In USM Central, user administration and management provides a broad range of control for security, role-based permissions, and integration with connected deployments. The system requires that all users log in with a username and a password. AT&T Cybersecurity recommends that users enable Using Multi-Factor Authentication (MFAA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.) for their account to provide extra security to their USM Central environment and all connected deployments.

USM Central collects information about when a user logs in to the system and what the user does. This information is available when you go to Settings > System Events. See System Events Management for more information.

Users can access settings for their own account and log out of the system by clicking the icon at the bottom of the expanded pane.

Notable user management features in USM Central include the following:

• Accounts in USM Central use role-based access control (RBAC)Describes authentication and authorization scheme in which access to functionality is based on the privileges or permissions associated with the group or role a user is a member of. to assign users to pre-defined levels of access to different functions in the user interface (UI). See Role-Based Access Control (RBAC) in USM Central for more information.
• Account access can be given an extra level of security by enabling MFA to log in. See Role-Based Access Control (RBAC) in USM Central for more information.

Note: AT&T Cybersecurity recommends that users enable MFA for their account. MFA adds extra security because it requires multiple factors to authenticateProcess used to verify the identity of a user, user device, or other entity, usually through a username and password. a user, making it more difficult for an unauthorized person to gain access to the account.

• Connected deployments can be accessed from the USM Central drop-down list at the top of the page. MFA authorization is carried over between deployments when logging into other environments from the USM Central deployments drop-down list.
• Manager accounts can regulate which connected deployments are visible in the USM Central UI for other accounts.

Because USM Central user accounts are replicated in all connected deployments, users created in USM Central will have the same role permissions in the connected deployment. These roles can be individually changed in the user management controls from the connected deployments as well. Because of the level of customization available, this enables users to have higher or lower role-based permissions in connected deployments as well as different views of what deployment information is visible in the USM Central UI.

Topics covered in this section include: