NetAct™ 22 FP2305

User Management Help

DN0985977
Issue: 4-0 Final

© 2023 Nokia. Nokia Confidential Information

Use subject to agreed restrictions on disclosure and use.

User Management Help DN0985977 4-0 Disclaimer

Nokia is committed to diversity and inclusion. We are continuously reviewing our customer documentation and consulting with standards
bodies to ensure that terminology is inclusive and aligned with the industry. Our future customer documentation will be updated accordingly.

This document includes Nokia proprietary and confidential information, which may not be distributed or disclosed to any third parties without
the prior written consent of Nokia.

This document is intended for use by Nokia’s customers (“You”/”Your”) in connection with a product purchased or licensed from any company
within Nokia Group of Companies. Use this document as agreed. You agree to notify Nokia of any errors you may find in this document;
however, should you elect to use this document for any purpose(s) for which it is not intended, You understand and warrant that any
determinations You may make or actions You may take will be based upon Your independent judgment and analysis of the content of this
document.

Nokia reserves the right to make changes to this document without notice. At all times, the controlling version is the one available on Nokia’s
site.

No part of this document may be modified.

N O WA RRA NT Y O F AN Y KI ND , EI T HER EXPR ES S OR I M P L I E D , I N C L U D I N G B U T N O T L I M I T E D TO A N Y

WARR ANT Y OF AVA IL ABI LI T Y, AC CU RAC Y, R EL I A B I L IT Y, T I T L E , N O N - I N F R I N G E M E N T, M E R C H A N TA B I L I TY
OR F IT NE SS FO R A PA RT ICU LAR PU RPO SE, I S M A D E IN R E L AT I O N TO T H E C O N T E N T O F T H I S D O C U M E N T.
IN NO EVEN T WI L L NOK IA B E LI ABLE F OR AN Y DA M A G E S , I N C L U D I N G B U T N O T L I M I T E D TO S P E C I A L ,
D IRE CT, IN D IRECT, I NCI DE NTAL OR C ON SEQ UE N T IA L OR A N Y L O S S E S , S U C H A S B U T N O T L I M I T E D TO LO SS
OF PRO F IT, REVE NU E, B US IN ESS IN T ER RU PT I ON , B U S I NE S S O P P O RT U N I T Y O R D ATA T H AT M AY A R I S E
FRO M T HE USE O F TH IS DO CU M EN T O R T HE IN F OR M AT IO N I N I T, E V E N I N T H E C A S E O F E R R O R S I N O R
OM IS SI O NS FRO M T HI S DOC UM EN T O R IT S CO NT E N T.

This document is Nokia’ proprietary and confidential information, which may not be distributed or disclosed to any third parties without the
prior written consent of Nokia.

Copyright and trademark: Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document may be
trademarks of their respective owners.

© 2023 Nokia.

© 2023 Nokia. Nokia Confidential Information

Use subject to agreed restrictions on disclosure and use.

User Management Help DN0985977 4-0 Table of Contents

Contents
1 About user management................................................................................................................................ 4

2 Viewing users list............................................................................................................................................ 6

3 Managing users............................................................................................................................................... 7
3.1 Creating users........................................................................................................................................... 7
3.1.1 Creating login profile.........................................................................................................................9
3.1.2 Deleting user home directories.......................................................................................................11
3.2 User profile modification......................................................................................................................... 11
3.2.1 Modifying existing login profile....................................................................................................... 11
3.2.2 Modifying personal information of users........................................................................................ 13
3.2.3 Unlocking account under login profile............................................................................................ 15
3.3 Deactivating users profile........................................................................................................................16
3.4 Activating users profile............................................................................................................................17
3.5 Filtering users..........................................................................................................................................18
3.6 Deleting users......................................................................................................................................... 19
3.6.1 Deleting login profile....................................................................................................................... 20

4 User group management.............................................................................................................................. 22

4.1 Viewing groups list.................................................................................................................................. 22
4.2 Creating groups.......................................................................................................................................23
4.3 Filtering groups........................................................................................................................................24
4.4 Modifying group information....................................................................................................................25
4.5 Deleting groups....................................................................................................................................... 26

5 Management of active user sessions......................................................................................................... 28

5.1 Viewing active user sessions..................................................................................................................28
5.2 Terminating active user sessions............................................................................................................29

6 Personal settings...........................................................................................................................................31
6.1 User preferences.....................................................................................................................................31
6.2 Changing password.................................................................................................................................32

7 User administration....................................................................................................................................... 34
7.1 Exporting users, groups, and permissions............................................................................................. 34
7.2 Importing users, groups, and permissions..............................................................................................35
7.3 Password self service............................................................................................................................. 38
7.3.1 Enabling password self service...................................................................................................... 39
7.3.2 Storing answers for password self service authentication in NetAct.............................................. 40
7.3.3 Logging in to NetAct using password self service......................................................................... 41

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 3

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 About user management

1 About user management

User Management is a web-based management system for monitoring, managing, and administering
users and user groups.

