Create a User
You can create local or LDAP or SSO user accounts.
Creating a New Local or LDAP or SSO User Account
From the Settings page, select User Management, then User Roles and Groups.
Select New, and then select Local User or LDAP User or SSO User from the drop-down menu.
Depending on your selection the Create New Local User or the Create New LDAP User or Create SSO User page is displayed.
Enter the user's information, select a role, and then click Save.
LDAP user information is auto-populated from the client's LDAP account as soon as you start to enter the name, email, or username of the LDAP user.
Note
Usernames are case-sensitive.
By selecting “Override idle timeout settings...”, an administrator can override the Idle User Timeout value that is set in the Password Policy.
Verifying the New Local or LDAP User
Click the arrow where the current logged-in username is displayed and select Sign Out (from the drop-down menu) to log out of the Administrator account.
You are returned to the login page.
Use the newly created username and password for the account that you just created.
You are now logged in as the new user.
Note
If you attempt to log in to IO three times with incorrect login/password credentials, you need to complete a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response test to log in to IO.
Configuring Single Sign-On (SSO):
Navigate to Settings > User Management and locate the new option labelled "SSO Configuration"
SAML 2.0 provider can be e.g. OKTA provider. In provider one needs to add an application, and provide SSO URL (E.g. “https://[FQDN]/api/sec/samlLogin”) , Audience URI ( “https://[FQDN]/” ) , Application user name as email.
Within the SSO Configuration page, you can input and save the following SSO configuration details:
IdP Issuer URI/ID
IdP SSO URL
IdP Signature Certificate
Note
When utilizing the SSO feature:
There will be no password field present for SSO users during login.
If an SSO user is added and SSO configurations are saved:
During login, no password field will be present.
Users can log in using their SSO username/email.
After the user enters the email ID set up in the steps, they will be directed to the login screen of the SSO provider.
Users can enter their login information on the SSO provider's website. After logging in successfully, the SSO provider sends them back to IO's SAML login page. Then, IO checks the login details. If everything is okay, users are taken to the right page, like the IO dashboard. If users are already logged in, IO checks if they are valid SSO users. If they are, they are directed to the right page, such as the IO dashboard.
If an SSO user is not added:
Logging in with an SSO username/email will not be possible.
If SSO configurations are not saved and an SSO user is added, the login window will display the option to login using IO username/password.