user accounts, the date the password was last changed. For remote users, the date of the first login session.
- Last Login: The date the user last successfully logged in. A tooltip displays the IP Address of the device used to log in.
- Last Active: The date the last request was made to the server. A tooltip displays the IP Address of the device used to log in.
Manage: Click the gear icon to view a menu containing the following options:
- Set Password: Change Password for the local user account. The current root password is required to change the root password. You cannot change passwords of remote user accounts.
- Reset: Remove the workspaces and preferences for this user account.
- Delete: Delete the local user account, workspaces, and preferences from SD-WAN Center. You cannot delete remote and admin accounts.
- Two-factor Enabled: Enable two-factor authentication for the local and remote user account. For more information, see Two-factor Authentication.
- Write Access to Firewall: Shows the Write Access to Firewall is enabled or disabled.
To add a new local user account to the Citrix SD-WAN Center:
The user accounts created locally on Citrix SD-WAN Center do not have the privilege to edit and export the network configuration package to the MCN.
Click the add icon + next to Users. The Add Local User dialog box appears.
Enter values for the following parameters:
- User Name: The user name for the local user account.
- Level: The account privilege. A guest user account is a read-only account limited to viewing dashboard, reports, and statistics. The guest user account does not have the privilege to edit and export the network configuration package to the MCN.
- Password: The password for the user account.
- Confirm Password: Reenter the password for confirmation.
Select Enable Two-factor to enable two-factor authentication for the local user account.
The Enable Two-factor option appears only when the secondary authentication server is configured.
Configure a secondary authentication server, either RADIUS, or TACAS+ authentication. Ensure that the user account is configured on the secondary authentication server. For more information, see Secondary authentication.
Click Add. The new user account is created and the account information is added to the Users table.
Citrix SD-WAN Center can have up to 600 local users.