The User Management application enables you to:

• manage user profiles, user groups, and password policies

• monitor active user sessions
• authenticate users

The user authentication is based on the user profile information stored in the system-specific au-
thentication repository. Authentication provides a way for identifying the user with login name and
password.

Note: The login name is not case sensitive.

The system authentication is handled by User Management.

User access to view and use all the pages in the application is controlled by permissions that can be
administered in the Permission Management application. The security administrator administers the
permissions.

Table 1: Terms and definitions describes the User Management terms and definitions.

Term Definitions

User profile User profile represents the personal details of a user. Users need a login profile to
access NetAct applications.

Login profile Login profiles contain validating information, such as login name and passwords
based on the system policies. A user associated with a single user identity can have
multiple login profiles.

Each login profile created for a user is called as an account. Each account compris-
es of login name and password with defined access levels.

Login name A unique name used for identification when accessing NetAct.

User group All users in the system are assigned to different user groups with specific permis-
sions and roles.

The different user groups are:

• Primary group: is an attribute of a login profile and cannot be deleted. All users
are assigned to primary group by default.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 4

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 About user management

Term Definitions

• Secondary group: is an optional attribute of a user. A user can belong to sever-

al secondary groups. Only the administrator can create the secondary group.
• Default group: is created for internal system users. It cannot be deleted.

For example:

– sysop
– wassrvid
– ruim_admin
• Power group: it has all the permissions, such as create, modify, and delete user
accounts. Power group cannot be deleted.

The sysop group is a power group.

For more information on groups and their roles, see Group Explorer in Permission
Management Help.

Session An active user session begins when a user logs in to NetAct and ends when the user
logs out. A user can open multiple sessions at a time.

Table 1: Terms and definitions

Note:

• User Management application does not support multiple browser tabs or windows.
• Every NetAct user can access User Management application to change the account
password or type answers for Password self service (when configured). However, the
user must have PEMGUI permission to access user management functionalities, such as
create, modify, delete, define policies, set expiration dates, and so on.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 5

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Viewing users list

2 Viewing users list

List users page provides the list of all the active and inactive users configured in NetAct.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

Expected outcome

The User Management application opens. The List users page appears displaying all the active and
inactive users configured in NetAct.

Note:

• If an expiration date for a user is set by the administrator for a particular user profile, it
appears in the corresponding Profile status column.
• To enable Activate, Deactivate, Modify, and Delete buttons, select a user profile.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 6

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

3 Managing users
This section provides information about:

• Creating users
• User profile modification
• Deactivating users profile
• Activating users profile
• Filtering users
• Deleting users

3.1 Creating users

User information consists of user profile and login profile. User profile represents a particular user,
whereas login profile represents the specific account of a user. A user profile can have multiple login
profiles, but a login profile always belongs to one user only.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Login profiles contain validating information, such as passwords based on the system policies. Users
need a login profile to access NetAct applications.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Click New....

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 7

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The New user page appears.

4. Click the Basic tab if it is not selected by default.

5. In the Personal details area, do the following:

• In the First name field, type the first name. Spaces before or after the first name are omitted.
The maximum number of characters allowed is 64.
• In the Last name field, type the last name. Spaces before or after the last name are omitted.
The maximum number of characters allowed is 64.
• In the Email id field, type the email ID. The maximum number of characters allowed is 100.

Note: The default Preferred Language is English (United States). The Preferred
Language option is shown only when multiple display languages are available.

6. Click the Additional tab to add personal information.

The following fields are available:

• Employee id
• Mobile phone
• Business phone
• Fax
• Address line 1
• Address line 2
• Address line 3

Note:

• The maximum number of characters allowed in Employee id is 20.

• The maximum number of characters allowed is 26 in the following fields:

• Mobile phone
• Business phone
• Fax
• The maximum number of characters allowed is 100 in the following fields:

• Address line 1
• Address line 2
• Address line 3

7. Click the Expiration tab to set the expiration date, if required.

• In the User profile expires area, do the following:

• Type the expiration date in the field or click the calendar icon to select the desired date. Enter
the expiration date in the YYYY-MM-DD format.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 8

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

Or

• Select Never if you do not want to set an expiry date for the user.

Note: The user profile and the corresponding NetAct login profiles are automatically
deactivated at midnight on the specified expiration date.

