Hardware reference guide
112 GlobalProtect Administrator’s Guide
Set Up Administrative Access to the Mobile Security Manager Set Up the GlobalProtect Mobile Security Manager
Create an Administrator Account
Step 1 If you plan to use Admin Role Profiles
rather than Dynamic Roles, create the
profiles that define what type of access, if
any, to give to the different sections of
the web interface, CLI, and XML API for
each administrator assigned to the role.
Complete the following steps for each role you want to create:
1. Select
Setup > Admin Roles and then click Add.
2. On the
Web UI and/or XML API tabs, set the access levels—
Enable , Read Only , Disable —for each functional area
of the interface by clicking the icon to toggle it to the desired
setting. As a best practice, be sure to restrict the device wipe
action to just one or two administrators who are very familiar
with Mobile Security Manager to ensure that end user devices do
not get wiped accidentally.
3. On the
Command Line tab, specify the type of access to allow
to the CLI:
superuser, superreader, deviceadmin,
devicereader or None to disable CLI access entirely.
4. Enter a
Name for the profile and then click OK to save it.
Step 2 (Optional) Set requirements for local
user-defined passwords.
• Create Password Profiles—Define how often administrators
must change their passwords. You can create multiple password
profiles and apply them to administrator accounts as needed to
enforce the desired security. To create a password profile, select
Setup > Password Profiles and then click the Add.
• Configure minimum password complexity settings—Define
rules that govern password complexity, allowing you to force
administrators to create passwords that are harder to guess, crack,
or compromise. Unlike password profiles, which can be applied to
individual accounts, these rules are device wide and apply to all
passwords. To configure the settings, select
Setup > Settings >
Management
and then click the Edit icon in the Minimum
Password Complexity section.