Manual Chapter : Introduction to User Account Management

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.0.1, 13.0.0

BIG-IP APM

  • 13.0.1, 13.0.0

BIG-IP Link Controller

  • 13.0.1, 13.0.0

BIG-IP Analytics

  • 13.0.1, 13.0.0

BIG-IP LTM

  • 13.0.1, 13.0.0

BIG-IP AFM

  • 13.0.1, 13.0.0

BIG-IP PEM

  • 13.0.1, 13.0.0

BIG-IP DNS

  • 13.0.1, 13.0.0

BIG-IP ASM

  • 13.0.1, 13.0.0
Manual Chapter

Purpose of BIG-IP user accounts

An important part of managing the BIG-IP® system is creating and managing user accounts for BIG-IP system administrators. By creating user accounts for system administrators, you provide additional layers of security. User accounts ensure that the system:

  • Verifies the identity of users logging into the system
  • Controls user access to system resources

User access components

To control user authentication and authorization, you assign passwords, user roles, administrative partition access, and user roles to the BIG-IP® system user accounts:

  • Passwords allow you to authenticate your users when they attempt to log in to the BIG-IP system.
  • User roles and partitions access allow you to control user access to BIG-IP system resources.
  • Terminal access controls whether or not a user can access any command line interfaces on the system.

Types of user accounts

The types of user accounts on the BIG-IP® system are:

The root account
Every BIG-IP system has an account named root. A user who logs in to the system using the root account has full access to all BIG-IP system resources, including all administrative partitions and command line interfaces.
The admin account
Every BIG-IP system has an account named admin. A user who logs in to the system using the admin account has the Administrator role, which grants the user full access to all BIG-IP system resources, including all administrative partitions on the system. By default, the admin user account has access to the BIG-IP Configuration utility only. However, users logged in with this account can grant themselves access to both tmsh and the advanced shell. Although the BIG-IP system creates this account automatically, you must still assign a password to the account before you can use it. To initially set the password for the admin account, you must run the Setup utility. To change its password later, you use the BIG-IP Configuration utility’s Users screens.
Local accounts
A BIG-IP user with the correct user role can create other local user accounts for BIG-IP system administration. Each local user account on the BIG-IP system has one or more user roles assigned to the account (one per partition), as well as permissions related to tmsh and Bash shell access.
Remote accounts
If your organization stores user accounts on a remote authentication server (such as an Active Directory server), you can configure the BIG-IP system to control access to BIG-IP configuration objects for all BIG-IP user accounts stored on the remote server. In this case, the remote server authenticates each BIG-IP user at login time, while the BIG-IP system itself grants the specified access control permissions.
Note: You are not required to have any user accounts on the BIG-IP system other than the root and admin accounts. However, F5 Networks® recommends that you create other user accounts, as a way to intelligently control administrator access to system resources.

Changing the root and admin account passwords

If you have an Administrator user role, you can use the BIG-IP® Configuration utility to change the passwords of the root and admin accounts.

  1. On the Main tab, expand System, and click Platform.
  2. For the Root Account setting, type a new password in the Password box, and re-type the new password in the Confirm box.
  3. For the Admin Account setting, type a new password in the Password box, and re-type the new password in the Confirm box.
  4. Click the Update button.