8. Click Create.

Expected outcome

The User profile successfully created message appears and the user is created.

3.1.1 Creating login profile

Login profile is required to access the Nokia application. It contain credentials to log in to the system.

Prerequisites

• You must have PEMGUI permission to access the User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user and click Modify....

The Modify user page appears.

4. Click the Basic tab if it is not selected by default.

5. In the Login profile details area, do the following:

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 9

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

• In the Login Name field, type the login name. The number of characters in Login Name can
vary between 4 and 20 characters.

Note: By default, maximum length of the login name is set to 8. Use the Policy
Configuration option to change the maximum length of the login name. For more
information, see Login name policy in Administering Users and Permissions.

• In the password field, type the password.

• In the Confirm password field, retype the password.

Note:

• By default, Nokia supports characters in range a-z, A-Z, 0-9 and any of the
following special characters:

!%&()+,-.:;<=>?[]^{|}~_
• The list of unsupported special characters in password that have already been
restricted is available in the Unsupported special characters in password field in
Password syntax policy area in Policy configuration page.
• Use the Policy Configuration option to change the password policy settings. For
more information, see Configuring policy for system users and end users in directory
server in Administering Users and Permissions.

6. Select the Password never expires check box if password of the user is not meant to be expired
indefinitely. If this option is cleared, the password of user will expire according to Password expiry
policy.

Note: Nokia recommends that user set with Password never expires option change
their password periodically to ensure security.

7. In the Associated groups for account: section, from the End-user groups table, select the
check box next to the group to associate a group to the user.

Note: Association of sshaccess group for user along with valid login shell and home
directory grants secure shell access for user. For more information, see Managing user
SSH and certificate configuration in Administering Users and Permissions.

8. In the Associated groups for account: section, from the Node Manager groups table, select the
check box next to the group.

Note:

• At least one group must be selected when Node Manager is integrated.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 10

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

• If Node Manager server group is not permitted for a given user, then any group with
minimum permissions such as NetAct_Users can be used.

9. Click Add.

The page is refreshed and the login profile becomes a member of the selected group.

10. Click Save.

Expected outcome

The User profile details updated successfully message appears and the login
profile is created.

3.1.2 Deleting user home directories

Currently, the user home directory deletion is supported only while disabling SSH login.

If the home directory requires to be cleaned at the latter phase, ensure that system users and end
user home directories exist. Also, ensure that omatestdir non-user folder is not deleted.

3.2 User profile modification

This section provides information on:

• Modifying existing login profile

• Modifying personal information of users
• Unlocking account under login profile

3.2.1 Modifying existing login profile

You can modify the existing login profile by using the Modify option.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 11

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user that has a login profile which needs to be changed.

4. Click Modify.

The Modify user page appears.

5. In the Login details area, select the check box next to the login profile which needs to be
modified.

The Modify... button is enabled.

6. Click Modify....

The Modify user page appears and the user information is populated.

7. In the Login profile details area, do the following:

1. Select or clear the Password never expires check box to change the password expiration of
the login profile.

• Selecting the check box makes password not to expire indefinitely.

• Clearing the check box makes user password to expire according to the Password expiry
policy.

Tip: Change of expiry configuration can result in existing user password to expire
immediately, if the password expiry duration is lapsed with password expiry
policy configuration set to on. Hence, operation must be performed cautiously
by informing the user about the change in expiration configuration to avoid
unexpected change in expiration behavior for the user.

Note:

• Nokia recommends that the user set with Password never expires option to
have their password changed periodically to ensure security.
• It is not possible to change the password expiration for system users as
password of such users are never meant to expire.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 12

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

• You can add or remove group associations for the login profile by selecting
the corresponding check boxes in the End-user groups and Node manager
group lists.
• The user associated with sshaccess group along with valid login shell and
home directory is granted with secure shell access. For more information,see
Managing user SSH and certificate configuration in Administering Users and
Permissions.
• Disassociation of group sshaccess for user revokes secure shell access for
user.

2. In the Password field, edit the password.

3. In the Confirm password field, retype the password.

8. In the Login details area, click Modify....

9. Click Save.

Expected outcome

The User profile details updated successfully message appears and the user profile
is modified.

3.2.2 Modifying personal information of users

The personal information of the selected user, such as Login name, Employee id, Mobile phone,
Business phone, and so on can be modified.

Prerequisites

• You must have PEMGUI permission to access User Management application.

• The user information must be defined in the database.
• The user profile must not be deactivated.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 13

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user.

4. Click Modify....

The Modify user page appears.

