Adding and Configuring Users
About the page
After installing Access Server, set up your authentication, network settings, and groups and users.
With the clean interface of the Admin Web UI, you can:
- Create users and groups.
- Assign authentication methods.
- Add or remove credentials.
- Configure rights for sub-networks.
- Manage privileges.
This guide steps you through the process of adding and configuring users through the Admin Web UI.
Configuring User Authentication
We recommend you configure your server's method of authentication before adding users. Access Server supports five different protocols:
If you use local or PAM, then you can simply continue through this guide. However, if you decide to use RADIUS, LDAP, or SAML, ensure you configure these authentication systems before creating users. Refer to the Admin Web UI manual pages for RADIUS, LDAP, or SAML for detailed information. If you wish to configure these settings via the command line, refer to the Authentication options and command-line configuration guide.
Configuring VPN Network Settings
We recommend you configure network settings before adding users. Refer to Configuration: Network Settings, Configuration: VPN Settings, and Configuration: Advanced VPN. If you are unsure of some of the networking concepts, or you simply need to review them, refer to Some basic networking concepts simplified article.
Add/Edit Users and Admins
The following steps explain how to add users and change their credentials. It is a brief overview to get you started. For more details, please read the User Management sections in Access Server Admin Web UI manual.
After logging in, you will start on the landing page or
Status Overview. Navigate to the User Permissions page:
- Click User Management located in the blue side bar.
- Click User Permissions.
To add a new user, go to the last row in the table of users and click in the New Username text box:
- Enter desired username for the new account.
Configure the settings for the new user using the check boxes.
- Click the Admin checkbox to promote the user to an Admin.
- Click Allow Auto-login to allow the user profile to always attempt to maintain a connection to Access Server.
- Click the Deny Access checkbox to prevent the user profile from gaining access to the server.
- Click the Delete checkbox to remove the user profile from Access Server.
To add a password for the user profile:
Edit User IP Addressing and Access Control
The following steps explain how to add users and change their credentials. It is a brief overview to get you started. For more details, refer to the User Management sections in the Access Server Admin Web UI manual.
Add a user:
- Sign in to the Admin Web UI.
- Click User Management > User Permissions.
- Enter a desired username for the new account in the New Username field.
- Configure the settings for the new user using the checkboxes:
- Click Admin to promote the user to an admin.
- Click Allow Auto-login to allow the user profile to attempt to maintain a consistent connection to Access Server.
- Click Deny Access to prevent the user profile from gaining access to the server.
- Click Delete to remove the user profile from Access Server.
- Configure a user authentication method:
- You can leave the authentication as the default method or choose a different authentication method by selecting the radio button. If the option is disabled, you must first configure the authentication method before it’s available for users.
- Add a password for the user profile:
- Click on More Settings.
- Enter the new password in the Password field.
- Configure additional settings (optional) as described below.
- Click Save and Update Running Server.
Edit User IP Addressing and Access Control
You can create more granular user access control once you've set them up with an account. The Admin Web UI makes granting or limiting access to specific networks easy. Here are some examples.
- Assign dynamic or static IP addresses for users or groups. When you assign a Static IP Address for a user, ensure it is within the network defined in Configuration: VPN Settings:
- Limit a user to one-directional traffic (NAT) or allow traffic from both the server and client (routing) by selecting NAT or routing. Click here for more information about the differences between NAT and routing.
- Limit a user to specific networks by inputting the network in Allow Access To these Networks. The user can only access these sub-networks:
- Configure the user as a VPN gateway client and define the specific subnets for which the client serves as a gateway. Ensure you enable the setting Should clients be allowed to access network services on the VPN gateway IP address? found in the Routing section of Configuration: VPN Settings. The image below shows an example of a user client defined as a Gateway client for a specific subnet:
For more information about configuring a VPN Gateway, please read How to configure a host as a gateway for client-side subnets.
- Permit traffic from the server to the client with the DMZ settings. Ensure you specify the IP address, port, and service. The image below shows how an Access Server node with the IP address of 192.168.102.111 can send traffic to the user client using the TCP protocol on port 80:
Concurrent Users and Licenses
Access Server allows up to two concurrent users to connect to the server without requiring licenses. We provide free connections to thoroughly test Access Server for your specific needs and network. If you need more than two concurrent connections, purchase a license here. For information, refer to Purchasing and activating a license key guide.
You can easily add and edit users with the Admin Web UI. You can also grant access and privileges to networks.