Manage users and roles in AFA

Relevant for: AFA Administrators

This topic describes how to manage AFA users and roles in the AFA Administration area.

Note: If you have an authentication server or SSO configured, user credentials must be managed on your external server. If your user roles are assigned based on LDAP group membership, roles must be managed on the LDAP server. In these cases, any changes made directly in AFA are overwritten the next time the user logs in. For more details, see Configure user authentication.

Tip: AFA users and roles provide the basis for authentication across both AFA and FireFlow. If you are an AFA administrator, but not a FireFlow administrator, you can also access FireFlow role and user management via the AFA Administration area. For more details, see Manage FireFlow users and roles.

Add or edit users

This procedure describes how to add and edit AFA users directly in the AFA database.

Tip: Alternately, manage users via an authentication server or SSO, or import users via a CSV file. For details, see Configure user authentication or Import users via CSV.

Do the following:

  1. Click your username at the top-right to access the AFA Administration area.

  2. Click the USERS/ROLES tab to display the user and role tables. For example:

  3. To add a new user, click the New button below the user table. To edit an existing user, click the edit button at the right side of the row you want to edit.

    In the user form that appears, select and enter values as needed:

  1. Click OK to save your changes.

Default landing pages per role

ASMS is configured with specific landing pages per user or role. Change this default to display a different page as needed.

  • Landing pages configured for specific users override any configuration for a user's role.

  • Users with multiple roles, with different landing pages for each role, will see the landing page with the highest priority.

    Landing pages are prioritized for FireFlow first, and then AFA.

If no landing page is defined for the user, or any of the user's roles, landing pages are defined as follows:

Permissions Landing page
Administrators

AlgoSec Firewall Analyzer

AFA Users

First FireFlow, if licensed and activated, and then AFA.

Back to top

Add and edit user roles

This procedure describes how to add and edit user roles.

Tip: If you have an LDAP server configured, associate AFA user roles with specific LDAP user groups to have each user in the group automatically inherit the AFA role.

Do the following:

  1. Click your username at the top-right to access the AFA Administration area.

  2. Click the USERS/ROLES tab to display the user and role tables. For example:

  3. To add a new role, click the New button under the role table. To edit an existing role, click the edit button in the row for the role you want to edit.

    In the user form that appears, select and enter values as needed:

  4. Click OK to save your changes.

Back to top

Delete AFA users or roles

This procedure describes how to delete users from the local AFA database, or delete user roles.

Tip: Alternately, manage users via an authentication server or SSO. For details, see Configure user authentication.

Do the following:

  1. Click your username at the top-right to access the AFA Administration area.

  2. Click the USERS/ROLES tab to display the user and role tables. For example:

  3. Select the check box next to the user or role you want to delete, and click Delete.
  4. In the confirmation message that appears, click OK.

The selected user or role is deleted from AFA.

Back to top

ASMS username and password requirements

ASMS user names can contain any alpha-numeric character and the following special characters:

  • @ (at symbol)
  • _ (underscore)
  • . (period)
  • - (hyphen)
  • / (forward-slashes)

ASMS passwords can contain any alpha-numeric character or any special character, except for back-ticks (`)

Use the following regular expressions to confirm that your usernames and passwords meet ASMS requirements:

Value Regular Expression

Username or username with LDAP domain

^[a-zA-Z0-9@_.-\/]*$

Password

^[a-zA-Z0-9\x20-\x5F\x7B-\x7E]*$

Back to top