5. Click the Basic tab if it is not selected by default.

6. In the Personal details area, edit the required fields that you want to modify. The available fields
are:

• First name
• Last name
• Email Id
• Preferred Language

Note:

• Preferred Language option is shown only when multiple display languages are
available.
• In case the preferred language is unavailable, then the default language is
selected.

7. Click Additional tab.

8. In the Personal details area, edit the required fields that you want to modify. The available fields
are:

• Employee id
• Mobile phone
• Business phone
• Fax
• Address line1
• Address line2
• Address line3

9. Click Expiration tab.

10. In the Personal details area, do one of the following:

• Select Never for the user profile not to expire indefinitely.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 14

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

Or

• Select the calendar icon to set the expiration date for the user profile.

11. Click Save.

Expected outcome

The User profile details updated successfully message appears and the personal
information of the selected user is modified.

3.2.3 Unlocking account under login profile

When the user exceeds the maximum number of login attempts, the user accounts will be locked.
These locked user accounts can be unlocked under the login profile.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. In the Login names search filter, type the login name for which the account to be unlocked.

4. Click Modify....

The Modify users page appears.

5. In the Login details area, select the check box next to the Login name for which the Account
status is shown as Locked.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 15

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The Unlock button is enabled.

6. Click Unlock.

The Accounts successfully unlocked message appears.

7. Click Save.

Expected outcome

The User profile details updated successfully message appears and the account under
login profile is unlocked.

Note: The status of an account cannot be seen in the List users page. A user profile can
have more than one account. Status of all the accounts of a user profile can be seen and
modified in Login details area in the Modify User page.

3.3 Deactivating users profile

User profiles can be deactivated manually or based on the configured expiry date. Deactivating the
user profile prevents all accounts registered under that profile from logging in to the User Management
application.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 16

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user.

4. Click Deactivate.

Expected outcome

The User profile(s) deactivated successfully message appears and the user profile
is deactivated.

Note: Deactivation of a user profile does not terminate the current active user sessions of
its account. To terminate such active user sessions manually, see Management of active
user sessions.

3.4 Activating users profile

User profiles can be deactivated manually or based on the configured expiry date. Such user profiles
can be activated using the Activate option.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 17

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user.

4. Click Activate.

Expected outcome

The User profile(s) activated successfully message appears and the user profile is
activated.

3.5 Filtering users

Listed users can be dynamically filtered in the List users page.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. You can filter the users with the following search options:

• First name

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 18

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

• Last name
• Email id
• Login names
• Profile status

4. Type the letter in the text field available for each column.

Note: The type of search in the text field is not case sensitive.

Expected outcome

The user with the matching initials appear in the list.

3.6 Deleting users

Deleting a user profile removes user and their associated accounts from the User Management
application.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 19

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user to be deleted.

4. Click Delete.

A confirmation dialog box appears.

5. Click OK to continue.

Expected outcome

The User profile(s) successfully deleted message appears and selected user is deleted.

Note:

• You can delete multiple users at a time.

• You cannot delete default users.
• Deletion of a user does not terminate the current active user session of its account. To
terminate such active user sessions manually, see Management of active user sessions.

3.6.1 Deleting login profile

Deleting a login profile removes their associated account from the user profile.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 20

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Managing users

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. Select the check box next to the user.

4. Click Modify.

The Modify user page appears.

5. In the Login details area, select the check box next to the user.

The Delete button is enabled.

6. Click Delete.

A confirmation dialog box appears.

7. Click OK.

The Accounts successfully deleted message appears.

8. Click Save.

Expected outcome

The User profile details updated successfully message appears and the selected
login profile is deleted.

Note: Deletion of a login profile does not terminate the current active user session of its
account. To terminate such active user sessions manually, see Management of active
user sessions.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 21

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

4 User group management

This section provides information about the tasks which can be performed in the List groups page.

List Groups page enables a user to do the following group related actions:

• Viewing groups list

• Creating groups
• Filtering groups
• Modifying group information
• Deleting groups

4.1 Viewing groups list

The List groups page provides a list of all the groups present in the system.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Groups → List Groups.

Expected outcome

The List groups page appears displaying all the groups available in the system.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 22

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

4.2 Creating groups

Users are allocated into groups based on the geographical area that the group is responsible for, or
based on the tasks that the group performs in the network.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Groups → List Groups.

The List groups page appears displaying all the groups available in the system.

4. Click New.

The New group page appears.

5. In the Basic details area, do the following:

• In the Group name field, type the group name.

Note: A group name must consist of one or more words separated by spaces.
Consecutive spaces are not allowed between two words, where each word must
contain at least one character. Only characters from the range [a-z, A-Z, _, 0-9] are
expected and the maximum length of the name must not exceed 64 characters. The
name should not start or end with a space.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 23

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

• In the Group description field, type the description.

