Configuring Local Users
Users can be created locally by adding the users manually or in bulk or imported from Active Directory (AD) and LDAP. The users can be configured with authentication parameters so they can be authenticated before accessing corporate resources or when logging into the web portal.
Local users are authenticated by the ISA authentication server and external users, such as AD/LDAP users, are authenticated by the respective corporate authentication servers. The primary authentication mechanism is Certificate and/or Password. Secondary authentication can be enabled for the user through Multi-Factor or Two-Factor Authentication using authenticator apps, email, or SMS.
User access can be further secured by configuring conditional access based on hardware and software parameters.
Add User
Login to the ISA web console using administrator credentials
Navigate to the Users page under the USERS & GROUPS menu.
Click the Add button at the top.
On the Add User window, enter the following information:
Starred fields are required fields.
First Name – Enter the first name of the user.
Last Name – Enter the last name of the user.
Username – Enter a username for the user.
Email – Enter a valid email address.
Mobile Number – Enter a valid mobile number.
Activation Method – Click the drop-down and select the activation method. For more information on Activation Method, refer to the KB article, User Settings.
Password – Enter a password for the user. The password must meet the criteria defined on the Local Profile page under the Authentication Profiles menu. If Activation Method selected is not Immediately on provisioning, this field is not displayed.
Confirm Password – Confirm the password. If Activation Method selected is not Immediately on provisioning, this field is not displayed.
Authentication Type – Select the authentication method from the drop-down. By default, it is set to Password+Certs, where, when the user connects the ISA User Agent, the user is prompted for the username and password and an mTLS connection is established. When the Type is set to Certificate, the Agent is prompted for the username and password once during the installation of the Agent. All subsequent connections will use mTLS for authentication. Authentication Type set to Password is also known as Always-On mode.
Two Factor Authentication – Turn on the toggle button to enable Two Factor Authentication.
Member of Groups – Click the box to select the user group for this user. When added to an existing user group referenced in an access rule, the user gains access to the group's resources.
Device checks – Turn on the toggle button to enable Device Checks.
Device Bind - Turn on the toggle button to enable Device Binding.
Geo Binding – Turn on the toggle button to enable Geo Binding.
Device updates - Turn on the toggle button to enable Device updates.
Click Save and Add new to add the user.
Change Password
Click the name of the user.
Click Change password.
In the Change password window, enter the new password and confirm it.
Click Save.
Click the name of the user.
In the user window, click Suspend.
On the pop-up window, click Yes, Suspend it!.
The status of the user is changed to suspended.
Click the name of the user.
In the user window, click the Edit button.
Make changes and click Update at the bottom.
Click the name of the user.
In the user window, click the Delete button.
On the pop-up window, click Yes, Delete it!.
This option allows the administrator to add a large number of users at once. The uploaded users have the following conditions:
The number of users added is limited to the subscribed number of user licenses. If the list of users exceeds the licensed quantity, users are uploaded up to the allowed license limit, and the rest are discarded with an error.
Activation Type of users is set to "Immediately on Provisioning".
Supported fields in the file are:
First Name
Last Name
Username
Email address
Country Code
Mobile Number
Password
GroupName
CSV file must begin with a header line with the above fields
Mandatory fields are First Name, Username, E-Mail id. Optional fields may contain a valid value or blank.
User authentication type is set to "Password + certificate".
On the Users page, click the Bulk Add button.
In the Bulk Upload User window, click Download Sample CSV.
The template file has the following fields.
Enter the user information in the respective fields.
In the Bulk Upload User window, click Choose File and select the file from the local drive.
Click Upload.
In the Uploaded Users window, click Save Users.
The uploaded users are listed on the User page.
- On the Users page, click the Bulk Ops button.
- In the Bulk Operations for Users window, click the drop-down under Select the bulk operation.
Listed in this field are the following operations:
Activate – Activate the users.
Suspend – Suspend the users and set the device status to suspended. Under this status, remote users cannot connect using the ISA User Agent.
Delete – Delete the users from the Users page.
- Click the Download Sample CSV under Download sample Template.
- Open the template in a spreadsheet application.
- By default, the file is empty with a header titled Username. Enter the names of the users under the Username column and save it.
- Back on the Bulk Operations for Users window, click Choose File and select the saved template file.
- Click Upload.
- In the Uploaded Users window, click Submit.
- A suspended message is displayed. Click the X icon to close the window.
