Users Guide
NOTE: AD and LDAP directory users can be imported and assigned one of the OpenManage Enterprise roles (Admin,
DeviceManager, or Viewer).
By clicking OpenManage Enterprise > Application Settings > Security, you can secure your OpenManage Enterprise either by
specifying the Restrict Allowed IP Range or the Login Lockout Policy.
• Expand Restrict Allowed IP Range:
NOTE: When "Restrict Allowed IP Range", is configured in appliance, any inbound connection to appliance, such as
alert reception, firmware update, and network identities are blocked for the devices which are outside the given
range. However, any connection that goes out of the appliance will work on all devices.
1. To specify the IP address range that must be allowed to access OpenManage Enterprise, select the Enable IP Range check box.
2. In the IP Range Address (CIDR) box, enter the IP address range.
NOTE: Only one IP range is allowed.
3. Click Apply. To reset to default properties, click Discard.
NOTE: Apply button will not be enabled if multiple IP ranges are entered in the IP Range Address (CIDR) box.
• Expand Login Lockout Policy :
1. Select the By User Name check box to prevent a specific user name from logging in to OpenManage Enterprise.
2. Select the By IP address check box to prevent a specific IP address from logging in to OpenManage Enterprise.
3. In the Lockout Fail Count box, enter the number of unsuccessful attempts after which OpenManage Enterprise must prevent
the user from further logging in. By default, 3 attempts.
4. In the Lockout Fail Window box, enter the duration for which OpenManage Enterprise must display information about a failed
attempt.
5. In the Lockout Penalty Time box, enter the duration for which the user is prevented from making any login attempt after multiple
unsuccessful attempts.
6. Click Apply. To reset the settings to default attributes, click Discard.
Related References
Security Certificates on page 137
Security Certificates
By clicking Application Settings > Security > Certifciates, you can view information about the currently available SSL certificate for
the device.
NOTE:
To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based
OpenManage Enterprise user privileges on page 14.
To generate a Certificate Signing Request (CSR), see Generate and download the certificate signing request on page 137.
Related information
Set the login security properties on page 136
Generate and download the certificate signing request
To generate a Certificate Signing Request (CSR) for your device, and then apply for an SSL:
NOTE: You must generate the CSR from within the OpenManage Enterprise appliance only.
1. Click Generate Certificate Signing Request.
2. In the Generate Certificate Signing Request dialog box, enter information in the fields.
3. Click Generate.
A CSR is created and displayed in the Certificate Signing Request dialog box. A copy of the CSR is also sent to the email address
you provided in your request.
4. In the Certificate Signing Request dialog box, copy the CSR data and submit it to the Certificate Authority (CA) while applying for
an SSL certificate.
• To download the CSR, click Download Certificate Signing Request.
Managing OpenManage Enterprise appliance settings
137