User management
User directories
DataMiner supports the following types of directories for user management:
- Active Directory (default)
- Azure Active Directory
- Atlassian Crowd
- LDAP-compatible directories (e.g. OpenLDAP)
By default, DataMiner will import users from its local Active Directory.
Note
Importing users via these methods does not necessarily allow these users to sign in. See User authentication.
Local users
Apart from directory users, DataMiner also has a notion of local users, i.e. users created within the DataMiner System. Behind the scenes, when a new local user is created, DataMiner will create a new Windows user. Local users are completely managed by the Windows Server hosting your DataMiner System. This means Windows is responsible for password storage, complexity, and audit trail requirements.
For more information see Types of users.
Default Users
DataMiner has one built-in user, named "Administrator". This user is also the local administrator on the Windows server hosting DataMiner. This user is intended for recovery and initial configuration purposes. Once the system is configured and Operator users have been created, we recommend disabling the local Administrator user on the DataMiner server.
To disable the local Administrator user:
Open a PowerShell console as administrator.
Execute the following command:
Get-LocalUser Administrator | Disable-LocalUser
To enable the local Administrator user:
Open a PowerShell console as administrator.
Execute the following command:
Get-LocalUser Administrator | Enable-LocalUser
Note
If you use self-hosted storage nodes instead of the recommended Storage as a Service, you will need to make sure that the default users of the DataMiner databases are also secured. For more information, see Securing self-hosted DataMiner storage.
User authentication
To actually sign in users in DataMiner, several authentication methods are supported:
Multi-Factor Authentication (MFA)
Both RADIUS and SAML authentication have support for enabling Multi-Factor Authentication on your DataMiner System.
Groups and permissions
Once your users are imported into the DataMiner System, it is possible to assign them to a group. All permissions are configured on group level. See DataMiner user permissions for more information about the different permissions.