Configure a Firewall Administrator Account

Administrative accounts specify roles and authentication methods for firewall administrators. The service that you use to assign roles and perform authentication determines whether you add the accounts on the firewall, on an external server, or both (see Administrative Authentication). If the authentication method relies on a local firewall database or an external service, you must configure an authentication profile before adding an administrative account (see Configure Administrative Accounts and Authentication). If you already configured the authentication profile or you will use Local Authentication without a firewall database, perform the following steps to add an administrative account on the firewall.
Create a separate administrative account for each person who needs access to the administrative or reporting functions of the firewall. This enables you to better protect the firewall from unauthorized configuration and enables logging of the actions of individual administrators.
Make sure you are following the Best Practices for Securing Administrative Access to ensure that you are securing administrative access to your firewalls and other security devices in a way that prevents successful attacks.
  1. Select
    Device
    Administrators
    and
    Add
    an account.
  2. Enter a user
    Name
    .
    If the firewall uses a local user database to authenticate the account, enter the name that you specified for the account in the database (see Add the user group to the local database.)
  3. Select an
    Authentication Profile
    or sequence if you configured either for the administrator.
    If the firewall uses Local Authentication without a local user database for the account, select
    None
    (default) and enter a
    Password
    .
  4. Select the
    Administrator Type
    .
    If you configured a custom role for the user, select
    Role Based
    and select the Admin Role
    Profile
    . Otherwise, select
    Dynamic
    (default) and select a dynamic role. If the dynamic role is
    virtual system administrator
    , add one or more virtual systems that the virtual system administrator is allowed to manage.
  5. (
    Optional
    ) Select a
    Password Profile
    for administrators that the firewall authenticates locally without a local user database. For details, see Define a Password Profile.
  6. Click
    OK
    and
    Commit
    .

Related Documentation