Managing user accounts

To ensure that users securely work with Kaspersky MLAD, create an account for each user.

Kaspersky MLAD user accounts can be managed only by system administrators.

All created user accounts and information about them are displayed in the table tn the Users section of the administrator menu.

When installing the application, a special User System account is created. This account is not intended for use by personnel when working with Kaspersky MLAD. This account cannot be used to connect to the application web interface. To clarify whether or not you can change its settings, you are advised to consult with Kaspersky experts or a certified integrator.

You can modify user accounts as needed. Kaspersky MLAD does not allow you to delete user accounts. To prevent a specific account from accessing Kaspersky MLAD web interface, it is recommended to block this account. You can unblock this user account later if necessary. If an account was locked when the number of unsuccessful login attempts for that user was reached, you can unblock this account before the blocking period expires. You can specify the number of unsuccessful authorization attempts and the account blocking period when configuring the security settings of Kaspersky MLAD.

Next to each account, there is a vertical menu  that lets you revoke authentication tokens or view the list of rights for the specific user account.

Users section

Creating a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

To create a user account:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the Add user button.

   The Add user panel appears on the right.

4. In the Last name field, enter the last name of the user.
5. In the Name field, enter the first name of the user.
6. If necessary, enter the middle name of the user in the Middle name field.
7. In the Email address field, enter the email address of the user.
8. In the Password field, enter a password for the user account.

   The password must meet the following requirements:

   • Must contain the minimum number of characters defined in the Minimum password length setting.
   • Must contain letters of the English alphabet, numerals and/or special characters in accordance with the password policy that was set when configuring the security settings.
9. In the Confirm password field, type the password again to confirm the password for the user account.
10. Click the Save button.

Information about the new user will be displayed in the table. If necessary, you can modify user accounts and revoke their authentication tokens

When creating an account, you cannot assign a role to a user. You can assign a role to a user only when editing the user account.

Editing a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

When you edit a user account, you can assign the desired role to the user. You can also block or unblock a user account.

When a user is blocked in Kaspersky MLAD, their authentication tokens are automatically revoked, and their user sessions are terminated. A blocked user cannot log in to Kaspersky MLAD to use the application.

If the password for a user account is changed, Kaspersky MLAD also revokes authentication tokens automatically and terminates the user session of the user account whose password was changed. A user whose password has been changed can log in to the web interface with the updated password.

To edit a user account:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Users section.
3. Click the Edit button in the row of the user account that you want to edit.

   The Edit user pane appears on the right.

4. Enter the user's new last name, first name, and/or middle name, if needed.
5. In the Roles field, assign a role for the user account by selecting the corresponding check box.
6. If required, enter the user's new email address.
7. If you need to change the password, enter the new password in the Password and Confirm password fields.

   The new password must meet the following requirements:

   • Must not match previously used passwords. The specific number of most recently used passwords that must not be reused is defined by the value of the Number of user passwords stored in history setting.
   • Must contain the minimum number of characters defined in the Minimum password length setting.
   • Must contain letters of the English alphabet, numerals and/or special characters in accordance with the password policy that was set when configuring the security settings.
8. If you want to block or unblock a user account, perform one of the following actions:
   • If you want to unblock a user account, set the State toggle switch to the Active position.
   • If you want to block a user account, set the State toggle switch to the Inactive position.

   Kaspersky MLAD does not allow you to delete user accounts. If you want to prevent a specific user account from accessing Kaspersky MLAD, it is recommended to block this user account.

9. Click the Save button.

The updated information about the user will be displayed in the table.

Revoking authentication tokens for a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

After a user connects to the Kaspersky MLAD web interface, an individualized token is created so that the user authorization in the application can be saved between connection sessions to the application web interface, including when the browser is restarted. If a user is authorized on multiple assets, a token is created for each user session.

If necessary, you can revoke tokens for a user account at any time. For the user whose tokens are revoked, the connection session is terminated simultaneously on all assets where they were authorized. Revoking tokens may be useful if you need to immediately terminate application connection sessions for a specific user. After the tokens are revoked, the user can log in again and continue using Kaspersky MLAD.

To revoke tokens for a user account:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Users section.
3. Open the vertical menu  next to the account you want to revoke tokens from, and select Revoke tokens.
4. In the window that opens, confirm that you want to revoke the authentication tokens.

The user account tokens are revoked, and the user session is terminated.

Viewing access rights for a user account

Kaspersky MLAD user accounts can be managed only by system administrators.

In the Users section, you can view the list of rights for a specific user account.

To view the access rights for a user account:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Users section.
3. Open the vertical menu  next to the account you want to view the list of permissions for, and select List of rights.

The page displays a window containing information about the role and access rights of the selected user account.