The content below describes the different user management WUI fields. For further information on user management and WUI authentication, refer to the User Management Feature Description.

The Change Password section can be used to change the appliance password. This is a local change only and does not affect the password of the partner appliance in a HA deployment.

Minimum Password length

Set the minimum password length for all local user passwords. After selecting a different value for this field, you must refresh the page for the new value to be enforced.

The Local Users section lists any existing local users. Two options are available for existing users:
  • Modify: Change details for an existing local user, such as their permissions and password. For further information, refer to the Modify User section.
  • Delete: Delete the relevant user.

New users can be added in the Add User section.

Usernames can be a maximum of 64 characters long. Usernames can start with a digit and can contain alphanumeric characters, in addition to the following special characters:

=~^._+#@/-

The minimum password length is defined by what is set in the Minimum password length field. All characters are allowed.

The Use RADIUS Server option allows you to determine if RADIUS server authentication will be used when the user is logging in to the LoadMaster. The RADIUS Server details must be setup before this option can be used.

When RADIUS authentication is in use, the LoadMaster passes the user’s details to the RADIUS server and the RADIUS server informs the LoadMaster whether the user is authenticated or not. For further details on how to configure the RADIUS Server details please refer to the WUI Authentication and Authorization section and the RADIUS Authentication and Authorization, Technical Note.

Note: When Session Management is enabled, the Use RADIUS Server option is not available within this screen. Please refer to the WUI Authentication and Authorization section for further information on how to configure RADIUS Server when Session Management is enabled.

When Session Management is enabled, a check box called No Local Password will be displayed in the Add User section. This option can be enabled if client certificate authentication will be used to authenticate this user when they are accessing the LoadMaster. To enable client certificate authentication, set the Admin Login Method in the Remote Access screen. For further information, refer to the Remote Access section or the User Management Feature Description.

Note: Certificate-based authentication will be deprecated at some point in the future.

When running API commands, you can authenticate using an API key. An API key is a unique identifier used to authenticate a user.

The API Keys section on the User Management screen displays any API keys currently generated for the logged in user. You can have up to 16 API keys per user - if you try to create more, the oldest is silently deleted. The oldest API key is listed at the top.

To generate an API key for a specific user, go to the Modify screen for that particular user.

The Remote User Groups section displays any remote user groups that have been created. The group name and associated permissions are displayed. These groups can be selected for LDAP WUI authentication in the following location: Certificates & Security > Remote Access > WUI Authorization Options. For further information, refer to the WUI Authentication and Authorization section.

Note: It is important to select and apply the group, or groups. If there are no groups selected, no group checking is performed and remote users can log in without a group check.

You can add a new remote user group by entering a name and clicking Add Group.

Note: The following characters are permitted in the group name: alphanumeric characters, spaces, or the following special symbols: =~^._+#,@/-.

Click Modify to edit the group permissions.

For further information regarding group permissions, refer to the User Management Feature Description.

There are two permissions relating to Virtual Services - Virtual Services and Add Virtual Services.

The Add Virtual Services permission is only visible when the Allow Extended Permissions check box is selected on the User Management screen. The Virtual Service operations allowed differ based on what combination of options you have selected. For a summary of these connotations, refer to the table below:

Allow Extended Permissions Virtual Services Add Virtual Service Operations Allowed Operations not Allowed
Enabled Enabled Disabled
  • View existing Virtual Services
  • Modify existing Virtual Services
  • Change Virtual Service port
  • Add Virtual Service
  • Duplicate Virtual Service
  • Change Address
  • Export template
Enabled Disabled Enabled
  • View existing Virtual Services
  • Add Virtual Service
  • Duplicate Virtual Service
  • Change Address
  • Export template
  • Modify existing Virtual Services
  • Change Virtual Service port
Enabled Enabled Enabled
  • Add Virtual Service
  • Duplicate Virtual Service
  • Change address
  • Export template
  • View existing Virtual Services
  • Modify existing Virtual Services
  • Change Virtual Service port
 Not applicable
Enabled Disabled Disabled View existing Virtual Services Not applicable
Disabled Enabled Disabled
  • Add Virtual Service
  • Duplicate Virtual Service
  • Change address
  • Export template
  • View existing Virtual Services
  • Modify existing Virtual Services
  • Change Virtual Service port
 Not applicable
Disabled Disabled Disabled View existing Virtual Services
  • Add Virtual Service
  • Duplicate Virtual Service
  • Change address
  • Export template
  • Modify existing Virtual Service
  • Change Virtual Service port

Modify User

In this screen you may set the level of user permissions. This determines what configuration changes the user is allowed to perform. The primary user (bal) always has full permissions. Secondary users may be restricted to certain functions.

For further information regarding user permissions, please refer to the User Management Feature Description.

The Change Password section can be used to modify a user’s password. It is also possible to enable and disable RADUIS server authentication for a user.

Note: When Session Management is enabled, the Use RADIUS Server option is not available within this screen. Please refer to the WUI Authentication and Authorization section for further information on how to configure RADIUS Server when Session Management is enabled.

When Session Management is enabled, a check box called No Local Password will be displayed in the Change Password section. This option can be enabled if client certificate authentication will be used to authenticate this user when they are accessing the LoadMaster. To enable client certificate authentication, set the Admin Login Method in the Remote Access screen. For further information, refer to the Remote Access or the User Management Feature Description.

Named users, even those without User Administration privileges, can change their own passwords. When a named user clicks the System Administration > User Management menu option the Change Password screen appears.

From within this screen, users can change their own password. The minimum password length is defined by what is set in the Minimum password length field. All characters are allowed, except \”`’. Once changed, a confirmation screen appears after which the users will be forced to log back in to the LoadMaster using their new password.

When running API commands, you can authenticate using an API key. An API key is a unique identifier used to authenticate a user.

The API Keys section on the Modify user screen displays any API keys currently generated for that specific user. You can have up to 16 API keys per user - if you try to create more, the oldest is silently deleted. The oldest API key is listed at the top.

To generate an API key for a specific user, click Generate New APIKey.

In the Local Certificate section, a certificate can be generated for the user. A Passphrase can be optionally set which is used to encrypt the private key. Once that certificate has been downloaded, it can be used as a client certificate to allow password-less access to the LoadMaster API. Users with ‘User Administration’ permissions are able to manage local certificates for themselves and other users.

To enable client certificate authentication to the LoadMaster, set the Admin Login Method in the Remote Access screen. For further information, please refer to the Remote Access section or the User Management Feature Description.