In USM Central, user administration and management provides a broad range of control for security, role-based permissions, and integration with connected deployments. The system requires that all users log in with a user name and a password. AT&T Cybersecurity recommends that users enable Using Multi-Factor Authentication (MFAA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.) for their account to provide extra security to their USM Central environment and all connected deployments.
USM Central collects information about when a user logs in to the system and what the user does. This information is available when you go to Settings > System Events. See System Events Management for more information.
Users can access settings for their own account and log out of the system by clicking the icon in the upper right corner of the page.
Notable user management features in USM Central include:
- Accounts in USM Central use role-based access control (RBAC) to assign users to pre-defined levels of access to different functions in the UI. See Role-Based Access Control (RBAC) in USM Central for more information.
- Account access can be given an extra level of security by enabling MFA to log in. See Role-Based Access Control (RBAC) in USM Central for more information.
- Connected deployments can be accessed from the USM Central drop-down list at the top of the page. MFA authorization is carried over between deployments when logging into other environments from the USM Central deployments drop-down list.
- Manager accounts can regulate which connected deployments are visible in the USM Central UI for other accounts.
Note: AT&T Cybersecurity recommends that users enable MFA for their account. MFA adds extra security because it requires multiple factors to authenticateProcess used to verify the identity of a user, user device, or other entity, usually through a username and password. a user, making it more difficult for an unauthorized person to gain access to the account.
Because USM Central user accounts are replicated in all connected deployments, users created in USM Central will have the same role permissions in the connected deployment. These roles can be individually changed in the user management controls from the connected deployments as well. Because of the level of customization available, this enables users to have higher or lower role-based permissions in connected deployments as well as different views of what deployment information is visible in the USM Central UI.
Topics covered in this section include: