You can find the User Settings at Authentication → User.
On the User screen you can quick edit some user settings like activating/deactivating and deleting users.
Users are created in the Webgui and are disabled in the Linux system by default. You do need to activate them explicitly with the System Access option in the users setting.
Users can be in any number of Groups.
In order for a user to login to the webgui the System Admin or System User group membership is required. Other users can be used for services like OpenVPN or WebVPN.
Each User can have a set of permissions. Permissions can be configured on the User itself or through group memberships. Permissions are additive, meaning all permissions from Groups and users are added together to get the set of all permissions for the user.
Please be careful and consider which permissions each user should have.
The Admin user always has all permissions, disregarding which permissions you configure in the GUI. This user is a super user.
Each user can change and configure their own language. By default all users have the global language defined in Settings.
9.1.3. API Token¶
Each user has automatic generated API Token to access the REST API without a password. The user still needs the correct permissions to access any ressource, the token is just to make the authentication process easier. Never the less their user and password do work as well.
The User can add their SSH Key/s here. If configured in Settings, he can login without a password. The system access option is required for SSH access. If a user has system access* you can also give him sudo access to become root.
9.1.5. Authentication Server¶
A User can have multiple authentication servers. When a user logs in, he will be authenticated against the selected authentication server. The default one is the VT AIR DB. To change your Authentication Servers setup please go to System → Auth. Server and refer to the documentation at Authentication Server.
Each user can have up to 5 bookmarks that will show up in the upper right corner under his profile widget. This is a shortcut to menus. User permissions are required to access a bookmark.
9.1.7. OpenVPN Profile¶
If a user is part of a OpenVPN setup, as user or with a user certificate, the user can download the OpenVPN config at the OpenVPN profile section. The OpenVPN Profile section is at the bottom of the user update page as well as user settings/user profile page. A user can only download its own OpenVPN config files and not the config files of other users.
A user can be linked to a user certificte. If you update an existing user there is also a Create Certificate button which opens a user certificate creation window. Otherwise you can go to General → Certificates and create one there.
220.127.116.11. Two Factor Authentication¶
Two Factor Authentication can be used on the Webgui and OpenVPN. We use One Time Passwords and TOTP as an additional authentication on top of the username and password.
You can create and delete the Two Factor Authentication elements here and also see the QR Code of the TOTP, as well as your One Time Passwords. One Time Passwords are deleted after they are used and a new one is generated automatically.
You can use any TOTP enabled App for your phone to use the codes, please make sure that the VT AIR clock is synchronized as TOTP depends on the clock beeing correct. There are a lot of different Apps available for this, e.g. Google Authenticator or Authy.
One Time Passwords can also be used to give a third person access to the device where you do not have to reset a user password everytime. Just hand out a one time password in addition to the username and password.
Each logged in user can edit their own profile by navigating to the right upper corner of the screen and clicking on his name. The profile contains the name settings as well as password, language, SSH key and bookmarks.
The logout option is also in the upper right corner by clickling on the name. Additionally after a period of inactivity the auto logout will disconnect the user from VT AIR.