Because USM Anywhere manages important security functions for your organization, the system requires that all users log in Log in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password. with a user-name and a password. See Role-Based Access Control (RBAC) in USM Anywhere for more information about the roles Tasks and responsibilities based on job description and position within an organization. A user's role is often used to define access to functionality and privileges to perform specific tasks and operations. in USM Anywhere.
When the first user links to a newly-provisioned USM Anywhere environment, they configure the password for the initial user account. This is the default administrator as defined in your subscription and this user account cannot be deleted. The Settings > Users page provides tools to add, edit, and remove other user accounts in the system.
If you want to protect your account, enable multifactor authentication (MFA) for your user account. When this feature is activated, USM Anywhere displays the multifactor authentication page for you to complete your MFA configuration. The displayed page provides a unique QR code for your Authenticator app to retrieve a verification code. See Using Multifactor Authentication for more information about this security configuration.
Note: AT&T Cybersecurity recommends that users enable MFA for their account. MFA adds extra security because it requires multiple factors to authenticate a user, making it more difficult for an unauthorized person to gain access to the account.
Users can access settings for their own account and log out of the system by clicking the icon in the upper right corner of the page.
USM Anywhere collects information about when a user logs into the system and what the user does. This information is available in USM Anywhere when you go to Settings > System Events. You may notice that there are logins from an admin@<your-subdomain>.alienvault.cloud user on a regular basis. The login has been created by an automated health check system, which checks for system configuration and performance issues on your instance. USM Anywhere creates these events for transparency.
USM Anywhere offers remote technical support for troubleshooting and diagnosis, where the AT&T Cybersecurity Technical Support Engineers access your instance from their computers. On such occasions, USM Anywhere provides an audit trail by creating a temporary user with the username of <user>@alienvault.com. These users are disabled after the remote session ends, and you can view them under Settings > Users.
This topic discusses these subtopics: