jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
1cd5e136521a7695f6abcb78d24fa7cdd1ca0735
docs/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md
Kevin Heis 1cd5e13652 Deprecate 3.12 (#55505) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
2025-05-06 18:25:53 +00:00

6.5 KiB
Raw Blame History

title, shortTitle, intro, redirect_from, versions, type, topics
title shortTitle intro redirect_from versions type topics
Managing access to the Management Console Manage Management Console access You can increase the security of {% data variables.location.product_location %} by creating or deleting {% data variables.enterprise.management_console %} users. As the root site administrator, you can access the {% data variables.enterprise.management_console %} as well as configure {% data variables.enterprise.management_console %} authentication rate limits.
/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console
ghes
*
how_to
Enterprise
Authentication
SSH
User account

{% data reusables.enterprise_site_admin_settings.management-console-access %} For more information about {% data variables.enterprise.management_console %} access, see AUTOTITLE.

You can also use the gh es {% data variables.product.prodname_cli %} extension to manage the root site administrator password, which controls access to the Management Console. For more information, see the GH ES CLI usage documentation and AUTOTITLE.

Types of {% data variables.enterprise.management_console %} accounts

There are two types of user accounts for the {% data variables.enterprise.management_console %} on a {% data variables.product.prodname_ghe_server %} instance. The root site administrator account authenticates with a password established during the initial setup of {% data variables.location.product_location %}.

The root site administrator can create additional accounts.

Root site administrator

Root site administrators have complete control over the {% data variables.enterprise.management_console %}. They can take every action in the {% data variables.enterprise.management_console %}, including creating and deleting {% data variables.enterprise.management_console %} user accounts.

Only the root site administrator can create and delete {% data variables.enterprise.management_console %} user accounts.

{% data variables.enterprise.management_console %} user

{% data variables.enterprise.management_console %} users can perform most administrative tasks for {% data variables.location.product_location %}. For heightened security, {% data variables.enterprise.management_console %} users cannot create or delete {% data variables.enterprise.management_console %} user accounts.

{% data variables.enterprise.management_console %} users, sometimes called operators, can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %} and can add SSH keys to the {% data variables.enterprise.management_console %} to grant administrative access to the instance via SSH.

Creating or deleting a user account for the {% data variables.enterprise.management_console %}

While signed into the {% data variables.enterprise.management_console %} as the root site administrator, you can create new {% data variables.enterprise.management_console %} user accounts.

{% data reusables.enterprise_site_admin_settings.click-user-management %}

  1. Click Create user.
  2. Fill in the user's name, username, and email address.
  3. To finish creating the user account, click Create. If email notifications are configured for the instance, the user will automatically receive an invitation email with access instructions for the {% data variables.enterprise.management_console %}. For more information, see Inviting new {% data variables.enterprise.management_console %} users.
  4. Optionally, to delete a {% data variables.enterprise.management_console %} user account, click {% octicon "trash" aria-label="The trash symbol" %} to the right of any user account you wish to delete. Then confirm deletion.

Inviting new {% data variables.enterprise.management_console %} users

If you have configured email for notifications for {% data variables.location.product_location %}, new {% data variables.enterprise.management_console %} users will automatically receive an invitation to complete creation of the {% data variables.enterprise.management_console %} user account. For more information, see AUTOTITLE.

If you have not configured email notifications for {% data variables.location.product_location %}, you must manually copy the {% data variables.enterprise.management_console %} invitation link and send it to the user. The user must set a password using the link before the user can access the {% data variables.enterprise.management_console %}.

{% data reusables.enterprise_site_admin_settings.sign-in-as-root-administrator %} {% data reusables.enterprise_site_admin_settings.click-user-management %}

  1. To copy the invitation link, click {% octicon "link" aria-label="Copy invitation link" %} on any {% data variables.enterprise.management_console %} user account.
  2. Send the invitation link to the {% data variables.enterprise.management_console %} user. The invitation link will lead the user through the final account setup steps.

Configuring rate limits for authentication to the {% data variables.enterprise.management_console %}

You can configure the lockout time and login attempt limits for the {% data variables.enterprise.management_console %}.

After you configure rate limits and a {% data variables.enterprise.management_console %} user exceeds the limit, the {% data variables.enterprise.management_console %} will remain locked for the duration set by the lockout time. {% data reusables.enterprise_management_console.unlocking-management-console-with-shell %}

{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %}

  1. Optionally, under "Lockout time for Management Console users", type a number of minutes to lock the {% data variables.enterprise.management_console %} after too many failed login attempts. When locked out, the root site administrator must be manually unlocked.
  2. Optionally, under "Login attempt limit for all users", type a maximum number of failed login attempts to allow before the {% data variables.enterprise.management_console %} is locked. {% data reusables.enterprise_management_console.save-settings %}
Reference in New Issue View Git Blame Copy Permalink