User Management in GuardAxion
User Management Overview
GuardAxion provides comprehensive user management including user accounts, groups, role-based access control (RBAC), and multi-factor authentication.
Creating Users
Via Admin Panel
- Navigate to Device & User Management > User Management
- Click Add New User
- Enter user details:
- Username
- Email address
- Initial password
- Role assignment
- Group membership
Via Self-Registration (if enabled)
- Users visit the registration page
- Complete registration form
- Admin approves new account
- User receives activation email
User Roles
Administrator
- Full system access
- Manage all users and settings
- Configure security policies
- Access all analytics and reports
Manager
- Manage assigned user groups
- View analytics for their team
- Configure limited policies
- Cannot modify system settings
Analyst
- View-only access to analytics
- Generate reports
- No configuration access
User
- Standard end-user
- Self-service profile management
- View own activity logs
Managing Groups
Creating Groups
- Go to Device & User Management > Group Management
- Click Create New Group
- Configure:
- Group name
- Description
- Default service class
- Manager assignment
Group Benefits
- Bulk policy application
- Simplified management
- Departmental organization
- Delegation to managers
Group Hierarchy
Create nested groups:
- Company
- Departments
- Teams
- Departments
Role-Based Access Control (RBAC)
Custom Roles
- Navigate to Device & User Management > Role Management (Admin only)
- Click Create Custom Role
- Assign permissions:
- User management
- Policy configuration
- Analytics access
- System settings
Permission Categories
- Users: Create, edit, delete users
- Groups: Manage group memberships
- Policies: Configure security rules
- Analytics: View reports and logs
- System: Modify system settings
- Audit: Access audit logs
Multi-Factor Authentication (MFA)
Enabling MFA
- Go to System > Two-Factor Auth
- Click Enable MFA
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes securely
MFA for All Users
Administrators can require MFA:
- System Settings
- Enable Require MFA for all users
- Set grace period for enrollment
Backup Codes
- Generated during MFA setup
- Use when authenticator unavailable
- Store securely
- Regenerate if compromised
User Activity Monitoring
View User Activity
- Analytics & Monitoring > User Activity
- Select user or date range
- Review:
- Login history
- Actions performed
- Policy violations
- Browser activity
Audit Logs
- System > Audit Log (Admin only)
- Filter by:
- User
- Action type
- Date range
- IP address
Best Practices
- Follow principle of least privilege
- Regular access reviews (quarterly)
- Disable unused accounts promptly
- Enforce MFA for administrators
- Use groups for policy application
- Document role assignments
- Regular password rotation
- Monitor privileged actions
Troubleshooting
User Can't Log In
- Check account status (active/disabled)
- Verify credentials
- Check MFA configuration
- Review audit logs
Missing Permissions
- Verify role assignment
- Check group memberships
- Review custom role permissions
MFA Issues
- Verify time sync on device
- Use backup code
- Reset MFA (admin action)