Platform Help >> User Management >> Basic User Information Management >> Add/Modify Access User

Add/Modify Access User

This function helps you add or modify an access user. The access user configuration information is organized in four areas: Access Information, Access Service, Access Device Binding Information and Terminal Binding Information.

• Access Information configures the basic information like account name and password.
• Access Service configures the services used to access the network. You can configure one or more services for a user.
• Access Device Binding Information applies to user-device binding authentication only. This setting allows you to limit the device from which a user can log in. Ignore this setting if you do not want to limit the access device.
• Terminal Binding Information applies to user-terminal binding authentication only. This setting allows you to limit the IP/MAC addresses from which a user can log in.

Operation Procedure

There are two cases of adding an access user: adding an access user while adding a basic user, and creating an access account for a basic user not subscribing to any access service.

Add an access user while adding a basic user:

1. Select the User tab.
2. Click Add User to enter the Add User page.
3. With the Access Configuration check box selected, configure the access user information in the Access Configuration area, and then click OK.
Create an access account for a basic user:

1. Enter the Basic User Information page of a basic user not subscribing to any access service.
2. Click Add in the Access Configuration area to enter the Add Access User page.
3. Configure the access user information, and then click OK.
Modify access user information:

1. Enter the Basic User Information page of a user subscribed to an access service.
2. Click the Modify link to enter the Modify Access User page.
3. Modify the access user information, and then click OK.

Parameters

Access information

• Account Name: Uniquely identifies an account user, and is used to subscribe to and use services. The account name cannot be changed after the account is created, so this field is uneditable in the Modify Access User page.
  Note: An access user must type its login name for authentication when using a service to log in. The login name consists of account name, the "@" character and service suffix. For description of service suffix, refer to Service Configuration.
• Fast Access User: You can set a new user as an fast access user (this option is available only when there is no fast access user in the system). If you select Fast Access User, the account name is automatically set to anonymous, and the password configuration is unavailable.
• Computer User: When you add access users, you can select the Computer User option to add a computer user (this option is available only when no computer user exists in the system). The account name of the computer user is computer. Any computer that accesses the network can be authenticated by the Computer User function. A computer can access the network after passing the authentication. To distinguish between computers, the name of a computer is used as the login name.
• Password and Confirm Password: The password is used to authenticate the user logging in using the specified services. Be sure to type the same password in the Password and Confirm Password boxes.
• Allow User to Modify Password: Sets whether to allow the access user to change its password. If you deselect this option, Enable User Password Strategy and Modify Password at Next Login are grayed out.
• Enable User Password Strategy: An access user's password setting at the client or the user selfservice platform is subject to the password strategy, for example, the length of password and the necessary substrings. The operator can set passwords despite of the password strategy.
• Modify Password at Next Login: Requires that at next login the user must change its password to one that complies with the password strategy. This option disappears after the user changes its password.
• Start Time: Time on which the account becomes valid automatically. If no start time is set, the account after account opening valid immediately.
• End Time: The account expires after the specified time. By default, the account will not expire automatically.
• Max. Idle Time: The maximum consecutive period when the user do not perform any operation online. The user is kicked out when the time is due. This value is in the range of 1 to 600 minutes. It can be null, indicating unlimited.
• Max. Concurrent Logins: The maximum number of concurrent online users using this account. This value is an integer in the range of [1,255], and defaults to 1, indicating single user. It can be null, indicating unlimited.
• Login Message: Sets the user prompt upon successful authentication, such as Hello there. You can set as needed.

Access Service area shows the services available to the group of the current user. You can subscribe to multiple services with different suffixes for an account. If the IP address obtaining method specified in an access service is Static, you need to set the user IP address when subscribing to the service. For more information about service, refer to Service Configuration.

• Device IP: The device IP address with which the access user is bound. Then the user can pass the authentication by using this device. The device IP address is in dotted decimal notation, with each section being an integer in the range of [0,255].
• Port: The device port with which the access user is bound. Then the user can pass the authentication through this port. The port is in the range of [0,255].
• Device SN: Device serial number of the device the access user must connect for network access.
• VLAN ID: The VLAN to which the user access port belongs. After the binding, the user can pass the authentication only if the user access port belongs to the VLAN.
• Inner VLAN ID/Outer VLAN ID: The inner VLAN ID/outer VLAN ID of the user authentication packets. After the binding configuration, the user can pass the authentication only if the inner VLAN ID and outer VLAN ID of the user authentication packets are consistent with the bound inner VLAN ID and outer VLAN ID respectively.
• User SSID: This parameter is used for user SSID binding. Leave this parameter blank if you do not want to limit the user SSID.

• Computer Name: Name of the computer used by the user. You can set whether to bind the computer name in the service used by the user. The computer name can be learnt automatically. After the computer name is bound with the access user, the computer used by the user must be consistent with the bound one. If you use the bound computer name, you need to enable the policy server.
• Windows Domain: Domain that must be bound to the computer of the user to access the network. The binding requirements can be set for a service which contains the binding policy. If no requirements are set for such service, auto-learning is adopted. If the binding is set, the computer of the user must be bound to a Windows domain that has the same name with the Windows domain set for the access user. The policy server must be enabled to support this function.
• User IP Address/User MAC Address: To bind the user IP address, set the User IP Address parameter; to bind the user MAC address, set the User MAC Address parameter. To bind user IP address and MAC address pair, specify both the parameters.
• Bound IP/MAC: List of bound IP/MAC addresses.

Related Topics

• Details of Access User
• Cancel Account
• Move Users Between Groups
• Block/Unblock Users
• View Authentication Failure Logs
• View Access Details
• Query Security Log
• View Internet Access Audit Logs
• Kick Out
• Clear Online Information
• Send Message
• Send Password SMS Message Notifications
• Temporary Cancel/Undo TempCancel
• Approve Trial Accounts