Skip to main content

Security

Security Settings

Security Menu

Users

User menu contains the information of the people who can access Motadata. Every user needs a combination of username and password to access the Motadata. The profile of the user along with credentials is managed in user section. This section allows you to create and manage all the users i.e. local user, LDAP users and RADIUS users.

How Motadata communicates with LDAP and RADIUS for authentication?

  • Motadata syncs with LDAP server and imports the list of new users. You’ll need to manually assign a password, department and a role group to them.
  • The RADIUS users should be present in Motadata. Motadata uses the username for RADIUS authentication.

Users list in Motadata

Users List in Motadata

UsernameThe unique username is used to identify the user when he/she logs in.
DepartmentsA department has a set of monitors. Assigning to a department means giving permission to access monitors of that department.
StatusThe status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login.
Role GroupA role group is a set of permissions for different menus and actions in Motadata.
E-MailThe email address is used for communication by Motadata (e.g. password reset, notifications etc.)
DescriptionThe description helps people to understand the important details about the user.
OptionsYou can edit the user or delete the users. Click on to edit and to delete the users respectively.

Create and Edit Users

The screen to create and edit the users is exactly same. Click on the +New button to create a new user. To edit an existing user, click on the button.

manage users

Create and Edit User Buttons

create new user

Create/Update User

Authentication Type

- Local Authentication: Motadata will evaluate the username and password when user attempts to login from login screen.

- RADIUS Authentication: Motadata will communicate with RADIUS server to authenticate the user

First NameType the first name of the user
Last NameType the last name or the family name of the user
UsernameThe unique username is used to identify the user when he/she logs in.
E-mailThe email address is used for communication by Motadata (e.g. password reset, notifications etc.)
PasswordType a secure password. The password field hides for RADIUS authentication.
Confirm PasswordType your password again. The field hides for RADIUS authentication.
DepartmentsA department has a set of monitors. Assigning to a department means giving permission to access monitors of that department.
Role GroupA role group is a set of permissions for different menus and actions in Motadata.
StatusThe status ‘Enable’ means user is active. The status ‘Disable’ means user is inactive and cannot login.
DescriptionThe description helps people to understand the important details about the user.

Delete Users

Click on the Delete icon from users list page to delete the user. Deleting the users will also also delete all the content and settings related with the user. Motadata gives a warning message while deleting the user.

Delete users

Motadata’s Warning Message on Deleting a User

LDAP Servers

LDAP server is a common place that contains user information of all people in the network. LDAP configuration in Motadata allows users of LDAP server to access and manage Motadata GUI portal. Motadata reads from the “motadata users” group in LDAP server. Motadata syncs wiht the server in every 24 hours to get an updated copy of users.

Prerequisites

  • The LDAP server should be up and running.
  • The server should have a user group called “motadata users”.
  • Motadata will fetch all the users from the defined group.

LDAP Servers in Motadata

LDAP Servers in Motadata

Configure/Update LDAP Server: The screen to create and edit the LDAP servers is exactly same. Click on the +New button to configure a new LDAP server. To edit an existing server, click on the edit button. Once clicked, the following popup appears.

ldap server configuration

Enter the below details:

Parameter NameDescription
NameEnter the name of the Ldap server.
HostEnter the host IP address.
FQDNEnter the FQDN address
PortEnter the port number. For LDAP - 389 and for LDAPS 636.
User NameEnter the user name.
Group nameEnter the group name whose users you want to sync.
PasswordEnter the password.
Confirm PasswordConfirm the above entered password.
ProtocolEnable if you want to configure LDAPS server. If enabled, the 636 port must be enabled for LDAPS connection and a valid SSL certificate must be present and added to the JKS file.
Test ConnectionClick to test the connection with the LDAP or LDAPS server.

Once done, click Create, and the configured LDAP server will appear on the list page. There you can initiate the sync process to sync the LDAP users with the NMS application.

Sync Now: Click on the sync now icon to sync the LDAP server and fetch the subscribers. By default Motadata fetches the information in every 24 hours. Motadata locks the ‘first name’, ‘last name’, ‘username’ and ‘email address’ of the users. This means you cannot change these information.

New User Created from LDAP

User Created from LDAP

Edit LDAP User

Edit LDAP User

note

When Motadata system will sync to LDAP, LDAP will only provide Username and password as it doesn’t have the department. Based on the User’s Role, person will have to manually assign the department.

Delete: Click on the Delete icon to delete the LDAP server. Deleting the LDAP server will also delete all the content and settings related with the server. Motadata gives a warning message while deleting the server. When you delete the LDAP server configuration, Motadata also deletes the users of the LDAP server.

Delete LDAP Server

Delete Button and Warning

Departments

Department (like in the offices) is a tag/group that helps in classification of monitors and users. It is also a security measure in Motadata. For example: the monitors under the department ‘Security’ are visible only to the same department users. In admin section, we only need to define the name and description of the departments. By default ‘Global’ department is available in Motadata. If you don’t assign a user or a monitor to any department, Motadata will assign a ‘Global’ department to it.

