Creating and Editing User Accounts

Download this manual as a PDF file

This section will show you how to create and edit user accounts in SL1, and will also show you examples of user accounts created in SL1.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Before Deployment

Before deployment, an administrator must determine:

  • Which team members require access to SL1.
  • What access levels to assign to each team member.
  • Which organization to place each team member in, so that each team member will have access to required device information.

After you have devised a plan, you can start adding user accounts to SL1.

Best Practices

When creating user accounts, ScienceLogic suggests you use the following best practices:

  • Limit the number of user accounts of type "administrator" to those who absolutely require full access to SL1.
  • Use care when assigning Access Keys to individual users and user policies. You should assign each user only the access that he/she requires to perform his/her job duties.
  • Use care when updating user policies that have already been used to create user accounts. Remember that each change is dynamically added to each member's user account.

  • Follow guidelines for creating a strong password, including:
  • Is at least eight characters long.
  • Does not contain your username, real name, or company name.
  • Cannot be found in a dictionary.
  • Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3) are not strong.
  • Contains a mixture of uppercase and lowercase letters, numerals, and non-alphanumeric characters.

Viewing a List of User Accounts

From the User Accounts page, you can view a list of all existing user accounts in SL1. From this page, you can also define new user accounts and edit existing user accounts.

To access the User Accounts page:

  1. Go to the User Accounts page (Registry > Accounts > User Accounts).
  2. For each account, the User Accounts page displays:
  • Username. The username used to log in to SL1.
  • User Display Name. The user's name as it appears throughout SL1 and in logs. This value is determined by the user's authentication resource settings.
  • Last Name, First Name. The user's last name and first name. The icon to the left of the column specifies the account type.
  • Account Type. The user's account type. Choices are User or Administrator.
  • User Policy. User policy associated with the user's account, if applicable.
  • Primary Organization. The organization that the user belongs to.
  • Email Address. The user's email address.

  • State. Can be one of the following:
  • Active. User can log in.

  • Suspended. User cannot log in.
  • Vacation. User can log in, but SL1 will not send any automated email notifications to the user's email address(es).
  • Auth Type. Specifies how the account is authenticated:
  • EM7. Account is authenticated through account-definition on SL1.
  • LDAP/AD. Account is authenticated through an external LDAP or AD server.
  • SSO. Account is authenticated through an external SSO provider.
  • User ID. Unique numeric ID assigned to each user by SL1.
  • Edited By. User who created or last edited the user account.
  • Last Edited. The date and time the account was created or last edited.

You can filter the items on this page by typing filter text or selecting filter options in one or more of the filters found above the columns on the page.

Manually Creating a New User Account

There are four ways to create a new user account in SL1:

  • Manually create the account and supply values in each field. This method is described in this section.
  • Manually create the account and align the account with a user policy (instead of supplying values in each field).
  • Automatically importing LDAP or Active Directory accounts into SL1. This is described in the Using LDAP or Active Directory section.
  • Automatically importing SSO accounts into SL1.

To manually create a new user account:

  1. Go to the User Accounts page (Registry > Accounts > User Accounts).
  2. In the User Accounts page, click the Create button. The page appears.
  3. In the page, enter values in each field:
  • First Name. User's first name. This value can be up to 24 characters in length.
  • Last Name. User's last name. This value can be up to 24 characters in length.
  • Generate name based on first and last name. If you select this checkbox, SL1 will generate a login name for the user. ScienceLogic recommends that you do not select this option.
  • Account Login Name. User's login name. This field can be up to 32 characters in length.
  • Primary Email. User's email address. This field can be up to 64 characters in length.
  • Password. The user's password. This value must meet the requirements specified for the value you select in the Password Strength field set in the Behavior Settings page (System > Settings > Behavior).
  • Confirm Password. The user's password again. This value must be identical to the value you specified in the Password field.
  • Password Strength. When defining or editing a user account, the administrator can define the required password strength. The user must then always use a password that meets or exceeds that specified password strength. SL1 will not allow the user to save changes to his or her password that do not meet the password strength requirement. Choices are: 
  • Good. Password must be at least eight characters long and contain at least one number or one symbol.
  • Strong. Password must be at least eight characters long and contain at least one number and at least one symbol.
  • Very Strong. Password must be at least 13 characters long, contain no repeated characters, and contain at least one number and at least one symbol. Recommended.
  • Password Expiration. Specifies whether or not the password for this account will expire and if so, when the password will expire. Choices are: 
  • Disabled. Password does not expire.
  • 30 Days. When the current password is 30 days old, during login the user will be prompted to change the password.
  • 60 Days. When the current password is 60 days old, during login the user will be prompted to change the password.
  • 90 Days. When the current password is 90 days old, during login the user will be prompted to change the password. Recommended.
  • 180 Days. When the current password is 180 days old, during login the user will be prompted to change the password.