Note: The maximum number of characters allowed in the description field is 250.

6. Click Create.

Expected outcome

Group successfully created message appears.

Note: The maximum number of groups supported by NetAct for optimal performance is
125. This is on top of the default NetAct groups.

4.3 Filtering groups

Listed groups can be dynamically filtered in the List groups page.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Groups → List Groups.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 24

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

The List groups page appears displaying all the groups available in the system.

4. You can filter the user groups with the following options:

• Group name
• Description

5. Type the letter in the text field available for each column.

Expected outcome

The group with the matching initials appear in the list.

4.4 Modifying group information

The group information such as associated login names and group description can be modified.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Groups → List Groups.

The List groups page appears displaying all the groups available in the system.

4. Select the check box next to the group name.

5. Click Modify.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 25

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

The Update group details page appears.

Following are the possible fields which can be modified:

• Associated login names

• Group description

Note:

• Select Cancel in the Update group details page, if the changes are not required.
• Association of sshaccess group for user along with valid login shell and home
directory will grant secure shell access to the user. For more information, see
Managing user SSH and certificate configuration in Administering Users and
Permissions.

Disassociation of sshaccess group for user will revoke the secure shell access for
user.

6. Modify the required information and click Save.

Expected outcome

Group details successfully modified message appears.

4.5 Deleting groups

Deleting a group removes the group-user association. Only admin can delete the group.

Prerequisites

• You must have PEMGUI permission to access User Management application.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 26

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User group management

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Groups → List Groups.

The List groups page appears displaying all the groups available in the system.

4. Select one or more check boxes next to the group name.

5. Click Delete.

A confirmation dialog box appears.

6. Click Yes.

Expected outcome

Group successfully deleted message appears.

Note: During installation, the default groups such as ruim_admin, sysop,and wassrvid
are created in the system and it cannot be deleted.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 27

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Management of active user sessions

5 Management of active user sessions

This section provides information about viewing and terminating active user sessions.

• Viewing active user sessions

• Terminating active user sessions

5.1 Viewing active user sessions

Prerequisites

• You must have UMGUI - View All NetAct Sessions or UMGUI - Administer NetAct Sessions
permissions to view the all the active user sessions in the system.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Sessions → List Active
Sessions.

Expected outcome

The Active Sessions page appears displaying all the active user sessions in the system.

Note:

• You can view active sessions with Session id, Client terminal name, Client terminal
address, Login name, and Start time in server time zone (time when the session was
started).

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 28

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Management of active user sessions

• For filtering the displayed items, type the first character of the attribute in the column
header. To sort the displayed items based on certain field, click the arrow under the
relevant field header.
• Click Refresh to update the page.

The page is refreshed and the time of the last refresh is updated accordingly.
• By default, the session with only NetAct Monitor application in use is not listed as active
session. This can happen when user has logged out from NetAct and the Monitor
application session is still active. To track the Monitor application, follow the instructions
provided in Configuring session management in Administering Fault Management.

5.2 Terminating active user sessions

Prerequisites

• The license NetAct Enhanced Session Management must be available for session termination.
To know the license availability, see Checking session management license in Administering
Users and Permissions.
• You must have UMGUI NetAct Sessions permission to terminate active user sessions in the
system.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Sessions → List Active
Sessions.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 29

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Management of active user sessions

The Active Sessions page appears displaying all the active user sessions in the system.

4. In the Active sessions table, select the check box next to the relevant user.

Note: It is also possible to filter and sort entries based on Session id, Client terminal
name, Client terminal address, or Start time for determining the session to terminate.

The Terminate button is enabled.

5. Click Terminate.

The Confirm Session Termination dialog box appears.

6. Click Terminate.

OR

7. Select the check box in Active sessions table header.

8. Click Terminate to terminate all active sessions which are allowed for termination.

The Confirm Session Termination dialog box appears.

9. click Terminate.

Expected outcome

The selected active user session or sessions are terminated.

Note:

• You cannot terminate omc, pm2sol, restda, and nbi3gcpm user sessions.
• Termination of particular session closes all opened web application instances whereas,

– for rich client application (javaws application), session becomes invalid and
application will not be closed automatically.
– for Monitor application, follow the instructions provided in Configuring session
management in Administering Fault Management to monitor and terminate the
session.
• NetAct web application windows or tabs take few seconds for auto closure.
• User sessions which are not managed by User Management applications such as Citrix,
RDP, or SSH session to NetAct VM's are not affected on termination.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 30

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Personal settings

6 Personal settings
This section provides information about viewing and configuring the required preferences and chang-
ing the password for a particular user.

