Tanium 6.x: Console Users

Introduction

The Tanium Console enables you to manage which Console operators have access to the system, which devices authorized operators can view or manage as well as what content elements—Sensors, Saved Questions, Dashboards, and Packages—operators can use.

From the Administration -> Users tab, you can view the list of existing Tanium operators as well as edit the settings for a specific user, add new users, or delete designated users.

750px-Consoleuserslist.png

To locate a user quickly within a long list, enter filter criteria into the Show Users Containing: field near the top of the tab.

Each row in the list displays the User Name, role, time of the last login, and computer group rights associated with an individual operator along with any optional User properties.

Usage

Creating a New Console User

Use the following steps to create a new Console User:

  1. Log in to the Tanium Console with a login ID assigned the "Administrator" role
  2. Navigate to Administration⇒Users
  3. Click "Add New User +" in the upper right
  4. Enter the following details:
    User Name
    Set the User Name field equal to the operator's Active Directory account name. Alternatively, the User Name value can be the same as a local Windows user account defined on the server itself. In either case, the console uses the AD or local Windows user account only to verify Console access through Windows Authentication, so the accounts do not need any special privileges on the Tanium Server. The Tanium platform does not store or manage its own set of user credentials.
    User Role
    Select the appropriate Console User Role from the drop down list. For more information, see detailed the definition of each User Role.
    Properties
    Enter any optional Console User properties as a name/value pair to assist with User Management. For example, you may want to document the Console User's full name, email address, phone number or other properties as shown in the screenshot below. After you save the Console User definition, you can view the property value/pairs in the Console User list or access them through an external application using the Tanium platform API.
    Group Rights
    Allow Console Users to view and manage all computers or restrict the operators by Computer Group. While the User Role restricts the specific Tanium platform capabilities available to users, Group Rights restricts which computer group(s) will answer questions issued by the users; consequently, the console operators cannot take actions on machines outside their scope.
    600px-Consoleusersnewuser.png
  5. Press "Save" to complete the process

Manage an existing Console User

Use the following steps to modify the User Role, User Properties, or Group Rights of a user:

  1. Log in to the Tanium Console with a login ID assigned the "Administrator" role
  2. Navigate to Administration⇒Users
  3. Locate the User Name to update. To find the user quickly within a long list, use the "Show Users Containing" field to filter the list
  4. Click the pencil icon next the User Name. The "Edit User" dialog appears
  5. Make the necessary changes and press "Save"

Delete an existing Console User

Use the following steps to delete a Console User login ID:

  1. Log in to the Tanium Console with a login ID assigned the "Administrator" role
  2. Navigate to Administration⇒Users
  3. Locate the User Name to delete. To find the user quickly within a long list, use the "Show Users Containing" field to filter the list
  4. Click the trash can icon next the User Name. The "Delete User" confirmation dialog appears
  5. Press "Delete" to remove the Login ID or close the dialog to cancel the operation.

 

Have more questions? Submit a request