- The suspended users’ status is changed to suspended.
ISA web portal administrators can download the complete list of users by clicking on the CSV button on the Users page. An email with the link to download the file in CSV format is sent to the logged-in administrator’s email address. The file has the following information:
Name – Full name of the user
Username – Username of the user
Email – Email address
Phone – Phone number
Auth Profile – Whether the user belongs to local, AD or, LDAP.
Auth Type – Authentication Type set in the user profile.
Created Time UTC – Time in UTC format when the user was added to the portal.
No of Devices – The number of devices the user has attempted to connect using the ISA User Agent.
Devices – The name of the object with the device information of the user on the Devices page.
Group Membership – The name of the user group the user is a member of.
Status – The current status of the user, whether suspended or active.
Two-Factor Authentication – Whether 2FA is enabled for the user.
Device Binding – Whether Device Binding is enabled for the user.
Device Check – Whether Device Check is enabled for the user.
Geo Binding – Whether Geo Binding is enabled for the user.
Static IP – Whether the IP address assigned to the user by the ISA User Agent is static.
QR Code Status – Whether the QR code of the user was used in authenticator devices.
Hotfix21 – Whether Hofix21 is installed for the user.
Hotfix25 - Whether Hofix25 is installed for the user.
Authenticator App – Whether the user is integrated to an authenticator app.
Device Updates – Whether device updates are installed for the user.
On the Users page, click the CSV button at the top.
A message that an email is scheduled to be sent to the administrator’s email address is displayed.
On the email received, click the download link.
Open the file.
View the file in a spreadsheet application.
Download Advanced User List
Name – Full name of the user
Username – Username of the user
Email – Email address
Phone – Phone number
Auth Profile – Whether the user belongs to local, AD or, LDAP.
Auth Type – Authentication Type set in the user profile.
Created Time UTC – Time in UTC format when the user was added to the portal.
No of Devices – The number of devices the user has attempted to connect using the ISA User Agent.
Devices – The name of the object with the device information of the user on the Devices page.
Group Membership – The name of the user group the user is a member of.
Status – The current status of the user, whether suspended or active.
Two-Factor Authentication – Whether 2FA is enabled for the user.
Device Binding – Whether Device Binding is enabled for the user.
Device Check – Whether Device Check is enabled for the user.
Geo Binding – Whether Geo Binding is enabled for the user.
Static IP – Whether the IP address assigned to the user by the ISA User Agent is static.
QR Code Status – Whether the QR code of the user was used in authenticator devices.
Hotfix21 – Whether Hofix21 is installed for the user.
Authenticator App – Whether the user is integrated to an authenticator app.
Device Updates – Whether device updates are installed for the user.
User Last Login Report – The date and time of each user’s last login.
On the Users page, click the CSV button at the top.
A message that an email is scheduled to be sent to the administrator’s email address is displayed.
On the email received, click the download link.
Open the file.
View the file in a spreadsheet application.
The Users page allows easy pagination for viewing a large number of users. You can view users by using the navigation control bar at the top right of the page.
Click the drop-down box to select the number of users to be displayed on the Users page. By default, it is set to display 10 users. You can change it to either 30 or 50 users.
Click the Next button to view the next page of users. Click the Prev button to view the previous page.
You can search a user by Name or Username by entering it in the search box.
To sort the users by Name, Username, Auth Profile, or Status, click the respective header fields.
Related Articles
Configuring Local Groups
This user guide describes the various configuration options to manage user groups on the ISA web portal. The User Groups page on the ISA web portal allows administrators to create user groups and add users to them. User groups can be created locally ...Users
A User is a person that has been provisioned in the InstaSafe Secure Access console through any of the authentication profiles. The guides below will assist you with provisioning users locally in the console.Using the Forgot Password option (Password Reset for Local Users)
This Article provided guidance in case you forgot your ISA Password and are unable to login to the ISA Portal or the ISA App. The Forgot Password option only works for users provisioned Locally in the ISA Management Console. If you use Domain ...Configuring Two-Factor Authentication
Two-Factor Authentication (TFA) adds one more layer of security to the ISA User Agent connection process, in addition to the username-password and certificate method of authentication. When TFA is enabled for a user or user group, the User Agent is ...Configuring Access Rules
The Access Rules page on the ISA web portal allows administrators to define rules to allow or deny remote user access to corporate resources. referenced in access rules. The following types of access rules can be created: Allow or deny access to an ...