Users

Security ► Users

System administrators or report administrators can use these procedures to manage users.

Access alternatives:

  • Click the dashboard icon at the top of the NAM Console screen
    NAM Console dashboard
    and click the Users tile
    NAM Console dashboard Users
  • Open the NAM Console menu

    and select Security ► Users

On the NAM Server menu, you can open Security ► Users to manage Users for that NAM Server.

Adding a user

  1. Open the NAM Console menu and select Security ► Users.
  2. Click Add user.
  3. Enter user information:
    • User name
      Required.
      User names can only include alphanumeric characters, periods, dashes and underscores. You also must not use the reserved user names: anonymous-guest and ANONYMOUS.
    • First name
      Required.
    • Last name
      Required.
    • Email address
      Optional.
    • Password and Re-enter password
      Required unless you set a custom Password policy that does not require a password. Be sure to also follow the other requirements of your password policy.
    • Password reset required
  4. Add roles to this user directly or through group membership.
    See User roles and groups for more information.

Importing LDAP users

Before you import LDAP users:

  • Enable and configure LDAP authentication.
  • When configuring LDAP authentication, verify (test) that your LDAP searches yield the users you intend to import.

When you are ready to import LDAP users:

  1. Open the NAM Console menu and select Security ► Users.
  2. Click Import LDAP Users.
  3. Enter enough criteria to find the new user and click Search.
    By default, a maximum of 20 user names will be displayed. You can limit or extend the search by changing the value in the Max Results Returned field.
  4. Select the users you need to import and then click Import.

If an LDAP user account matches a locally-created user account, the local user account takes precedence over the LDAP account.

New users are assigned a Guest role and have limited access to product functionality. They are also added to the Everyone user group. You can assign them to other user groups, roles with additional product access, and custom dashboards. For example, if you want the new user to have full access to the Portal, dashboards and reports, you would assign them to a Report Administrator role or to a user group with that role.

Limiting users to a specific LDAP group

To limit users to a specific LDAP group, you can create a custom User search filter in the Search settings tab of the Authentication ► LDAP screen.

LDAP knowledge

You should have basic knowledge of your LDAP structure and identify the specific LDAP group to which you want to limit access.

The LDAP group name is important. If you mistype the group name or enter a group name that does not exist in LDAP, you may lock all users out of NAM.

  1. Open Authentication ► LDAP and click the Search settings tab.

  2. In the User settings section, edit the User search filter.
    The default filter applies to all users: (&(sAMAccountName={0})(objectClass=user))

  3. Append the LDAP group condition to the filter:
    (memberOf=CN=DCRUM_Users,OU=Groups,DC=corp,DC=com)
    where CN=DCRUM_Users,OU=Groups,DC=corp,DC=com is the LDAP group identifier.

    The complete filter with the group condition should look like this:

    `(&(sAMAccountName={0})(objectClass=user)(memberOf=CN=DCRUM_Users,OU=Groups,DC=corp,DC=com))`  
    
  4. Click Save to save your changes.

This filter becomes effective immediately after you click Save.

  • Existing users who do not match the filter criteria will not be able to sign in to NAM.
  • New LDAP user imports will be processed according to this filter.

Exporting all users

  1. Open the NAM Console menu and select Security ► Users.
  2. Click Export all users.

Deactivating a user

When you deactivate a user account, the user profile remains in the system but the user cannot access the system. This is useful for when you need to temporarily shut down a user's access but you want to retain the option of restoring access later.

  1. Open the NAM Console menu and select Security ► Users.
  2. In the Users table, find the user, click Actions for that user, and select Deactivate.
    The user's status is set to Inactive.

Activating a user

If you have deactivated an account but not deleted it, you can activate it when you are ready to restore that user's access to the system.

  1. Open the NAM Console menu and select Security ► Users.
  2. In the Users table, find the user, click Actions for that user, and select Activate.
    The user's status is set to Active.

An active user can access the system according to that user's role assignments. For more information, see User roles and groups

Deleting a user

When you delete a user account, you remove that user's access to the system and delete the user's profile information.

  1. Open the NAM Console menu and select Security ► Users.
  2. In the Users table, find the user, click Actions for that user, and select Delete.
    The user is removed from the system and is no longer listed on the Users screen.

A deleted user can not access the system. The user profile is deleted from the system and can not be reactivated.

Resetting a regular user password

Applies to NAM 2018

If you forget your user password, you need to work with your NAM administrator to reset it.

User:

  1. Contact the NAM administrator.
  2. Request a password reset.

NAM administrator:

  1. In the NAM Console, open Security ► Users.
  2. Find the user in the list and select Actions > Edit user for that user.
  3. Set a temporary new password in New password (and Repeat new password).
  4. Recommended: select Password reset required to require that the user change this new password at first login.
  5. Inform the user that the password has been set to the temporary value.

User:

  1. Log in to NAM using the temporary password.
  2. Change it to a password that follows site password policy and is unknown to anyone else.

Resetting an admin password

The procedure for this differs slightly between DC RUM 2017 and NAM 2018. Be sure to open the right local page for your deployment.

If you forget your password and you are the administrator (or the only available admin), you cannot reset your own password using the procedure to reset a regular user password. Instead, you need to contact Dynatrace support to get a password reset token.

  1. Tell your Dynatrace support representative your user name and desired temporary password.

  2. Dynatrace support will generate a token and send it to you.

  3. Open the Password reset screen.

    • In DC RUM 2017, open https://localhost:port/diagnostic/ and click the Password Reset link.
    • In NAM 2018, open https://localhost:port/console/passwordReset.xhtml
      To access this screen, you need to open it in a browser running on the same machine as console application, or you need to be able to provide administrator credentials at access time.
  4. Copy the token you received from Dynatrace support into the box and click Reset (or Submit, depending on your installation).
    If the token is valid, the password is reset to the requested value (the temporary password you sent to support).

    Important

    Be sure to use the token promptly. A token acquired from Dynatrace support is valid for only one hour, after which time you would have to request a new token.

  5. Log in to the console using the temporary password.

After you regain access to the console, you should change the temporary password to a password that follows your site password policy and is unknown to anyone else.

Reverting to local NAM Console login from external SSO sign-on

Applies to NAM 2018

If you are using an external IdP for SSO and you lose access to your external IdP, you can switch back to your local NAM Console login for troubleshooting. To do so, add ?local to the full NAM Console login URL. For example:

https://address:port/console/login.xhtml?local

where address and port are the address and port of your NAM Console installation. When you open that URL in your browser, you are presented with the local login screen rather than the SSO screen.