If the password is set to expire, on the expiration date the user will be prompted to change the password at the Login page. The user will be required to enter his/her old password and then enter a new password twice. If the user incorrectly enters the previous password or enters an invalid new password, the user will not be allowed to log in to SL1.

The new password must meet the requirements of the Password Strength field and the Password Shadowing field. SL1 will prompt the user to meet these requirements and display a description of those requirements.

NOTE: The value in the Password Expiration field in this page (the Account Permissions page) overrides the value in the Behavior Settings page (System > Settings > Behavior).

  • Password Shadowing. Specifies requirements for password reuse. By default, when a user defines a new password, he/she cannot reuse any passwords that he/she has used in the last 12 months. The choices in this field are:
  • Default - cannot reuse passwords from past year
  • 1 - Cannot reuse last password
  • 2 - Cannot reuse last 2 passwords
  • 3 - Cannot reuse last 3 passwords
  • 4 - Cannot reuse last 4 passwords
  • 5 - Cannot reuse last 5 passwords
  • 6 - Cannot reuse last 6 passwords
  • 7 - Cannot reuse last 7 passwords
  • 8 - Cannot reuse last 8 passwords
  • 9 - Cannot reuse last 9 passwords
  • 10 - Cannot reuse last 10 passwords
  • Require Password Reset. If selected, the user will be prompted to change his or her password at the next login. When creating a new user account, this option is selected by default. After the user's first login, when he or she is prompted to change his or her password, this option is then unselected.
  • Multi-Factor Auth (MFA) User. If this user requires a different user name for Multi-factor authentication, enter the MFA user name in this field.

NOTE: For details on configuring multi-factor authentication, see the section on using multi-factor authentication.

  • Organization. The organization of which the new user account will be a member. Users can select from among all organizations in SL1.
  • Account Type. Specifies whether the user is a member of a user policy. Choices are:
    • Individual. User account is not a member of a user policy.
    • Policy Membership. User will be defined with a user policy. When selected, the Policy Membership field becomes active.
      • When a user policy is applied to a user's account, the user inherits the Key Privileges specified in the user policy. Administrators cannot add additional Key Privileges or delete Key Privileges from the user's account.
      • When a user policy is edited, each user account that is a member of that template will be dynamically updated.

The second drop-down list contains an entry for each standard account type. These account types affect the list of Key Privileges for the user. The choices are:

  • Administrator. By default, administrators are granted all permissions available in SL1. Administrators can access all tabs and pages and perform all actions and tasks.

  • User. Accounts of type "user" are assigned key privileges. Key privileges are customizable by the administrator and grant users access to pages and tabs and permit users to view information and perform tasks in SL1. These key privileges are defined by the SL1 system administrator from the Access Keys page (System > Manage > Access Keys).
  • Login State. Initial login state for the user account. The choices are:
  • Suspended. Account is not active. User cannot log in to SL1.
  • Active. Account is active. User can log in to SL1.
  • Vacation. Account is active and the user can log in to SL1, but SL1 does not send email messages to the user.
  • Authentication Method. Specifies how the user will be authenticated. The choices are:
  • EM7 Session. User's username and password are authenticated by the database.
  • LDAP/Active Directory. User's username and password are authenticated by an LDAP server or Active Directory server. For details on configuring SL1 to use LDAP or Active Directory authentication, see the section on Using LDAP or Active Directory.

