Starting in NSX-T Data Center 3.1.1, you can manage local users, including guest users, through NSX Manager UI. You can activate or deactivate a user account or change its user name and role assignments.

You cannot deactivate admin or change its role assignments. You also cannot change the role assignments for audit. The admin user or any user with the Enterprise Admin role can perform the following tasks:
  • Activate or deactivate any local user accounts, except for admin.
  • Change user role assignments for the two guest users.
  • Add a new role, clone an existing role, edit or delete user-created roles. See Create or Manage Custom Roles.
  • Reset user passwords. In addition, all local users can reset their own passwords.
  • Change the usernames for any of the four user accounts.

The audit and guest users have default read privileges to the NSX-T environment and are not active by default. Before they can log in to NSX Manager, you must activate them first.

You cannot delete or add any local user accounts. Any change to local user accounts is audited.

By default, user passwords expire after 90 days. You can change or deactivate the password expiration for each user.

When a user logs in to NSX Manager, if the password is set to expire within 30 days, the NSX Manager UI displays a password expiration notification. If you set the password expiration to 30 days or less, the notification is always present. The notification includes a Change Password link. Click the link to change the user's password.

Prerequisites

Familiarize yourself with the password complexity requirements for NSX Manager and NSX Edge. See "NSX Manager Installation" and "NSX Edge Installation" in the NSX-T Data Center Installation Guide.

Procedure

  1. From your browser, log in as admin to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > User Management.
  3. To activate a user, select the Local Users tab and locate the user name.
    1. Click Actions menu.
    2. Select Activate User.
    3. Enter a password for the user.
    4. Click Save.
  4. To change or reset a user password, select the Local Users tab and locate the user name.
    1. Click Actions menu.
    2. Select Reset Password.
    3. Enter the password details.
    4. Click Save.
  5. (Optional) To edit a user role assignment for guest users, select the User Role Assignment tab and locate the user name.
    1. Click Actions menu.
    2. Select Edit.
    3. Select the role or roles from the dropdown list. If you want to create a new role, see Create or Manage Custom Roles
    4. Click Save.
  6. (Optional) To change a user name, select the Local Users tab and locate the user name.
    1. Click Actions menu.
    2. Select Edit.
    3. Change the user name.
    4. Click Save and Continue.
  7. To deactivate a user, select the Local Users and locate the user name.
    1. Click Actions menu.
    2. Select Deactivate User.
    3. Click Deactivate.
  8. To get the password expiration information, from the Local Users tab, expand the row for the user that you want to view.
  9. (Optional) To change the password expiration settings, log in to the appliance's CLI as admin.
    1. To set the password expiration time in days, run the set user <username> password-expiration <number of days> command.
      nsx> set user admin password-expiration 120
      nsx>
      
    2. To deactivate password expiration, run the clear user <username> password-expiration
      nsx> clear user admin password-expiration
      nsx>