• User preferences
• Changing password

6.1 User preferences

The logged-in user can view and configure the required preferences from the Preferences page.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the Personal Settings drop-down list, select Preferences.

The Preferences page appears.

4. In the Language Preference area, select a language from the Preferred language drop-down list
to change the language of the logged-in user.

Note: The Preferred language:

• drop-down list shows all the languages available in NetAct.

• setting is not applicable for external users.

5. Click Save.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 31

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Personal settings

Expected outcome

For all the subsequent logins, the language of the user is changed.

6.2 Changing password

The users can change the password in adherence to the current password policy.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security → User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the Personal Settings drop-down list, select Change Password.

The Change Password page appears.

4. In the Login profile details area, do the following:

• In the Old password, type the old password.

• In the New password, type the new password.
• In the Confirm password, retype the new password.

5. Click Save.

Expected outcome

User profile details updated successfully message appears.

Note:

• You cannot change the password of system users except omc. Use the password tool
to change the password of system users. For information about how to change the

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 32

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 Personal settings

password using the password tool, see Changing password of users using password-tool
in Administering Users and Permissions.
• Change of password is not applicable for external users.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 33

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

7 User administration
This section describes how to define policies for disabling unused user names. The Unused login
names disable policy checks inactive login name (unused user name refers to users who did not log
in to NetAct through Start page or by SSH to any NetAct VM for the configured Login names deacti-
vation duration days) and then disables the corresponding user profile. For detailed information, see
the following:

• Exporting users, groups, and permissions

• Importing users, groups, and permissions
• Password self service

7.1 Exporting users, groups, and permissions

A .XML file can be downloaded with the details of all the contexts, custom-roles, user-defined groups,
and end-users using Export Users and Permissions option.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security→User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 34

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Administration → Export Users
and Permissions.

Expected outcome

The .XML file is downloaded with the details of all the contexts, custom-roles, user-defined groups,
and end-users.

Note:

• Password for an account never expires if <passwordNeverExpires>true</

passwordNeverExpires> tag is available for that account.
• Password gets expired once the password is left unchanged for the
configured number of days as defined in password expiration policy if
<passwordNeverExpires>false</passwordNeverExpires> tag is present for an
account. For more information, see Password expiry policy in Administering Users and
Permissions.

7.2 Importing users, groups, and permissions

You can add or modify existing users, groups, and roles in bulk using Import Users and Permissions
option. The existing permissions will be automatically updated, if they are referred by roles.

Prerequisites

• You must have PEMGUI permission to access User Management application.

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations.

1. Log in to the NetAct Start Page.

a) In the address field of your internet browser, type the following URL address:

https://<system_FQDN>/startpage

where <system_FQDN> is the fully qualified domain name of the NetAct cluster load balancer
for WebSphere. For more information, see Launching the NetAct Start Page.
b) Type the Username and Password, and click Log In.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 35

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

Note: If the terms and conditions appear, select the I have read and agree to
the above terms and conditions check box, and then click Log In. For more
information, see Modifying terms and conditions page.

c) Click Accept or Continue.

2. Click Security→User Management.

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the User Management Operations drop-down list, select Administration → Import Users
and Permissions.

The Import users and permissions page appears.

4. In the Import file field, click Add and select the .XML file to be imported.

Note:

• Password expiration of a user account can be controlled by adding

passwordNeverExpires tag in the .XML file.

<passwordNeverExpires>value</passwordNeverExpires>

value can be:

• true: Specifies user account's password never gets expired.

• false: Specifies user account's password gets expired if their password is left
unchanged for the configured number of days as specified in password expiry
policy. For existing account, password does not expire even if <passwordNev-
erExpires> is set to false and modified successfully when Password Expiry
is set to off. For more information, see Password expiry policy in Administering
Users and Permissions.
• Default value for passwordNeverExpires tag is false.
• Existing permissions can be assigned to roles by adding a permissions element in
the section role.
• A permission is fully qualified by an identifier consisting of the root context,
authorization object, and authorization operation, separated by a : character.
• If root context is missing, then the default context OES will be used.
• If more than one permission is assigned to a role, then the permission identifiers in
the permission element in the role section must be separated by a | character.
• Existing assignments are not removed, if a permission is not listed in the permissions
element.
• The permissions element may also be empty or can be omitted if not needed.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 36

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

• The result file of the Export Users and Permissions function shows all existing
permissions, including the valid identifiers to be used for the import. For more
information, see Exporting users, groups, and permissions. Permissions can be
created through Adaptation Management.
• The scope of an existing role-permission association will not be changed by user and
permission import function. The scope of a new role-permission association will be
global and may be changed in Permission Management.
• Only existing permissions can be assigned to roles. The creation of new permissions
is part of adaptation management.