NOTE: For users who are authenticated with Single Sign-On (SSO), SL1 ignores the Authentication Method field. For details on configuring SL1 to use SSO authentication, see the section on using Using Single Sign-On (SSO).

  • Restrict to IP. The user will be allowed to access SL1 only from the specified IP address. Specify the IP address in standard dotted-decimal notation.
  • Country. Select the appropriate country to associate with the user account.
  • Time Zone. Select the appropriate time zone to associate with the user account.

    • : By default, the Country field and Time Zone field will be set to the system-wide defaults defined in the Behavior Settings page (System > Settings > Behavior). You can override these values for the current user. Changing the default country or time zone for the current user will not affect the system-wide default settings.

    NOTE: If the user account is aligned with a user policy that specifies a time zone, the Time Zone field will be disabled. The user account will use the Time Zone specified in the user policy and the Time Zone field cannot be edited.

  • Autosync Time Zone With Local Settings. Specifies whether SL1 should always use the time zone specified in the Time Zone field or if SL1 should adopt the local time zone (when it differs from the value in the Time Zone field). This is helpful for users who travel and use SL1 "on the road". Choices are:
  • Yes. If the value in the Time Zone field differs from the local time zone, SL1 should use the local time zone.
  • No. SL1 will continue to use the time zone specified in the Time Zone field, even if the local time zone differs.
  • Policy Membership. If you selected Policy Membership in the Account Type field, the Policy Membership field is activated. In this field, you can select a user policy to apply to the new user account.
  • When a user policy is applied to a user's account, the user inherits the Key Privileges specified in the user policy. Administrators cannot add additional Key Privileges or delete Key Privileges from the user's account.
  • When a user policy is edited, each user account that is a member of that policy will be dynamically updated.
  1. Click the Save button to save the new user account.
  2. The Account Permissions page appears, with some of the fields already populated with values from the page.
  3. An additional set of tabs appears. These tabs are the Account Panel tools. These tabs are described in the section on Managing User Accounts.

Password Strength

When defining or editing a user account, the administrator can define the required password strength. The user must then always use a password that meets or exceeds that specified password strength.

To determine password strength, SL1 uses the following scoring system:

  • Too short = password is less than eight characters
  • Bad password = same password as username
  • Bad password = score less than 34
  • Good password = score greater than 34 and less than 68. Minimum requirements are that the password must be at least eight characters long and contain at least one number or one symbol.
  • Strong password = score greater than 68 and less than 100. Minimum requirements are that the password must be at least eight characters long and contain at least one number and at least one symbol.
  • Very Strong password = score equal to or greater than 100, where password length is greater than 13 characters. Minimum requirements are that the password must be at least 13 characters long, contain no repeated characters, and contain at least one number and at least one symbol.

To generate a score for a password, SL1 uses the following scoring parameters:

  • Base score for password length (password must contain at least eight characters) = password length * 4

  • If password contains at least three numbers = +5
  • If password contains at least two symbols = +5
  • If password contains both uppercase and lowercase letters = +10
  • If password contains a least one number and letters = +15
  • If password contains at least one number and at least one symbol = +15
  • If password contains letters and at least one symbol = +15
  • If password is only numbers = -10
  • If password is only letters = -10
  • One repeated character in password = (1 - password length ) (a negative value)
  • Two repeated characters in password = (2 - password length) (a negative value)
  • Three repeated characters in password = (3 - password length ) (a negative value)

Using LDAP or Active Directory for Authentication

If you have already created accounts for users in SL1, you can use Active Directory or LDAP to authenticate one or more of those users. Each time an Active Directory or LDAP user logs in to SL1 using his/her Active Directory or LDAP username and password, SL1 will use Active Directory or LDAP to authenticate that user.