Departments List

Departments List

To create a new department navigate to +New button. Mention the name of the department. Write a short description about the department.

Create New Department

Create New Department

Edit the department to make changes in department name and description. Click on the icon to edit the department.

Edit icon

Edit icon in Department

edit department

Edit Department

To delete a department, click on the Delete icon.

note

Note that “Global” is the default department and you cannot delete it. Motadata will also delete the users in this department if they are not assigned to any other department.

Delete department

Delete Department and Warning

User Roles

User roles is another level of security in Motadata that manages the access rights of the users. In Motadata, a role is a set of permissions that defines access and manage permissions of the menus. All the users in Motadata requires a role to create, read, update, and delete (CRUD) operations. The role group has following benefits:

  • You can assign a role to many users at a time. This means you don’t need to manage permissions of each user individually.
  • You can change the permission in role group. The change will affect all the users in that group.
  • You can assign one role to one user.
  • You can choose to give Admin access to the users of a role. Note that users with Admin role will get complete access of Motadata.
  • You can edit the users and assign them the roles created in this section.
  • You can also give partial rights to an user for Admin Panel Access.

List of user roles

List of User Roles

Manage User Role

The screen to create and edit the User Roles is exactly same. Click on the +New button to create a new user role. To edit an existing user role, click on the button.

Create New User Roles

Create New User Role Screen

Role GroupType the name of the role group. It is used to identify the role group.
Admin Panel AccessSelect ‘Yes’ or ‘No’ from drop-down. When selected yes, the users in this role group will see the admin menu (Not recommended).
DescriptionType the description about the role group. It helps people to understand what this role group is about.
Menu VisibilitySelect the menu(s) that should be visible to users of this role group. Note: Home screen is visible by default.
Permissions

For each menu, select the permissions of ‘Create’ ‘Delete’ ‘Manage’ and ‘Update’.

- Create: Allows users to create new record

- Delete: Allows users to delete the unnecessary records

- Manage: Allows users to perform various actions on the record

- Update: Allows users to update the value of record

Delete User Role: Click on the delete icon to delete the user role. Motadata gives a warning message while deleting the role. Motadata will also delete the users in this role if they are not assigned to any other role.

Delete User Role

Delete User Role and Warning

Data Security

Data security is the third and final step to complete the security configurations in Motadata. Now you have departments and user roles created; you can map the monitors with the departments. This will do the following:

  • The monitors in a department will be visible only to the users of same department.
  • The user role will define what those users can do with assigned monitors.
  • A monitor can have more than 1 department and vice - versa.
  • Same flow is available for sources of Flow/Log/Trap. We have used another tab just for the sake of convenience.

Data Security - IP Addresses in Departments

Data Security - Monitors in Departments

We have a specific method to assign and un-assign the department.

  1. Select the monitors from the list.
  2. Select the departments from the multi-selection list.
  3. Click on the “Assign” button.

Manage Data security

Manage Data Security

Points to Remember

  • You cannot un-assign an IP address from Global department. Global department is default department that has rights to everything in Motadata. Administrator account uses this department.
  • To assign department(s), check the IP address and type the names of departments. Click assign.
  • This process removes all existing departments associated with IP address and assigns new selected departments. To remove an IP address from all departments, select the IP address and click Reset.

RADIUS Settings

Similar to LDAP server, RADIUS server stores information of all the users in the network. RADIUS server is used for the real time authentication i.e. every time Motadata will send the user credentials to RADIUS server for authentication. Motadata uses only authentication service of RADIUS (and not authorization service).

How to Use RADIUS Feature

  • Setup the RADIUS Settings.
  • Create a new user in ‘Users’ menu with RADIUS type authentication.

Create RADIUS Settings

Configure RADIUS

Configure RADIUS Server

  • Provide the RADIUS Server IP address.
  • Provide the RADIUS Server port address.
  • Provide the Server Secret (also known as password).
  • Choose security type. Currently only PAP is available.

Create RADIUS User

  • Go to Users menu.
  • Create new user.
  • Select authentication type as: RADIUS.
  • Fill the required details.

Create RADIUS Uses

Create RADIUS Users

Audit

Audit contains all the logs of the activity in Motadata Server. Motadata retains up to 1 Lakh Audit logs. All the recent changes made in Motadata Server will show up in the initial pages, the logs will sort based on the age. You may also export the audit logs by clicking Export button on top right corner. The logs shall be exported in excel format.

Audit Log

Audit Log

You can also export the audit logs in PDF or CSV using the actions tab.

When you click on ‘Export PDF’ the report appears as below:

Audit Log

note

Search will work only for ‘Message Column’ i.e Any keyword present in the Message Column will only be searched and not any other.