Users and user groups

Users can access the ExtraHop appliance in three ways: through a set of pre-configured user accounts, through local user accounts configured on the appliance, or through remote user accounts configured on existing authentication servers, such as LDAP, Radius, and TACACS+.

If you are providing users access from an LDAP server, you can also import and manage the members of an existing user group.

Local users

This topic is about default and local accounts. See Remote Authentication to learn how to configure remote accounts.

The following accounts are configured by default on ExtraHop appliances but do not appear in the list of names on the Users page. These accounts cannot be deleted and you must change the default password upon initial login.
This account provides full system read and write privileges on the Web UI, Admin UI, and Shell, which is the ExtraHop command-line interface (CLI). On physical appliances, the default password for this account is the service tag number on the front of the appliance. On virtual appliances, the default password is default.
The shell account, by default, has access to non-administrative shell commands in the ExtraHop CLI. On physical appliances, the default password for this account is the service tag number on the front of the appliance. On virtual appliances, the default password is default.
Note:The default ExtraHop password for either account when deployed in Amazon Web Services (AWS) is the string of numbers after the -i in the instance ID.

Remote authentication

ExtraHop appliances supports remote authentication for user authentication. Remote authentication enables organizations that have authentication systems such as LDAP (such as OpenLDAP or Active Directory), RADIUS, or TACACS+ to enable all or a subset of their users to log on to the appliance with their existing credentials.

Centralized authentication provides the following benefits:

  • User password synchronization.
  • Automatic creation of ExtraHop accounts for users without administrator intervention.
  • Management of ExtraHop privileges based on LDAP groups.
  • Administrators can grant access to all known users or restrict access by applying LDAP filters.

User Groups

The User Groups page provides controls to view, enable, and disable user groups that are imported from a configured LDAP server.

User groups allow for easier sharing of dashboards to all members in the group. Only remote user accounts and groups can be members of remote user groups.

Remote user groups are automatically discovered in the distinguished name (DN) specified as part of the remote authentication settings. See the Remote authentication section about configuring LDAP authentication.

After you enable LDAP user groups through the remote authentication settings, the following user group properties appear in the table:
Group Name
Displays the name of the remote LDAP group. To view the members in the group, click the group name.
Displays the number of users in the group that are associated with a dashboard and that have logged into the ExtraHop Discover or Command appliance.
Displays the number of dashboards that are shared with the group.
Displays whether the group is enabled or disabled on the appliance. When the status is Disabled, the user group is considered empty when performing membership checks; however, the user group can still be specified when sharing a dashboard.
Last Refresh
Displays the amount of time elapsed since the group membership was refreshed. User groups are refreshed under the following conditions:
  • Once per hour, by default. The refresh interval setting can be modified on the Remote Authentication > LDAP Settings page.
  • An administrator refreshes a group by clicking Refresh All User Groups or Refresh Users in Group, or programmatically through the REST API. You can refresh a group from the User Group page or from within the Member List page.
  • A remote user logs into the ExtraHop Web UI or Admin UI for the first time.
  • A user attempts to load a shared dashboard that they do not have access to.

User privileges

Administrators determine the level of access and functionality users have with the ExtraHop Web and Admin UIs. In addition to setting the privilege level for the user, you can add certain options that can apply to any user privilege level.

For information about user privileges for the REST API, see the REST API Guide.

Privilege Levels

Set the privilege level for your user to determine which areas of the ExtraHop appliance they can access.

  Unlimited Full Write Limited Write Personal Write Full Read-Only Restricted Read-Only
Activity Maps  
Create, view, and load shared activity maps Y Y Y Y Y N
Save activity maps Y Y Y Y N N
Share activity maps Y Y Y N N N
View alert history Y Y Y Y Y N
Create and modify alerts Y Y N N N N
Custom Pages  
Create and modify custom pages Y Y N N N N
View and organize dashboards Y Y Y Y Y Y
Create and modify dashboards Y Y Y Y N N
Share dashboards Y Y Y N N N
View detections and provide feedback Y Y Y Y Y N
Analysis Priorities  
View Analysis Priorities page Y Y Y Y Y N
Add and modify analysis levels for groups Y Y N N N N
Add devices to a watchlist Y Y N N N N
Transfer priorities management Y Y N N N N
Device Groups  
Create and modify device groups Y Y N N N N
View metrics Y Y Y Y Y N
Records (Explore appliance)  
View record queries Y Y Y Y Y N
View record formats Y Y Y Y Y N
Create, modify, and save record queries Y Y N N N N
Create, modify, and save record formats Y Y N N N N
Scheduled Reports (Command appliance)  
Create, view, and manage scheduled reports Y Y Y N N N
Create and modify triggers Y Y N N N N
Administrative Privileges  
Access the ExtraHop Admin UI Y N N N N N
Connect to other appliances Y N N N N N
Manage other appliances (Command appliance) Y N N N N N

Privilege Options

The following privilege options can be assigned to users with any privilege level.
  • View and download packets
  • View and download packets and session keys
  • View connected appliances (Command appliance only)
Published 2021-05-10 17:12