Manual Chapter :
Introduction to User Account Management
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP Link Controller
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP Analytics
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0
Introduction to User Account Management
Purpose of BIG-IP user accounts
An important part of managing the BIG-IP system is creating and managing user accounts for
BIG-IP system administrators. By creating user accounts for system administrators, you provide
additional layers of security. User accounts ensure that the system:
- Verifies the identity of users logging into the system
- Controls user access to system resources
User access components
To control user authentication and authorization, you assign passwords, user roles,
administrative partition access, and user roles to the BIG-IP system user
accounts:
- Passwordsallow you to authenticate your users when they attempt to log in to the BIG-IP system.
- User rolesandpartitions accessallow you to control user access to BIG-IP system resources.
- Terminal accesscontrols whether or not a user can access any command line interfaces on the system.
Types of user accounts
The types of user accounts on the BIG-IP system are:
- The root account
- Every BIG-IP system has an account namedroot. A user who logs in to the system using therootaccount has full access to all BIG-IP system resources, including all administrative partitions and command line interfaces.
- The admin account
- Every BIG-IP system has an account namedadmin. A user who logs in to the system using theadminaccount has the Administrator role, which grants the user full access to all BIG-IP system resources, including all administrative partitions on the system. By default, theadminuser account has access to the BIG-IP Configuration utility only. However, users logged in with this account can grant themselves access to bothtmshand the advanced shell. Although the BIG-IP system creates this account automatically, you must still assign a password to the account before you can use it. To initially set the password for the admin account, you must run the Setup utility. To change its password later, you use the BIG-IP Configuration utility’s Users screens.
- Local accounts
- A BIG-IP user with the correct user role can create other local user accounts for BIG-IP system administration. Each local user account on the BIG-IP system has one or more user roles assigned to the account (one per partition), as well as permissions related totmshand Bash shell access.
- Remote accounts
- If your organization stores user accounts on a remote authentication server (such as an Active Directory server), you can configure the BIG-IP system to control access to BIG-IP configuration objects for all BIG-IP user accounts stored on the remote server. In this case, the remote server authenticates each BIG-IP user at login time, while the BIG-IP system itself grants the specified access control permissions.
You are not required to have any user accounts on the BIG-IP system other than
the
root
and admin
accounts. However, F5 Networks recommends that you create other user accounts, as a way to
intelligently control administrator access to system resources.Changing the root
and admin account passwords
If you have an Administrator user role, you can use the BIG-IP
Configuration utility to change the passwords of the
root
and admin
accounts.- On the Main tab, expandSystem, and clickPlatform.
- For theRoot Accountsetting, type a new password in thePasswordbox, and re-type the new password in theConfirmbox.
- For theAdmin Accountsetting, type a new password in thePasswordbox, and re-type the new password in theConfirmbox.
- Click theUpdatebutton.