Each Carbon Black App Control Console user logs in to the system with a user name and password. Login Accounts provide system-management professionals, security team members, and others who use the console the ability to access and manage Carbon Black App Control features.

There is one built-in login account for the Carbon Black App Control Console, the admin account. It provides a way to log in to the console before other accounts are created, and it cannot be deleted. By default, this account has administrative privileges for nearly all features, and it can modify its own privileges. It also has the ability to create new accounts, and to define their privileges.

The first thing you should do when you log in as admin is change the password (also admin by default). See Changing Passwords and Other Account Details.

To create additional Carbon Black App Control Console accounts, you have two choices:

  • You can create accounts individually through the console. These accounts are managed through the console, and can be modified or deleted by users whose login accounts have the proper privileges.
  • You can permit users to log in using Active Directory credentials and map different AD groups to different privileges. AD-based Carbon Black App Control Console logins appear as “External Accounts.” For environments requiring the best security practices, Carbon Black recommends using AD-based accounts.

Although you can have a mix of AD-based and console-created login accounts, consider your preferred account management strategy before beginning to create new accounts. It is less confusing to generate all of your Carbon Black App Control Console accounts in the same way, either as AD-based accounts or as accounts created in the Carbon Black App Control Console. Otherwise, although there will not be literal duplication of full account names, you could have names that appear to be the same. For example, you could have a console-created account name “fred” and also an AD-based account “fred@somedomain.”

You have the option of using SAML to authenticate console users. See Configuring SAML Logins for information about enabling this feature.