Citrix SD-WAN Center 11.4

User accounts

You can view a list of all local and remote user accounts that have logged into Citrix SD-WAN Center virtual machine at least once. Remote user accounts are authenticated through RADIUS or TACACS+ authentication servers. You can also add a new local user account to Citrix SD-WAN Center.

Note

If a user-account is available on a remote authentication server but is never used to log on to Citrix SD-WAN Center, it is not displayed in the Users list.

To view user accounts in the SD-WAN Center web interface, navigate to Administration > User/Authentication Settings.

A list of user accounts appears in the Users section.

RADIUS and TACACS+ access

The following information is displayed:

  • Name: The user name.
  • Type: The type of user account, it can be one of the following:
    • Local: User accounts created and managed locally using the SD-WAN Center interface.
    • RADIUS: Remote user accounts authenticated by the RADIUS server.
    • TACACS+: Remote user accounts authenticated by the TACACS+ server.  
  • Level: The following are three levels of account privilege:
    • Admin: Admin account has administrative privileges. It has read-write access to all the sections.
    • Guest: Guest account is a read-only account with access to Dashboard, Reporting, and Monitoring page.
    • Security Admin: A Security Administrator has the read-write access only for the Firewall and security related settings in Config Editor, while having read-only access to the remaining sections.

      level

      NOTE

      • Only the administrator and security administrator can change or modify the security feature configuration.
      • Security administrator can enable or disable the write access to the firewall for all user accounts except the super administrator.

    Disable write access

    A notification bar appears to all the users after the security administrator changes the firewall write permission for any specific user. This notification is shown per user and hence each logged in user must acknowledge the warning for it to removed.

    Notification bar

  • Network Admin: A Network Administrator has read-write permissions to all the sections and can fully provision a branch except for the firewall and security related settings in the Configuration Editor.

    Network admin

    The hosted firewall node is not available for the network administrator. In this case, the network administrator must import a new configuration. Both network and security related settings are maintained by the super administrator (Admin).

The network administrator and security administrator can make changes to the configuration and also deploy it on the network.

NOTE

The network administrator and security administrator cannot add or delete user accounts. They can only edit their own account passwords.

  • Created: For local user accounts, the date the user account was created. For a remote user account, the date of the first login session.
  • Modified: For local user accounts, the date the password was last changed. For remote users, the date of the first login session.
  • Last Login: The date the user last successfully logged in. A tooltip displays the IP Address of the device used to log in.
  • Last Active: The date the last request was made to the server. A tooltip displays the IP Address of the device used to log in.
  • Manage: Click the gear icon to view a menu containing the following options:
    • Set Password: Change Password for the local user account. The current root password is required to change the root password. You cannot change passwords of remote user accounts.
    • Reset: Remove the workspaces and preferences for this user account.
    • Delete: Delete the local user account, workspaces, and preferences from SD-WAN Center. You cannot delete remote and admin accounts.
    • Two-factor Enabled: Enable two-factor authentication for the local and remote user account. For more information, see two-factor authentication.
  • Write Access to Firewall: Shows the Write Access to Firewall is enabled or disabled.

To add a new local user account to the Citrix SD-WAN Center:

Note

The user accounts created locally on Citrix SD-WAN Center do not have the privilege to edit and export the network configuration package to the MCN.

  1. Click the add icon + next to Users. The Add Local User dialog box appears.

    User account addition

  2. Enter values for the following parameters:

    • User Name: The user name for the local user account.
    • Level: The account privilege. A guest user account is a read-only account limited to viewing dashboard, reports, and statistics. The guest user account does not have the privilege to edit and export the network configuration package to the MCN.
    • Password: The password for the user account.
    • Confirm Password: Reenter the password for confirmation.
  3. Select Enable Two-factor to enable two-factor authentication for the local user account.

    Note

    The Enable Two-factor option appears only when the secondary authentication server is configured.

    Configure a secondary authentication server, either RADIUS, or TACAS+ authentication. Ensure that the user account is configured on the secondary authentication server. For more information, see Secondary authentication.

  4. Click Add. The new user account is created and the account information is added to the Users table.

Note

Citrix SD-WAN Center can have up to 600 local users.

User accounts