Home
CMC
Administrator Guide
Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
Administration
Settings
Users management
The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
LDAP
The LDAP page shows a list of all the lightweight directory access protocol (LDAP) configurations.
Add LDAP users
You can add existing lightweight directory access protocol (LDAP) users for login. LDAP permissions are defined based on the user group.

CMC
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
      - Security control panel
        The Security control panel page shows an overview of the current status of the learning process and lets you configure the features that manage the: learning, security profile, zones, alerts tuning, and alert closing options.
      - Features control panel
        The Features control panel page shows an overview of the current status of system features configuration and lets you fine tune specific values.
      - Users management
        The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
        Users
        The Users page shows a list of users and lets you create and delete users, and change the password and/or username of existing users.
        Groups
        The Groups page shows a list of all the user groups.
        OpenAPI Keys
        The OpenAPI Keys page lets you manage the openAPI keys. You can use OpenAPI keys for bearer token authentication instead of basic authentication, which uses a username and password.
        Active Directory
        In addition to local users, you can configure existing Active Directory users for login.
        Configure Active Directory integration
        The Active Directory page lets you configure integration.
        LDAP
        The LDAP page shows a list of all the lightweight directory access protocol (LDAP) configurations.
        Add LDAP users
        You can add existing lightweight directory access protocol (LDAP) users for login. LDAP permissions are defined based on the user group.
        SAML
        Nozomi Networks supports security assertion markup language (SAML) single sign-on (SSO) authentication.
      - CLI
        The CLI page lets you change configuration parameters and perform troubleshooting activities.
      - Dashboards
        The Dashboards page lets you create and configure widget-based dashboards that provide information about your network. The dashboards created here will show on the Guardian home page, and give an overview of the monitored environment.
      - Threat Intelligence
        The Threat Intelligence page lets you manage packet rules, YARA rules, Sigma rules, structured threat information expression (STIX) indicators and vulnerabilities to provide detailed threat information.
      - Data model
        The Data model page lets you create a custom field to the Nodes (All-In-One CMC only) and Assets tables. A custom field lets you add information that might be relevant to your organization, and cannot be extracted from network traffic.
      - Data integration
      - Credentials manager
        The Credentials manager is a tool that lets you centralize the management of monitored endpoints to make it easier to create, delete, or update the credentials that are needed to access those endpoints.
      - Zone configurations
        The Zone configurations page shows all the zone configurations in your environment and lets you add new zone configurations and edit them.
      - Synchronization settings
        The Synchronization settings page lets you customize the parameters related to upstream or downstream machines.
      - Alert playbooks
    - System
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Add LDAP users

You can add existing lightweight directory access protocol (LDAP) users for login. LDAP permissions are defined based on the user group.

Make sure that you have:

The domain name (i.e., pre-Windows 2000 name), referred to as <domainname>
The domain distinguished name, referred to as <domainDN>
One or more domain controller internet protocol (IP) addresses, referred to as <domaincontrollerip>

The supported lightweight directory access protocol (LDAP) formats are:

v2
v3

In the top navigation bar, select
The administration page opens.
In the Settings section, select Users.
The Users management page opens.
In the top right section, select LDAP.
The LDAP page opens.
In the top right section, select +Add.
A dialog shows.
In the Username field, enter a username.

Note: This requires an admin user with full LDAP server permission. The Username for the LDAP server should be a distinguished name (DN) that follows the LDAP standard. For example, cn=username,cn=group,dc=nozominetworks,dc=com.
In the Password field, enter a password.
In the Domain Controller IP/Hostname 1 section:
- To use LDAP, leave the LDAPS toggle unselected
- To use lightweight directory access protocol secure (LDAPS), select the LDAPS toggle to on.
Optional: If necessary, and you chose LDAPS, select Verify SSL.

Note: By default, the server's secure sockets layer (SSL) certificate is not verified.
If you chose LDAP, in the Port field, enter a 389. If you chose LDAPS, in the Port field, enter 636.
To check that Active Directory is running correctly on the port, select Check connection.
To add another domain controller IP address, select Add host.
In the Distinguished name field, enter a value.
Optional: If necessary, select Connection timeout, and enter a value in seconds.
To save the changes and validate the data, select Save.

Note: If there are errors, they will show next to the Status field.