Each user in Bastionhost represents a technical engineer. In Bastionhost V3.2, you can import Alibaba Cloud Resource Access Management (RAM) users, create local users, and import Active Directory (AD) or Lightweight Directory Access Protocol (LDAP)-authenticated users. This topic describes how to add users to Bastionhost.

Background information

Import RAM users

Perform the following steps to import RAM users:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > Users.
  3. On the Users page, click Import RAM Users.
  4. In the Import RAM Users dialog box, select the RAM users you want to import.
    Import RAM Users
    Note To import a single RAM user, click Import in the Actions column. In the message that appears, click Import.
  5. Click Import.

Create RAM users and import them

Perform the following steps to create RAM users and import them:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > Users.
  3. On the Users page, click Import RAM Users.
  4. In the Import RAM Users dialog box, click Create RAM User. In the dialog box that appears, click the link to go to the RAM console.
    Create RAM users
  5. On the Create User page, create one or more RAM users and click OK.
    You can configure the following parameters to create RAM users:
    • Configure Logon Name and Display Name.
    • In the Access Mode section, select Console Access.
    • In the Multi-factor Authentication section, select Required to Enable MFA. We recommend that you enable multi-factor authentication (MFA).
      Note MFA is an easy-to-use and effective authentication method. MFA adds an extra layer of protection beyond your username and password. If Required to Enable MFA is selected, the created RAM users are required to bind an MFA device when they log on to the Alibaba Cloud Management Console. For more information, see Enable an MFA device for a RAM user.
    Configure RAM user information
  6. After you create the RAM users, go back to the Create RAM User dialog box and click Finish.
    The created RAM users are displayed in the Import RAM Users dialog box.
  7. Select the created RAM users.
    Import RAM Users
    Note To import a single RAM user, click Import in the Actions column. In the message that appears, click Import.
  8. Click Import.

Add local users

Perform the following steps to add local users:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > Users.
  3. Select Create User or Import Users from File from the Import Other Users drop-down list.
    To add a single local user, we recommend that you use the Create User method. To import multiple local users, we recommend that you use the Import Users from File method.
  4. Add a single local user or import multiple local users.
    The following list describes the Create User and Import Users from File methods:
    • Create User
      In the Create User panel, configure the basic information about the user, including the username, password, name of the user, email address, mobile phone number, and user group. Click Create. Add a single local user
      Parameter Description
      Username Enter the username of the local user that is used to perform O&M operations. The username can be a maximum of 128 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
      Authentication Method Select an authentication method for the local user. Valid values:
      • Local Authentication
      • AD Authentication
      • LDAP Authentication
      Password Enter a password for the local user. Then, enter the password again in the Confirm Password field.
      Name Enter the name of the local user.
      User Source ID If you select AD Authentication or LDAP Authentication for Authentication Method, enter the distinguished name (DN) of the AD-authenticated or LDAP-authenticated user.
      • If you select AD Authentication, enter the DN of the AD-authenticated user.
      • If you select LDAP Authentication, enter the DN of the LDAP-authenticated user.
      Validity Period Specify the validity period for the local user. At a point in time that is not within the specified validity period, the status of the local user is Expired, and the local user cannot perform operations.
      Mobile Number Enter the mobile phone number of the local user. For more information about the locations from which mobile phone numbers are supported by Bastionhost, see Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?.
      Note The mobile phone number and email address you enter are used only to receive verification codes or alert notifications.
      Email Enter the email address of the local user.
      User Group Select a user group for the local user.
    • In the Import Local Users panel, click Download User Template. In the template file, enter the information about the users that you want to import. Click Upload to import the template file. In the Preview dialog box, select the users that you want to import and click Import. Click Import Local Users.

Import AD-authenticated users

Before you can import AD-authenticated users, you must configure AD authentication. For more information, see Configure AD authentication. Perform the following steps to import AD-authenticated users:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > Users.
  3. Select Import AD Users from the Import Other Users drop-down list. Import AD-authenticated users
  4. In the Import AD Users dialog box, select the AD-authenticated users that you want to import and click Import.
    To import an AD-authenticated user, you can enter the username to search for the AD-authenticated user. You can also click Import in the Actions column of the AD-authenticated user. Import AD-authenticated users

Import LDAP-authenticated users

Before you can import LDAP-authenticated users, you must configure LDAP authentication. For more information, see Configure LDAP authentication. Perform the following steps to import LDAP-authenticated users:

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Users > Users.
  3. Select Import LDAP Users from the Import Other Users drop-down list. Import LDAP-authenticated users
  4. In the Import LDAP Users dialog box, select LDAP-authenticated users that you want to import and click Import.
    To import an LDAP-authenticated user, you can enter the username to search for the LDAP-authenticated user. You can also click Import in the Actions column of the LDAP-authenticated user. Import LDAP-authenticated users