Back to Documentation

Admin Panel

User management, access control, and activity monitoring

Overview

The Admin Panel is accessible only to users with the Admin role. It provides full control over user accounts, role assignments, module permissions, system configuration, and audit logging.

Note: All actions performed in the Admin Panel are logged and cannot be deleted. This ensures a complete audit trail for compliance purposes.

User Account Management

Creating a user

  1. Go to Admin → Users → Add User.
  2. Enter username, display name, email, and initial password.
  3. Assign a role (Read-Only, Engineer, or Admin).
  4. Optionally restrict the user to specific device groups or sites.
  5. Save. The user receives a welcome email with login instructions (if SMTP is configured).

Disabling / locking an account

Toggle the Active switch on a user record to disable login without deleting the account and its associated history. Disabled accounts are highlighted in the user list.

Password reset

Click Reset Password on any user to generate a one-time reset link, or enter a new password directly if you have the authority to do so.

LDAP / Active Directory integration

NetGUI can authenticate users against your directory server. Configure the LDAP connection in System Settings → Authentication → LDAP. Once configured, users log in with their AD credentials and role mapping is defined by LDAP group membership.

Activity Log Analysis

Every user action that affects a network device or system configuration is recorded in the activity log.

What is logged

  • Ad-hoc command executions (user, device, command, output, timestamp)
  • Upgrade workflow steps (start, image upload, boot variable change, reload)
  • WLAN AP operations
  • Admin panel changes (user creates, role changes, system setting updates)
  • Login and logout events (with IP address)
  • Failed authentication attempts

Filtering the log

  • Date/time range
  • Username
  • Action category
  • Device name or IP
  • Success / failure
Tip: Use Export → CSV to pull audit logs for compliance reporting or SIEM ingestion.

Permission Configuration

Built-in roles

  • Read-Only - view devices, run approved show commands, view reports.
  • Engineer - everything in Read-Only, plus run config commands, execute upgrades, manage WLAN operations.
  • Admin - full access including Admin Panel, user management, system settings, and command library management.

Device group restrictions

Users can be limited to specific device groups. An Engineer restricted to "Site A" devices cannot see or interact with devices in other sites, even via the API.

Command-level permissions

Individual commands in the Command Library have their own role restrictions. An Engineer role can be further subdivided - for example, allowing some engineers to run debug commands while others are limited to show commands only.

System Settings

SSH / Jump Server

  • Jump server hostname/IP and port
  • SSH credentials (username/password or key)
  • Connection timeout and retry count
  • Max parallel sessions

Authentication

  • Local auth settings (password complexity, session timeout)
  • LDAP/AD configuration
  • MFA (TOTP-based) enforcement by role

Notifications

  • SMTP server configuration for email alerts
  • Webhook endpoints for Slack, Teams, or custom integrations
  • Alert rules (e.g. notify on failed upgrade, failed login threshold)

Logging & Retention

  • Activity log retention period (default: 90 days)
  • Syslog forwarding to external SIEM
  • Log level (Info, Warning, Error)