For details on configuring SL1 to use LDAP or Active Directory authentication, see the section on using LDAP or Active Directory.

Importing Users from LDAP or Active Directory

If you have created Active Directory or LDAP accounts for users and do not want to manually create accounts again in SL1, you can configure SL1 to automatically create accounts for Active Directory users or LDAP users.

Each Active Directory or LDAP user logs in to SL1 using his or her Active Directory or LDAP username and password, and SL1 automatically creates an account for that user. Each subsequent time that user logs in to SL1, SL1 will use Active Directory or LDAP to authenticate that user.

For details on configuring SL1 to use LDAP or Active Directory authentication, see the section on using LDAP or Active Directory.

Using SSO for Authentication

If you have already created Single Sign-On (SSO) accounts for users, you can use SSO to authenticate one or more of those users. Each time an SSO user tries to access SL1, SL1 will use SSO (via SAML) to authenticate that user.

For details on configuring SL1 to use SSO authentication, see the section on using Using Single Sign-On (SSO).

Importing Users from SSO

If you have created Single Sign-On (SSO) accounts for users and do not want to manually create accounts again in SL1, you can configure SL1 to automatically create accounts for SSO users.

Each SSO user enters the URL to access SL1. SL1 automatically creates an account for that user. Each subsequent time that user logs in to SL1, SL1 will use SSO to authenticate that user.

For details on configuring SL1 to use SSO authentication, see the section on using Using Single Sign-On (SSO).

Editing an Existing User Account

The Account Properties page allows you to define contact information for a user or edit existing contact information for a user. From this page, you can also access the other tabs in the Account Administration panel.

To edit the contact information for a user account:

  1. Go to the User Accounts page (Registry > Accounts > User Accounts).
  2. In the User Accounts page, find the user account you want to edit. Click its business card icon ().
  3. The Account Properties page appears.
  4. In the Account Properties page, you can edit one or more contact fields. You can also click one of the additional tabs. After you save a new user account, an additional set of tabs appears. These tabs are the Account Panel tools. These tabs include the following:
  • Properties. Displays the Account Properties page, where you can define contact information for a user or edit existing contact information.
  • Permissions. Displays theAccount Permissions page, where you can define or edit the account name, password, account type, state, authentication method, ticket queue membership, and privilege keys.
  • Preferences. Displays the Account Preferences page, where you can customize some of the behavior and appearance of SL1. The customizations that you choose will appear each time the current user logs in to SL1. This will not affect how SL1 appears to other users.
  • Schedule. Displays the Account Scheduled page, where you can view a calendar for the user and enter one-time and recurring appointments, meetings, and vacation leave for the user.
  • Report. Generates an HTML report about the user account.
  1. Each of the tabs is described in the section on Managing User Accounts.
  2. Click the Save button to save your changes.

Deleting an Existing User Account

From the User Accounts page, you can delete one or more user accounts.

If you delete an existing user account that has any shared dashboards, those dashboards will also be deleted.

To do so:

  1. Go to the User Accounts page (Registry > Accounts > User Accounts).
  2. In the User Accounts page, find the account or accounts you want to delete. Select its checkbox ().

  1. In the Select Action drop-down field (in the lower right), choose DELETE Accounts.
  2. Click the Go button.
  3. The selected account(s) will be deleted from SL1.

Performing Administrative Tasks for One or More User Accounts

The User Accounts Manager page contains a drop-down field in the lower right called Select Action. This field allows you to apply an action to multiple user accounts at once. You can delete, change authentication, or change the default brand for multiple user accounts, simultaneously.

To apply an action to multiple user accounts:

  1. Go to the User Accounts page (Registry > Accounts > User Accounts).
  2. In the User Accounts page, select the checkbox for each user account you want to apply the action to. To select all checkboxes for all user accounts, select the red checkbox at the top of the page.

