Managing user accounts

This section contains information about managing Kaspersky MLAD user accounts.

Kaspersky MLAD user accounts can be managed only by system administrators.

To ensure that users securely work with Kaspersky MLAD, install a trusted certificate for connecting to the web interface and create an account for each user.

All created user accounts and information about them are displayed in the table tn the Users section of the administrator menu.

When installing the application, a special User System account is created. This account is not intended for use by personnel when working with Kaspersky MLAD. This account cannot be used to connect to the application web interface. To clarify whether or not you can change its settings, you are advised to consult with Kaspersky experts or a certified integrator.

If necessary, you can also add and edit user accounts. Kaspersky MLAD does not allow you to delete user accounts. To prevent a specific account from accessing Kaspersky MLAD web interface, it is recommended to block this account. You can unblock this user account later if necessary. If an account was locked when the number of unsuccessful login attempts for that user was reached, you can unblock this account before the blocking period expires. You can specify the number of unsuccessful authorization attempts and the account blocking period when configuring the security settings of Kaspersky MLAD.

Next to each account, there is a vertical menu  that lets you revoke authentication tokens or view the list of rights for the specific user account.

Users section

Creating a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

To create a user account:

1. In the lower-left corner of the page, click the  button.

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the Add user button.

   The Add user window opens.

4. In the Last name field, enter the last name of the user.
5. In the First name field, enter the first name of the user.
6. If necessary, enter the middle name of the user in the Middle name field.
7. In the Email address field, enter the email address of the user.
8. In the Password field, enter a password for the user account.

   The password must meet the following requirements:

   • Must contain the minimum number of characters defined in the Minimum password length setting.
   • Must contain letters of the English alphabet, numerals and/or special characters in accordance with the password policy that was set when configuring the security settings.
9. In the Confirm password field, type the password again to confirm the password for the user account.
10. Click the Save button.

Information about the new user will be displayed in the table. If necessary, you can modify user accounts and revoke their authentication tokens

When creating an account, you cannot assign a role to a user. You can assign a role to a user only when editing the user account.

Editing a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

When you edit a user account, you can assign the desired role to the user. You can also block or unblock a user account. If an account is blocked, the user cannot log in to Kaspersky MLAD.

If the user was logged in when the account was blocked, the application session is active until one of the following conditions is met:

• The user logged out of the account.
• The application automatically terminated the connection session when the authentication token for the user account expired.
• Authentication tokens have been revoked for the user account.

To edit a user account:

1. In the lower-left corner of the page, click the  button.

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the Edit button in the row of the user account that you want to edit.

   The Edit user window opens.

4. If necessary, do the following:
   1. In the Last name field, enter a new last name for the user.
   2. In the First name field, enter a new first name for the user.
   3. In the Middle name field, enter a new middle name for the user.
5. In the Roles field, assign a role for the user account by selecting the corresponding check box.
6. If you need to change the password, enter the new password in the Password and Confirm password fields.

   The new password must meet the following requirements:

   • Must not match previously used passwords. The specific number of most recently used passwords that must not be reused is defined by the value of the Number of user passwords stored in history setting.
   • Must contain the minimum number of characters defined in the Minimum password length setting.
   • Must contain letters of the English alphabet, numerals and/or special characters in accordance with the password policy that was set when configuring the security settings.
7. If you want to block or unblock a user account, perform one of the following actions:
   • If you want to unblock a user account, set the State toggle switch to the Active position.
   • If you want to block a user account, set the State toggle switch to the Blocked position.

   Kaspersky MLAD does not allow you to delete user accounts. If you want to prevent a specific user account from accessing Kaspersky MLAD, it is recommended to block this user account.

8. Click the Save button.

The updated information about the user will be displayed in the table. If the password for a user account is changed, Kaspersky MLAD automatically terminates the user session of the user account whose password was changed.

Revoking authentication tokens for a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

After a user connects to the Kaspersky MLAD web interface, an individualized token is created so that the user authorization in the application can be saved between connection sessions to the application web interface, including when the browser is restarted. If a user is authorized on multiple assets, a token is created for each user session. If necessary, you can revoke tokens for a user account at any time. For the user whose tokens are revoked, their work session in the application is terminated simultaneously on all assets where they were authorized. Revoking tokens may be useful if you need to immediately terminate application connection sessions for a specific user.

To revoke a token or tokens for a user account:

1. In the lower-left corner of the page, click the  button.

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the vertical menu , which is located in the row of the user account whose authentication tokens you want to revoke.
4. Select Revoke tokens.
5. In the confirmation window, click Yes.

The user account tokens are revoked, and the user session is terminated.

Viewing access rights for a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

In the Users section, you can view the list of rights for a specific user account.

To view the access rights for a user account:

1. In the lower-left corner of the page, click the  button.

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the vertical menu , which is located in the row of the user account whose list of access rights you want to view.
4. Select List of rights.

The page displays a window containing information about the role and access rights of the selected user account.