Disabling local accounts for interactive users

Disabling local accounts for interactive users

Overview

After enabling a corporate login solution for Nexthink, either via SAML or Windows authentication of users, disable local accounts for interactive users to enforce the security policies of corporate accounts.

Reserve the local accounts for API calls only.

Disabling local accounts

To disable local accounts for interactive users:

  1. Log in to the CLI of the master Appliance that hosts the Portal.
  2. Optional: If the Portal has no configuration file yet, that is, if portal.conf does not exist in folder /var/nexthink/portal/conf, create it by copying the defaults from the sample configuration file:
    sudo -u nxportal cp /var/nexthink/portal/conf/portal.conf.sample \
    /var/nexthink/portal/conf/portal.conf
  3. Edit the configuration file of the Portal:
    sudo vi /var/nexthink/portal/conf/portal.conf
  4. Add a configuration line to it:
    1. Press Shift + G to go to the last line of the file.
    2. Press o to add a new line.
    3. Type in the following line:
      globalconfig.portal.user.allow-local-logins = false
    4. Press Esc and type in the following colon command to save changes an exit:
      :wq
  5. Restart the Portal:
    sudo systemctl restart nxportal