The User Management page allows you to control how users are granted access to Cisco Business Dashboard, change settings that affect how those users interact with the Dashboard and control whether those users should also be allowed
to access the network when performing user-based network authentication. This is a useful tool when you need to add new users
or remove them from the network.
Cisco Business Dashboard has settings to control the dashboard features that are available using the Dashboard Access drop-down list, and whether
the user can access the network when user user-based network access (the Network Access checkbox). The options available for
these settings include:
-
Administrator—An Administrator has full access to Dashboard features including the ability to maintain the system.
-
Organization Administrator—An Organization Administrator is limited to managing one or more organizations, but cannot make changes to the system.
-
Operator—An Operator has similar power to an Organization Administrator, but cannot manage users.
-
Readonly—A Readonly user can only view network information, they cannot make any changes.
-
No Access—A No Access user will not be able to use any of the dashboard features, but may log on to the dashboard to manage their user
profile.
-
Network Access—This setting controls whether the user can access the network when user-based network access is in use. If the Dashboard
Access setting is set to Organization Administrator or below, then access will only be permitted for organizations in the
user's organization list.
Cisco Business Dashboard allows users to be authenticated against the local user database. From release 2.2.1 onwards, users may also be authenticated
against a Microsoft Azure Active Directory instance.
Note
|
Only local users will be checked when performing authentication for user-based network access.
|
When the Cisco Business Dashboard is first installed, a default Administrator is created in the local user database with the username and password both set to cisco.
Note
|
User settings can be managed by Administrators and Organization Administrators only.
|
Add a New User to the Local User Database
-
Navigate to Administration>Users and select the Users tab.
-
Click the ✚ (plus) icon to create a new user.
-
In the fields provided, enter a username, display name, email address and password, and specify the Dashboard Access and Network
Access settings. You may also provide contact details for the user.
-
Click Save.
If the user is not an Administrator, then you must add the user to one or more organizations. To do so, select the Organizations tab and click the ✚(plus) icon. Select the desired organization from the drop-down list.
Modify a User
-
Navigate to Administration>Users and select the Users tab.
-
Select the radio button next to the user that needs to be changed and click the Edit icon.
-
Make the modifications as required.
-
Click Save.
To add the user to a new organization, select the Organizations tab and click the ✚(plus) icon. Select the desired organization from the dropdown list. To remove them from an organization,
click the Delete icon next to the organization in the table.
Delete a User
-
Navigate to Administration>Users and select the Users tab.
-
Select the radio button next to the user that needs to be deleted and click delete at the top of the table.
Change password complexity
To enable or change password complexity requirements, follow these steps.
-
Navigate to Administration>Users and select the User Settings tab.
-
Select the Local tab under Authentication Source, modify the User Password Complexity settings as required and click Save.
Note
|
When authenticating against an Azure Active Directory instance, password complexity is managed in Active Directory.
|
Enable Azure Active Directory Authentication
Cisco Business Dashboard supports user authentication using an instance of Microsoft Azure Active Directory. Active Directory users are assigned roles
and organization lists based on the Active Directory groups the user is a member of.
To enable Azure Active Directory as an authentication source, follow these steps.
-
In the Azure Active Directory, create a new App registration for Cisco Business Dashboard, assign it delegated permissions of User.Read and Domain.Read.All from the Microsoft Graph API and create a Client secret. Take note of the Application (client) ID, the Client secret and the Directory (tenant) ID.
-
Open the Cisco Business Dashboard web GUI and navigate to Administration>Users. Select the User Settings tab, and then select the Azure AD tab under Authentication Source.
-
Click the Enable Checkbox.
-
Enter the Client ID, Client Secret and Tenant ID collected in step 1 into the field provided
-
Optionally, specify a comma-separated list of domains that should be allowed to access the dashboard. Click Save.
-
Click the ✚(plus) icon under the User Group Mappings header to create a new group mapping. Enter the Object ID for the Active Directory group into the field provided, then select a role and organization list to be applied to users in
this group. Repeat this step for all the groups that need to be mapped.
If a user matches multiple groups, then the role and organization mappings from the first match will be used.
-
Make a note of the Redirect URL displayed beneath the Enable checkbox. Return to Azure Active Directory and add the URL to the list of Redirect URIs for the App registration.
Note
|
The host and port displayed in the redirect URL should be reachable from the web browsers of users accessing the dashboard.
If the current displayed values are not be reachable, update the appropriate fields on the Systems Variables tab on the System>Platform Settings page.
|
Manage Local Authentication
Authentication against the local user database is enabled by default. To disable local authentication, follow these steps.
-
Ensure that authentication against Azure Active Directory has been set up as described above. Log on to the dashboard using
an Administrator account authenticated by Active Directory.
-
Navigate to Administration>Users and select the User Settings tab. Under Authentication Source, select the Local tab.
-
Deselect the Enable checkbox and click Save.
To enable local authentication again, follow these steps.
-
Navigate to and select the User Settings tab. Under Authentication Source, select the Local tab.
-
Select the Enable checkbox and click Save.
Restore Access when All Administrative Access has been Lost
If administrative access to the Cisco Business Dashboard application is lost, follow these steps to recover the same access.
-
Log on to the host operating system using SSH or via the console.
-
Enter the command cisco-business-dashboard recoverpassword
After entering the command, the local user authentication is enabled, and the default Administrator with username cisco and password cisco is restored.
Change session timeouts
To change idle and absolute timeouts for user sessions, follow these steps.
-
Navigate to Administration>Users and select the User Settings tab.
-
Modify the User Session parameters as required and click Save. Hover over the help icons to see allowable ranges for these parameters.