Manual Chapter : Introduction to User Account Management

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0
Manual Chapter

Introduction to User Account Management

Purpose of BIG-IP user accounts

An important part of managing the BIG-IP system is creating and managing user accounts for BIG-IP system administrators. By creating user accounts for system administrators, you provide additional layers of security. User accounts ensure that the system:
  • Verifies the identity of users logging into the system
  • Controls user access to system resources

User access components

To control user authentication and authorization, you assign passwords, user roles, administrative partition access, and user roles to the BIG-IP system user accounts:
  • Passwords
    allow you to authenticate your users when they attempt to log in to the BIG-IP system.
  • User roles
    and
    partitions access
    allow you to control user access to BIG-IP system resources.
  • Terminal access
    controls whether or not a user can access any command line interfaces on the system.

Types of user accounts

The types of user accounts on the BIG-IP system are:
The root account
Every BIG-IP system has an account named
root
. A user who logs in to the system using the
root
account has full access to all BIG-IP system resources, including all administrative partitions and command line interfaces.
The admin account
Every BIG-IP system has an account named
admin
. A user who logs in to the system using the
admin
account has the Administrator role, which grants the user full access to all BIG-IP system resources, including all administrative partitions on the system. By default, the
admin
user account has access to the BIG-IP Configuration utility only. However, users logged in with this account can grant themselves access to both
tmsh
and the advanced shell. Although the BIG-IP system creates this account automatically, you must still assign a password to the account before you can use it. To initially set the password for the admin account, you must run the Setup utility. To change its password later, you use the BIG-IP Configuration utility’s Users screens.
Local accounts
A BIG-IP user with the correct user role can create other local user accounts for BIG-IP system administration. Each local user account on the BIG-IP system has one or more user roles assigned to the account (one per partition), as well as permissions related to
tmsh
and Bash shell access.
Remote accounts
If your organization stores user accounts on a remote authentication server (such as an Active Directory server), you can configure the BIG-IP system to control access to BIG-IP configuration objects for all BIG-IP user accounts stored on the remote server. In this case, the remote server authenticates each BIG-IP user at login time, while the BIG-IP system itself grants the specified access control permissions.
You are not required to have any user accounts on the BIG-IP system other than the
root
and
admin
accounts. However, F5 Networks recommends that you create other user accounts, as a way to intelligently control administrator access to system resources.

Changing the root and admin account passwords

If you have an Administrator user role, you can use the BIG-IP Configuration utility to change the passwords of the
root
and
admin
accounts.
  1. On the Main tab, expand
    System
    , and click
    Platform
    .
  2. For the
    Root Account
    setting, type a new password in the
    Password
    box, and re-type the new password in the
    Confirm
    box.
  3. For the
    Admin Account
    setting, type a new password in the
    Password
    box, and re-type the new password in the
    Confirm
    box.
  4. Click the
    Update
    button.