5. In the Default password field, type the password.

Note: The default password is used for user entries that do not have password attribute
in .XML file.

6. In Confirm default password field, retype the password.

7. Click Import.

Expected outcome

The progress tracker displays the progress of the import operation.

During import, the system retains:

• existing users, groups, permissions, and roles

• existing role to permission, and group to role associations
• existing scope information in the target system
• failure messages in the Import Summary

Note: Import action can fail due to the following reasons:

• associatedADGroups tag in .XML for import is not defined, empty, or invalid. When
Node Manager server integration is enabled, then associatedADGroups tag is added,
Node Manager group names are listed separated by pipeline characters (|). The user
account in the Node Manager server (Domain Controller) is associated with the Node
Manager group names.
• If the password of a system user (other than omc) is changed, import operation shows
an error message. You must use the password tool to change the password of system
users, other than omc.
• The file format for bulk import is .XML. You can download the template for the file format
by selecting Download template option.
• Ensure the length of the user ID is not more than 31 characters. If the length is more
than 31 characters, TeleManagement Forum (TMF) does not support create and modify
operations for that user ID.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 37

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

• Ensure that the user ID does not contain any special characters
and spaces in the XML file. Allowed characters for user ID are,
[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_].
• The system does not retain the existing user to group associations.
• Association of group sshaccess for user along with valid login shell and home directory
will grant secure shell access for user. For more information on this, see Managing user
SSH and certificate configuration in Administering Users and Permissions.

Disassociation of sshaccess group for user revokes secure shell access.

• The roles provided in the .XML file must not contain stereotype permissions. If any
custom-roles are required to be assigned with stereotype permission, it must be done
manually through Monitor application. For more information, see Granting permissions to
a role in Permission Management Help.
• The account ID does not conform to the Login name policy defined in Policy
Configuration. For more information, see Login name policy in Administering Users and
Permissions.
• One or more of the permissions, which are assigned to a role do not exist, or the
identifier string is invalid.
• The maximum number of groups supported by NetAct for optimal performance is 125.
This is on top of the default NetAct groups.
• The maximum number of roles supported by NetAct for optimal performance is 200. This
is on top of the default NetAct roles.

7.3 Password self service

Password self service enables NetAct users to reset the password without the intervention of a NetAct
administrator. To reset the password, NetAct users must authenticate Password self service by an-
swering a set of predefined questions. If NetAct user answers the configured number of questions cor-
rectly, the user is requested to type a new password and is logged in to NetAct.

By default, the password self service is disabled. To enable password self service, see Enabling pass-
word self service.

To use password self service, do the following:

• Each NetAct user must store answers to the pre-defined questions in NetAct.
• User can authenticate password self service by answering the set of pre-defined questions.

Note: Password self service is not available for NetAct system users and external user ac-
counts. For more information about external user accounts, see User Management in Securi-
ty Management Overview and Operations.

For detailed information about Password self service, see:

• Enabling password self service

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 38

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

• Storing answers for password self service authentication in NetAct

• Logging in to NetAct using password self service

7.3.1 Enabling password self service

Note: Only NetAct administrator can enable Password Self Service.

1. Log in to the WebSphere application server through Linux command shell as omc user.

2. Copy the Pref_PasswordSelfService file to custom location by doing the following:

a) Create a folder in /etc/opt/oss/global/custom/conf/javaprefs/um location, if it is
not existing.

Ensure that the owner of this folder is omc and the group is sysop.
b) Copy the preference file to custom location by entering:
[omc] cp -p /var/opt/oss/global/javaprefs/um/Pref_PasswordSelfService.xml /etc/opt/oss/global/
custom/conf/javaprefs/um

3. In the copied preference file, do the following changes:

a) Set the value of entry key="enabled" to true to enable the Password Self Service.
b) Change the value of entry key="minimumNumberOfDefinedAnswersRequired", if
required.

Note: This value specifies the minimum number of answer the NetAct user must
store in NetAct to be able to use Password Self Service. The default value is three.

c) Change the value of entry key="numberOfQuestionsToBeAsked", if required.

Note: The value specifies the number of question the NetAct user is asked to
authenticate to the Password Self Service. The log in screen can show maximum
five questions. The default value is three.

d) Change the value for entry key="minimumNumberOfCorrectAnswersRequired", if

required.

Note: The value specifies the minimum number of correct answers the NetAct user
must give to authenticate to the Password Self Service. The default value is three.

