View, add, import, export, sort, search for, select, modify, and delete users. Renew expired user credentials.
The Users table displays the user accounts that have been created for permanent (for example, employees) and temporary users (for example, visitors or contractors), whose accounts are stored on Extreme Networks devices and in the ExtremeCloud IQ cloud. RADIUS users can be stored on Extreme Networks devices acting as RADIUS authentication servers or in a user database hosted in the ExtremeCloud IQ cloud. Similarly, PPSK (Private Pre-Shared Key) users can be stored on Extreme Networks devices that use device-based PPSKs or stored in the ExtremeCloud IQ cloud-hosted user database.
- For information and configuration details about PPSK users, see Extreme PPSK Guide.
Users are assigned to user groups to manage which SSIDs they access, what their access limitations are, and how they access your network. For information about creating user groups, see "Add User Groups".
The following table presents some important maximum capacities for users on the various Extreme Networks platforms:
|Maximum Capacity||Atom AP30, AP100 Series||AP200 Series, AP300 Series, AP550, AP1130||XR200P, BR200WP||SR Series||VPN Gateway and VPN Gateway Virtual Appliance|
|RADIUS users on an Extreme Networks RADIUS server||4096||9999||9999||9999||9999|
|Simultaneous RADIUS authentication requests||256||256||256||256||256|
|PPSK users per SSID (and per PPSK group)||4096||9999||9999||9999*||N/A|
|PPSK users on an Extreme Networks device||4096||9999||9999||9999*||N/A|
|PPSK users bound to multiple SSIDs||40,000||80,000||80,000||80,000*||N/A|
* Although an SR series switch does not have radios, you can still push SSIDs to it and associate PPSK user groups with the SSIDs. This triggers each device to generate PPSK users so that it can function as a PPSK server.
The numbers in the last row in the table are the total numbers of PPSK users that you can bind to different SSIDs. Although the total number of PPSK users per device is 4096 or 9999, you can bind those same users to multiple SSIDs. For example:
- You load a PPSK user group named “group1” with 9999 users on an AP330. You cannot add any more users to this device.
- You create "ssid ssid1 user-group group1". That SSID already has the maximum number of PPSK users bound to it (PPSK users per SSID). You cannot bind any more users to it.
- However, you can create "ssid ssid2 user-group group1" and "ssid ssid3 user-group group1" because the maximum number of PPSK users bound to different SSIDs is 80,000 for the AP330.
View and Filter the Users List
You can filter the Users table to show expired, approved, and renewable user credentials; show users by user group; and sort the entries by column. To search the user table, enter a user name in the query text box.
The Users table displays the following information about user accounts:
- User Name: The user name.
- User Group: The user group to which this user has been assigned.
- Approval: Indicates whether approval is needed from a sponsoring employee, for example.
- Delivery: The delivery method that was set up for this user (SMS or email or both).
- Expiration: The expiration date for this user's account credentials as determined by the associated user group. This column includes a Renew option that lets you renew credentials for individual users.
Add One or More Users
To add a new user, select Add and complete the entries in the New User panel. For more information, see "User Accounts".
To add multiple new users at the same time, select Bulk Create and complete the files in the Bulk Create panel. For more information, see "Multiple User Accounts (Bulk Create)".
ExtremeCloud IQ allows you to import CSV files containing user data, including CSV files that were created in HM Classic.
Select the Import a CSV using this format link to see the CSV file information and formatting requirements.
To import one or more users, select Import.
In the Bulk Import panel, drag an existing CSV file into the Choose a file or drag directly here box, or select Choose and then select a CSV file to import.
In the Users window, select Save.
To export one or more users, select the check box for the user or users, and then select Export. ExtremeCloud IQ writes user data to a .csv file, and then displays the "ExportedUsers.csv" file name. The file includes at least the following information for each selected user: User Name, User Group Name, User Type, Password, and Email Address, and may also include other user information, when available.
Modify a User
To modify the settings for an existing user, select the check box for that user and select . Make the necessary changes, and select Save. For information about configuring users, see "User Accounts".
Renew a User
To renew expired credentials for multiple users, select the check boxes for the users and then select at the top of the Users list. If the users' credentials cannot be renewed because of restrictions in the associated user groups, then the button is grayed out.
To renew expired credentials for a single user, select in the Expiration column. If the credentials cannot be renewed because of restrictions in the associated user groups, then the Renew button does not appear.
Delete One or More Users
To delete one or more users, select the check box for the users you want to delete and then credentials cannot be renewed because of restrictions in the associated user groups .
When you are prompted to confirm the deletion, you see an option to delete all data associated with the selected users. Select the check box and Yes to permanently delete all personal data associated with the selected users. This enables you to respond to a users requests to delete all personal data associated with their user name. This satisfies one of the requirements of GDPR (General Data Protection Regulation), which took effect on May 25, 2018. GDPR applies to all EU citizens whose personal data has been gathered, and refers to them as data subjects. Under GDPR, data subjects have the right to demand that any personal collected about them be deleted (in other words, the right to be forgotten).
- The law applies to EU citizens if they are in the EU when their data is collected, regardless of where their data is processed and stored.
For example, users might contact the facility where they joined a network—using either a wireless or wired connection—and submit a formal request that all collected personal data be deleted. The request would include the user name of the person who joined the network. The facility would need an internal process to validate the request, communicate it to network administrators, and then ensure that the personal data is deleted. Extreme Networks gives you the ability to search for data by user name, delete it, and track the successful completion of the task (see "GDPR Audit Logs").
After you delete the user account and data, check the Audit Log for an entry that the user account was deleted. Make a note of the time of the account deletion and then check the GDPR Audit Log to make sure that user data was deleted at the same time.
- In addition to the deletion of personal data from admin-facing logs, Extreme Networks automatically deletes such data from internal logs after internal data becomes 25 days old. Because GDPR states that a user's request for the deletion of personal data must be met within 30 days, the automatic deletion of internally stored data after 25 days ensures that this aspect of the GDPR requirement is automatically satisfied.
Download User Data
To download client data:
- Select Download Client Data.
A message appears stating that the client data is being prepared for download, and includes a log ID number and a link to the GDPR audit log.
- Make a note of the log ID and then select the GDPR Audit Log link to open the GDPR Audit Log panel.
- Select and save the .csv file to a local drive.