  1. In the Select Action drop-down list, select one of the following actions.
  • DELETE Accounts. Deletes all selected user accounts fromSL1.
  • Require LDAP/AD Authentication. Each selected user must be authenticated on an LDAP server or an Active Directory server. User must have an existing account on an LDAP server or an Active Directory server. For details on configuring SL1 to use LDAP or Active Directory authentication, see the section Using LDAP or Active Directory.
  • Remove LDAP/AD Authentication. Each selected user must be authenticated by a Compute Nodes.

  • Change Brand To. Change the default theme (page layout, color, and graphics) for the user(s). Select from the list of existing themes.
  • Change User Policy To. Change the user policy associated with the user account(s). Select from the list of existing user policies.
  1. Click the Go button to apply the selected action to each selected user account.

Examples of Manually Creating a User Account

The following example walks you through the steps for manually creating an organization.

  • For this example, we'll use an imaginary company with three locations: a sales office in Boston, headquarters in Chicago, and an R&D office in California. The company has created organizations based on geographical location.
  • The company has created three organizations: Northeast, Headquarters, West Coast.
  • Each organization will contain the local hardware and the local users. This will ensure that users can access information on local devices and local users. Administrators can define Access Keys to further limit or allow access.
  • We will manually create a user, Paul Revere, as a member of the organization called "Northeast". Paul Revere is the Administrator for his organization and requires full access to SL1. Therefore, he will have an account of type "administrator".
  • We will manually create a user, Samuel Adams, as a member of the organization called "Northeast". Samuel Adams is the system administrator and will have an account of type "user". Samuel Adams needs to be able to manage the devices and user accounts in the organization "Northeast". We have already defined Access Keys that allow a user to perform these tasks.

Defining User "Paul Revere"

The user "Paul Revere" is an administrator who belongs to the organization "Northeast".

To manually create the user "Paul Revere":

  1. Log in to SL1 as a system administrator. If you have not yet created organizations or user accounts, you can log in as "em7admin", using the password defined during initial configuration.
  2. Go to the User Accounts page (Registry > Accounts > User Accounts).
  3. In the User Accounts page, click the Create button. The page appears.
  4. In the page, supply the following values in each field:
  • First Name. The user's name is Paul Revere, so we supplied "Paul" in this field.
  • Last Name. We supplied the value "Revere" in this field.
  • Generate name based on first and last name. We did not select this checkbox, because our corporate convention is to use first initial and last name as a user name. If we have duplicate names, we use first initial, middle initial, and last name as a user name.

  • Account Login Name. We entered "prevere" as the user's account login name, as is our corporate convention.

  • Primary Email. We entered "prevere@company.com" as the user's email address.
  • Password. We entered "2IfByNight!" in this field, to follow best practices when creating a password. This password includes uppercase letters, lowercase letters, numerals, non-alphabetic characters, and cannot be found in a dictionary.
  • Confirm Password. We entered the user's password again.
  • Password Strength. We specified the user must have a Strong password.
  • Password Expiration. We specified that the password will expire in 30 Days.
  • Password Shadowing. We left this field at its default value - cannot reuse passwords from last year.
  • Require Password Reset. We did not select this checkbox. The user will not be required to change their password when they first log in.
  • Multi-Factor Auth (MFA) User. We entered "prevere1" in this field, because this user requires a different user name for Multi-factor authentication.

NOTE: For details on configuring multi-factor authentication, see the section on using multi-factor authentication.

  • Organization. We selected the organization "System" as the user's primary organization.
  • Account Type. We selected "Individual", because this user is not a member of a user policy.
  • Account Type. We selected "Administrator", because this user requires full access to all tabs, pages, actions, and tasks in SL1.
  • Login State. We selected "Active" in this field, so this user can immediately begin using SL1.
  • Authentication Method. We selected EM7 Session in this field. We want to use the ScienceLogic database (as opposed to an LDAP or Active Directory database) to determine if the username and password are valid.
  • Restrict to IP. We did not enter a value in this field. Because this user is an administrator, we want to allow the user to access SL1 from multiple locations and multiple IP addresses, for diagnostic purposes.
  • Country. We selected "United States" as the country for this user.
  • Time Zone. We selected "America/New York" as the time zone for this user.
  • Autosync Time Zone With Local Settings. We selected No.
  • Policy Membership. Because this user was not created with a user policy, this field is grayed out.
  1. Click the Save button to save the new user account.
  2. The Account Permissions page appears, with some of the fields already populated with values from the page
  3. An additional set of tabs appears. These tabs are the Account Panel tools. These tabs are described in the section on Managing User Accounts.