4. Create a text file with pre-defined questions (one question per line) that is accessible by omc user.

5. Add the pre-defined questions to NetAct database by entering:

/opt/oss/NSN-sm_server/bin/pwssChallengeManagement.sh add --file

<filename>

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 39

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

When this command is executed, each NetAct user can enable Password Self Service for the
login name by storing answers to the pre-defined questions in NetAct.

Expected outcome

The Forgot password link on the NetAct login page enables NetAct users to authenticate to the
Password Self Service (if it is enabled for the login name).

Note:

• The questions may contain only the following special characters:

,, ;, ., :, -, _, ?

• The following command can be used to display the pre-defined questions provided in
NetAct.

/opt/oss/NSN-sm_server/bin/pwssChallengeManagement.sh list-
questions

• The following conditions must be true for values defined in the above mentioned
preference file and the number of pre-defined questions in NetAct database for the
availability of Password Self Service to NetAct users:
0 < numberOfQuestionsToBeAsked <= number of actually predefined questions in Database

0 < minimumNumberOfDefinedAnswersRequired >= numberOfQuestionsToBeAsked

minimumNumberOfCorrectAnswersRequired <= minimumNumberOfDefinedAnswersRequired

If any of the above mentioned condition is not fulfilled, then Password Self Service is
not enabled even if entry key="enabled" is true in the preference file.

In this case:

– Forgot password link is not visible in the NetAct login page.

– Also, the ordinary NetAct user cannot store any personal answers for Password
Self Service authentication in NetAct.

7.3.2 Storing answers for password self service authentication in NetAct

To use Password Self Service, each NetAct user has to store answers to the pre-defined questions in
NetAct.

1. Log in to the NetAct Start Page using your login name.

2. Click Security → User Management.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 40

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

The User Management application opens. The List users page appears displaying all the active
and inactive users configured in NetAct.

3. From the Personal Settings drop-down list, select Change Password.

The Change Password page appears.

The Change Password page appears. It displays the predefined questions for Password Self
Service in the Questions table under Authentication Information for Password Self Service.

4. Type answers to the questions in the Answers column present in the Questions table.

5. Click Save.

Expected outcome

If the NetAct user has already stored enough answers in NetAct, the information Password Self
Service is available for you appears in the Authentication Information for Password
Self Service part of the Change Password page. Otherwise, the information Password Self
Service is not yet available for you. Please answer the questions listed
above is displayed.

Note:

• During password self service authentication, the answers defined must be precise. For
example, white spaces, blanks, upper or lower cases, and special characters must be
included if they were provided in the stored answers to the pre-defined questions.
• The Already Answered column in the Questions table indicates whether the user has
already stored an answer to the question in NetAct.
• Stored answers are not displayed in the Answers column in the Questions table.
• Users can change the stored answer of an already answered question by typing a new
answer in the Answers column.
• Password Self Service is not available for NetAct system users. Therefore, the
Authentication Information for Password Self Service part in the Change Password
page is not visible to NetAct system users.

7.3.3 Logging in to NetAct using password self service

When Password self service is enabled by the NetAct administrator, the NetAct login page displays
Forgot password link. A NetAct user who has forgotten the password can use Password self
service to log in to NetAct by doing the following:

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 41

Final Use subject to agreed restrictions on disclosure and use.
User Management Help DN0985977 4-0 User administration

Note: This procedure is not applicable for external user accounts. For more information
about external user accounts, see User Management in Security Management Overview and
Operations. To reset the password of external user account, contact the administrator.

1. Launch the NetAct Start Page.

2. Type the Login Name in NetAct login page.

3. Select Forgot password link.

The Password self service page displays the questions to be answered for authentication.

4. Type the same answers to the questions as stored in NetAct in Storing Answers for Password
self service Authentication.

5. Select Apply.

6. Click OK in NetAct Login page.

7. Type and confirm the new password in Change Password page.

8. Select Change Password.

9. Click Continue.

Expected outcome

The password is changed and the NetAct user is logged in to NetAct.

Note:

• The answers must be given exactly in the same way (that is, including white space,
blanks, upper or lower caps and special characters) as stored in NetAct in the step
Storing answers for password self service authentication in NetAct.
• Wrong answers to the questions are handled in the same way as an incorrect login, that
is, the counter for unsuccessful logins is increased. If there are too many unsuccessful
logins because of wrong password or wrong answers to the questions within a specified
time, the user is locked.
• In case of unsuccessful authentication to Password self service, the following error
message is displayed:

The account is not valid or at least one answer was not correct

This error message notifies the users about the incorrect login name provided while
authenticating Password self service.

NetAct™ 22 FP2305 © 2023 Nokia. Nokia Confidential Information 42

Final Use subject to agreed restrictions on disclosure and use.