This article explains how to create new users or import existing users into the Sophos UTM.
These users can then authenticate on the UTM for key services such as Client Authentication, Web Filter, End-User Portal, SMTP Proxy, Hotspot, and STAS.
Manually create users
- Navigate to Definitions & Users > Users & Groups.
- Click on + New User.
- Fill out the basic information for the account, as shown in the image below;
- Administrators may choose to have user objects automatically created when the user first authenticates through the UTM with one of the supported backend authentication methods.
- Navigate to the Definitions & Users > Authentication Services > Global Settings tab.
- Under the Automatic User Creation heading check the tick-box beside Create users automatically, then click Apply.
- Under Automatic User Creation for Facilities, administrators may choose which system services newly created users will automatically be added to. If a user is not added during the creation process, they can be manually added later.
- Click on Apply after checking the tickbox next to the facilities.
Note: For any user object to be created they will need to log in through the UTM with one of the supported services. Servers can be added at Definitions & Users > Authentication Services > Servers tab. Users authenticated with Active Directory Single Sign-On will not be added automatically.
One of the easiest ways to import users is to prefetch individual users or groups from Active Directory.
- Navigate to Definitions & Users > Authentication Services > Advanced.
- Scroll down to the Prefetch Directory Users heading.
- At the Server option, click on the drop-down menu and select the Active Directory Domain Controller.
Note: If the server has not been added then you will need to navigate to Definitions & Users > Authentication Services and go the Servers tab.
- Select a prefetch day and time, if the process is to be automated. Alternatively, administrators may choose to only prefetch manually with the Prefetch Now button at the bottom.
- Under the Groups title, click on the folder icon and select the AD users or groups to prefetch.
Note: Do NOT use Domain Users as this group will not prefetch correctly. If necessary make a group and name it UTM Users and put only users who need to access UTM facilities in that group.
- Click on Apply.
- The users will now be prefetched, view the live log to watch them as they are imported or just wait and check the list at Users & Groups > Users.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.