Defining User "Samuel Adams"

The user "Samuel Adams" is a user who requires access to all the device features and account features for the devices and user accounts in his organization.

To manually create the user "Samuel Adams":

  1. Log in to SL1 as a system administrator. If you have not yet created organizations or user accounts, you can log in as "em7admin", using the password defined during initial configuration.
  2. Go to the User Accounts page (Registry > Accounts > User Accounts).
  3. In the User Accounts page, click the Create button.

  1. The page appears.

  1. In the page, supply the following values in each field:
  • First Name. The user's name is Samuel Adams, so we supplied "Samuel" in this field.
  • Last Name. We supplied the value "Adams" in this field.
  • Generate name based on first and last name. We did not select this checkbox, because our corporate convention is to use first initial and last name as a user name. If we have duplicate names, we use first initial, middle initial, and last name as a user name.
  • Account Login Name. We entered "sadams" as the user's account login name, as is our corporate convention. 
  • Primary Email. We entered "sadams@company.com" as the user's email address.
  • Password. We entered "TeaParty1216!" in this field, to follow best practices when creating a password. This password includes uppercase letters, lowercase letters, numerals, non-alphabetic characters, and cannot be found in a dictionary.
  • Confirm Password. We entered the user's password again.
  • Password Strength. We specified the user must have a Strong password.
  • Password Expiration. We specified that the password will expire in 30 Days.
  • Password Shadowing. We left this field at its default value—cannot reuse passwords from last year.
  • Require Password Reset. We did not select this checkbox. The user will not be required to change their password when they first log in.
  • Multi-Factor Auth (MFA) User. We entered "samadams1" in this field, because this user requires a different user name for Multi-factor authentication.

NOTE: For details on configuring multi-factor authentication, see the section on using multi-factor authentication.

  • Organization. We selected the organization "System" as the user's primary organization.
  • Account Type. We selected Individual, because this user is not a member of a user policy.
  • Account Type. We selected User, because this user does not requires full access to all tabs, pages, actions, and tasks in SL1.
  • Login State. We selected Active in this field, so this user can immediately begin using SL1.
  • Authentication Method. We selected EM7 Session in this field. We want to use the ScienceLogic database (as opposed to an LDAP or Active Directory database) to determine if the user name and password are valid.
  • Restrict to IP. We did not enter a value in this field. Because this user is a system administrator, we want to allow the user to access SL1 from multiple locations and multiple IP addresses, for diagnostic purposes.
  • Country. We selected United States as the time zone for this user.
  • Time Zone. We selected Anchorage as the time zone for this user.
  • Autosync Time Zone With Local Settings. We selected No.
  • Policy Membership. Because this user was not created with a user policy, this field is grayed out.
  1. Click the Save button to save the new user account.

  1. The Account Permissions page appears, with some of the fields already populated with values from the page:

  1. In the Account Permissions page, we must now assign Access Keys to the user's account, so he can manage the devices and user accounts in his organization.

  1. We have already created two Access Keys:
  • The Access key named Manage Devices allows a user full access to devices. For accounts of type "user", this access key allows a user full access to all the devices in his/her organization.
  • The Access key named Manage Accounts allows a user full access to user accounts. For accounts of type "user", this access key allows a user full access to all the user accounts in his/her organization.

  1. We selected these Access Keys for the user Samuel Adams and clicked the Save button.
  2. After creating the user account, an additional set of tabs appears. These tabs are the Account Panel tools. These tabs are described in the section on Managing User Accounts.