Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Manage Local Users

The Users tab under System > User Manager is where individual users are managed. To add a new user, click fa-plus Add, to edit an existing user, click fa-pencil.

Note

The admin user cannot be deleted and its username may not be changed.

Before permissions may be added to a user, it must first be created, so the first step is always to add the user and save. If multiple users need the same permissions, it is easier to add a group and then add users to the group.

To add a user, click fa-plus Add and the new user screen will appear.

Disabled

This checkbox controls whether this user will be active. If this account should be deactivated, check this box.

Username

Sets the login name for the user. This field is required, must be 16 characters or less and may only contain letters, numbers, and a period, hyphen, or underscore.

Password

and Confirmation are also required. Passwords are stored in the pfSense® configuration as hashes. Ensure the two fields match to confirm the password.

Full Name

Optional field which can be used to enter a longer name or a description for a user account.

Expiration Date

May also be defined if desired to deactivate the user automatically when that date has been reached. The date must be entered in MM/DD/YYYY format.

Group Memberships

If groups have already been defined (Manage Local Groups), this control may be used to add the user as a member. To add a group for this user, find it in the Not Member Of column, select it, and click fa-angle-double-right to move it to the Member Of column. To remove a user from the group, select it from the Member Of column and click fa-angle-double-left to move it to the Not Member Of column.

Effective Privileges

Appears when editing an existing user, not when adding a user. See Privileges for information on managing privileges. If the user is part of a group, the group’s permissions are shown in this list but those permissions cannot be edited, however additional permissions may be added.

Certificate

Behavior of this section changes depending on whether a user is being added or edited. When adding a user, to create a certificate check Click to create a user certificate to show the form to create a certificate. Fill in the Descriptive name, choose a Certificate Authority, select a Key Length, and enter a Lifetime. For more information on these parameters, see Create an Internal Certificate. If editing a user, this section of the page instead becomes a list of user certificates. From here, click fa-plus Add to add a certificate to the user. The settings on that page are identical to Create an Internal Certificate except even more of the data is pre- filled with the username. If the certificate already exists, select Choose an Existing Certificate and then pick an Existing Certificate from the list.

Authorized keys

SSH public keys may be entered for shell or other SSH access. To add a key, paste or enter in the key data.

IPsec Pre-Shared Key

Used for a non-xauth Pre-Shared Key mobile IPsec setup. If an IPsec Pre-Shared Key is entered here, the username is used as the identifier. The PSK is also displayed under VPN > IPsec on the Pre- Shared Keys tab. If mobile IPsec will only be used with xauth, this field may be left blank.

After saving the user, click fa-pencil on the user’s row to edit the entry if necessary.

Per-user GUI Options and Dashboard Layout

Each user can have their own settings for various GUI options and their dashboard layout. To enable this for a user, check the Custom Settings box when adding or editing the user. The user then automatically gets their own dashboard layout, starting from the system-wide layout. Choose the other GUI options desired for the user such as theme, top navigation, host name in menu, dashboard columns, show/hide associated panels, left column labels and browser tab text.

Tip

Users who want to adjust their own GUI options need the WebCfg - System: User Settings privilege.

Users in the admin group already have this privilege.

A user with Custom Settings enabled (and the User Settings privilege) will have menu option System > User Settings. The user can select this to change the desired GUI options for their user name.

When a user with Custom Settings enabled adds, moves or removes dashboard widgets, the custom dashboard layout is saved in the preferences for only that user.