Documentation forSecurity Event Manager

Add SEM users

Access to SEM data requires a user account. Even basic access, such as receiving notifications sent by SEM through email or SMS text message, requires a user account.

About SEM roles

To restrict user access to sensitive data, user accounts need to be assigned to a SEM role. There are six SEM role types: Administrator, Auditor, Monitor, Contact, Guest, and Reports. Role types are described in the following table. Learn about privileges associated with a role here.

Role Description
Administrator

The default user. This role cannot be deleted and has full access to the SEM console.

SolarWinds does not recommend multiple users sharing the Admin account for auditing purposes.

Auditor User has extensive view rights to the system, but cannot modify anything other than their own filters.
Monitor User has read-only access to the SEM console. See Modify filters for Monitor role users to configure the filters assigned to this role. Users assigned to this role cannot edit filters.
Contact User cannot log in to the SEM console, but can receive external notifications such as email sent to either the user's email address, imported distribution lists, or cellular email-to-SMS addressees for texts. Use this role if you have an external incident resolution or trouble ticket system, or if you have a user who does not need to access the console.
Guest User has extensive view rights to the system, but cannot modify anything other than their own filters.
Reports User cannot log in to the SEM console, but can access the SEM reports application. This role can access the SEM database over a secure channel if TLS encryption is enabled. See Enable transport layer security (TLS) in the SEM reports application for details.

Do not confuse roles and groups:

  • Roles restrict the actions a user can perform in SEM.
  • Groups organize related elements into logical units so that they can be used in SEM rules and filters.

About SEM user accounts

There are two ways to add a user account in SEM:

  • Add an Active Directory user account
  • Create a local user account

SolarWinds recommends using Active Directory accounts if Microsoft Active Directory is in use at your organization.

Each user should have a valid email address so that the user can receive notifications sent by SEM. SolarWinds recommends that you create distinct users for everyone who needs to receive email notifications from SEM Manager. If you want to send identical notifications to your IT department personnel, associate a distribution list email address to all relevant users.

To establish minimum password requirements for local user accounts in SEM, see Set the global password policy for SEM users.

How Active Directory accounts work in SEM

You can configure SEM to allow users to log in with their Active Directory credentials. Using Active Directory for user authentication means you do not have to maintain duplicate user accounts in SEM, and users do not have to remember an additional user name and password just for SEM.

See Set up Active Directory authentication in SEM to configure SEM to allow users to log in with their Active Directory credentials.

SEM roles are mapped to DS groups in Active Directory if AD authentication is enabled.

See Configure or View Active Directory authentication settings in SEM to look up which Active Directory groups are mapped to SEM roles.

SEM supports Active Directory single sign-on (SSO). If SSO is enabled, users can bypass the SEM login screen and go straight to the application if they are already logged in to another application that accepts the user's AD credentials.

See Set up single sign-on (SSO) in SEM to configure SEM to allow users to bypass the SEM login screen if they are already logged in to an application that accepts the user's AD credentials.

SEM can use Active Directory groups of Windows users and computer accounts in SEM rules and filters. Any changes made to users or groups in Active Directory propagate to rules and filters in SEM.

Create a local SEM user account

Access to SEM data requires a user account. Even basic access, such as receiving notifications sent by SEM through email or SMS text message, requires a user account.

User accounts need to be assigned to a SEM role to restrict access to sensitive data. There are five SEM role types: Administrator, Auditor, Monitor, Guest, and Reports. Role types are described in the following table.

  1. On the SEM Console, navigate to Configure > Users.

  2. On the Users toolbar, click Add user.
  3. Complete the user account form, and then click Add. Reference the table below for information on the form fields.
    FieldDescription
    UsernameUser account name.
    Password

    User password to access the Manager. This can be an initial system password or a temporary password that is assigned to replace a forgotten password.

    If password restrictions are enabled ( > Authentication > Local Users), SEM enforces the following policy:

    Passwords must:

    • Be between 6-40 characters
    • Not include user names
    • Not include forbidden characters

    Passwords must also include at least three of the following:

    • One upper case letter
    • One lower case letter
    • One special character
    • One digit
    Confirm password

    Enter the password again.

    Role

    Select a SEM role for this user.

    • Administrator - Has full access to the system, and can view and modify everything.
    • Auditor - Has extensive view rights to the system, but cannot modify anything other than their own filters.
    • Monitor - Can access the console, cannot view or modify anything, and must be provided a set of filters. See "Specify the filters that users assigned the Monitor role can use on the SEM Console" for steps.
    • Guest - Has extensive view rights to the system, but cannot modify anything other than their own filters.
    • Reports - Cannot log in to the SEM console, but can log in to the SEM reports application. This role can access the SEM database over a secure channel if TLS encryption is enabled. See Enable transport layer security (TLS) in the SEM reports application on page 78 for details
    First name User's first name
    Last nameUser's last name
    DescriptionType a brief description (up to 50 characters). For example, provide the user title, position, or area of responsibility.
    Contact e-mailEmail address. SEM notifies users by email about network security events. You can add as many email addresses as required.
  4. Select a user in the list to edit the user account, change the user's password, require the user to change passwords, or delete the user account.

    In the Refine Results pane, you can filter users based on account type and last login. Under Last modified, click the time setting to adjust the login time frame.

Edit user account settings

  1. On the SEM Console, click the Configure tab, and select Users from the drop-down list.
  2. Select a user account in the list:
    • To edit the user account settings, click Edit user.
    • To remove a local user account from the system, click Delete.
    • To change a user's password, click Change password, then enter and confirm the password in the pop-up window.
    • To require that a user change their password when first logging in, click Require password change.