Users and accounts

As a cluster administrator, you enable users to log in to a IBM Security QRadar® Suite Software account by configuring one or more identity providers for an account, and adding users from those identity providers to the account.

QRadar Suite Software supports the following authentication methods of authentication to manage user identities.
Table 1.
Authentication method Purpose
Lightweight Directory Access Protocol (LDAP) directory Configure through IBM Cloud Pak foundational services to connect with a directory service that uses LDAP.
Single sign-on (SSO) through Security Assertion Markup Language (SAML) Configure through IBM Cloud Pak foundational services to connect with SAML for SSO by using Verify. Verify is an IBM Cloud® service and identity provider.
OpenLDAP Deploy OpenLDAP with QRadar Suite Software only for demonstration purposes in a test environment.
Red Hat® OpenShift® Kubernetes Service (ROKS) Enable ROKS, which is a “built-in” identity provider for IBM Cloud accounts.

After installation, you can choose to configure LDAP authentication, or to configure single sign-on between QRadar Suite Software and a Verify enterprise identity source.

If your installation is running on a managed IBM Cloud cluster, you can use ROKS authentication and other identity providers. You can set the ROKS authentication parameter during installation, or after installation by using the cluster's Red Hat OpenShift console.

Warning: Do not add a user ID with the value admin to your identity provider as that might cause issues with other services on your cluster.
Warning: Any user ID value that is used in QRadar Suite Software must be uniquely defined in only one of the connected identity providers. This restriction applies to the initial administrator and to any other user ID that is added to accounts later. If a duplicate user ID is encountered, QRadar Suite Software does not start correctly, and no users can access the system.

Set up access for the initial user of QRadar Suite Software during installation by setting the adminUser parameter to match a user ID value that belongs to one of the configured identity providers. This user ID value and all other user ID values that are added to QRadar Suite Software, must have a user ID and email address in their identity provider record.

After installation, QRadar Suite Software checks for the initial user in any identity providers that you enable or configure. When a match is found, QRadar Suite Software creates an initial account with the System Administration name and type, then adds the initial user to it. The name and account attributes of the initial account cannot be changed and the account cannot be deleted.

When the System Administration account is created, all currently enabled or configured identity providers are automatically selected for that account. Identity providers that are configured later are also made available to the System Administration account and any other accounts that are created from the System Administration account. The System Administration account is the only account that enables account creation, account deletion, multi-account management tasks.

The initial user is automatically assigned Admin permissions in the System Administration account. Then, the initial user can log in to QRadar Suite Software and add other administrators, accounts, and users. Users must belong to one of the identity providers that are assigned to an account before you can add them to the account. For example, after you create an account that is called Testing, a user ID John must have the required values and credentials in one of the identity providers that are assigned to the account before you can add John to the Testing account.

A Standard account represents a collection of users and resources. The account enables members to access QRadar Suite Software the services and applications in that account. As an administrator, you can edit account settings, add or delete users, and manage their access to services and applications. Access to the account’s data is restricted to users within that account.

A Provider account enables one or more Standard accounts to be managed and monitored by a managed security service provider (MSSP).

With the appropriate account administration permission, you can comply with your license and complete the associated account management tasks in QRadar Suite Software.