Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

111

112

113

114

115

116

117

118

119

120

GlobalProtect Administrator’s Guide 111

Set Up the GlobalProtect Mobile Security Manager Set Up Administrative Access to the Mobile Security Manager

Create an Administrative Account

After defining the authentication mechanisms for authenticating administrative users, you must create an

account for each administrator. When creating an account, you must define how to authenticate the user. In

addition, you must specify a role for the administrator. A role defines the type of access the associated

administrator has to the system. There are two types of roles you can assign:

 Dynamic Roles—Built-in roles that provide Superuser, Superuser (read-only), or Device administrator,

Device administrator access to the Mobile Security Manager. With dynamic roles, you don’t have to worry

about updating the role definitions as new features are added because the roles automatically update.

 Admin Role Profiles—Allow you to create your own role definitions in order to provide more granular

access control to the various functional areas of the web interface, CLI and/or XML API. For example, you

could create an Admin Role Profile for your operations staff that provides access to the network

configuration areas of the web interface and a separate profile for your IT administrators that provides access

to policy definition, mobile security management functions, logs, and reports. Keep in mind that with Admin

Role Profiles you must update the profiles to explicitly assign privileges for new features/components that

are added to the product.

The following example shows how to create a local administrator account with local authentication

Step 2 Create an account for the administrator

and enable certificate-based

authentication.

1. Select

Setup > Administrators and then click Add.

2. Enter a user

Name and Password for the administrator.

You will need to configure a password. Make sure to enter a

strong/complex password and record it in safe location; you will

only be prompted for this password in the event that the

certificates are corrupted or a system failure occurs.

3. (Optional) Select an

Authentication Profile.

4. Enable

Use Public Key Authentication (SSH).

5. Click Import Key and browse to import the public key you saved

in Step 1.

6. Select the

Role to assign to this administrator. You can either

select one of the predefined Dynamic roles or a custom

Role-Based profile.

7. Click

OK to save the account.

Step 3 Commit your changes. Click

Commit.

Step 4 Verify that the SSH client uses its private

key to authenticate to the public key,

which is presented by the Mobile Security

Manager.

1. Configure the SSH client to use the private key to authenticate

to the Mobile Security Manager.

2. Log in to the CLI on the Mobile Security Manager.

Enable SSH (Public-Key Based) Authentication (Continued)