diff --git a/source/deployment-options/offline-installation/step-by-step.rst b/source/deployment-options/offline-installation/step-by-step.rst index eb598094e1..e1d2dfe0dd 100644 --- a/source/deployment-options/offline-installation/step-by-step.rst +++ b/source/deployment-options/offline-installation/step-by-step.rst @@ -387,18 +387,19 @@ Installing the Wazuh dashboard - **Username**: admin - **Password**: admin - Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + .. note:: + :class: not-long -#. Add a new server API. + Upon the first access to the Wazuh dashboard, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser or, for increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. - Go to **Dashboard management** > **Server APIs**, click on **Add API connection** button and fill the form with: +#. Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values. - - **ID**: default - - **URL**: IP address or hostname of the Wazuh server master node - - **Port**: 55000 - - **Username**: wazuh-wui - - **Password**: wazuh-wui - - **Run as**: false + - **ID**: ``default`` + - **URL**: IP address or hostname of the Wazuh server master node + - **Port**: ``55000`` + - **Username**: ``wazuh-wui`` + - **Password**: ``wazuh-wui`` + - **Run as**: ``false`` Securing your Wazuh installation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -520,10 +521,7 @@ Select your deployment type and follow the instructions to change the default pa .. include:: /_templates/common/restart_dashboard.rst - #. Update the API host password. - - On Wazuh dashboard, go to **Dashboard management** > **Server APIs**, click on the edit button of the secured server API entry and replace the **Password** field, then click on the **Apply** button to save. - + #. On the Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then click on the **Apply** button to save. Next steps ^^^^^^^^^^ diff --git a/source/installation-guide/wazuh-dashboard/step-by-step.rst b/source/installation-guide/wazuh-dashboard/step-by-step.rst index 8571640ab4..f25d89108e 100644 --- a/source/installation-guide/wazuh-dashboard/step-by-step.rst +++ b/source/installation-guide/wazuh-dashboard/step-by-step.rst @@ -105,19 +105,20 @@ Starting the Wazuh dashboard service - **Username**: *admin* - **Password**: *admin* - When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. + .. note:: + :class: not-long - #. Add a new server API. + + When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem`` file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. - Go to **Dashboard management** > **Server APIs**, click on **Add API connection** button and fill the form with: + #. Go to **Dashboard management** > **Server APIs** to add a new server API connection. Click on **Add API connection** button and fill the form with the following values. - - **ID**: default + - **ID**: ``default`` - **URL**: IP address or hostname of the Wazuh server master node - - **Port**: 55000 - - **Username**: wazuh-wui - - **Password**: wazuh-wui - - **Run as**: false - + - **Port**: ``55000`` + - **Username**: ``wazuh-wui`` + - **Password**: ``wazuh-wui`` + - **Run as**: ``false`` Securing your Wazuh installation -------------------------------- @@ -208,10 +209,7 @@ Select your deployment type and follow the instructions to change the default pa .. include:: /_templates/common/restart_dashboard.rst - #. Update the API host password. - - On Wazuh dashboard, go to **Dashboard management** > **Server APIs**, click on the edit button of the secured server API entry and replace the **Password** field, then click on the **Apply** button to save. - + #. On Wazuh dashboard, go to **Dashboard management** > **Server APIs** to update the API host password. Click on the edit button of the secured server API entry and replace the **Password** field. Then, click on the **Apply** button to save. Next steps ---------- diff --git a/source/user-manual/api/securing-api.rst b/source/user-manual/api/securing-api.rst index b998e2d1cc..a7bfc0fa5f 100644 --- a/source/user-manual/api/securing-api.rst +++ b/source/user-manual/api/securing-api.rst @@ -54,7 +54,8 @@ Recommended changes to secure the Wazuh API After changing the password, there is no need to restart the Wazuh API but a new :api-ref:`authentication ` will be required for the affected users. .. warning:: - Changing the **wazuh-wui** user password will affect the Wazuh UI. You will have to update the API host entry accordingly with the new credentials. To learn more, see the :doc:`Wazuh dashboard API host configuration ` document. + + Changing the ``wazuh-wui`` user password affects the Wazuh UI. You need to update the API host entry with the new credentials accordingly. To learn more, see the :doc:`Wazuh dashboard API host configuration ` section. #. Change the default host and port: diff --git a/source/user-manual/files-backup/creating/wazuh-central-components.rst b/source/user-manual/files-backup/creating/wazuh-central-components.rst index 1ebfc46a76..d59363b6ac 100644 --- a/source/user-manual/files-backup/creating/wazuh-central-components.rst +++ b/source/user-manual/files-backup/creating/wazuh-central-components.rst @@ -115,7 +115,7 @@ Backing up the Wazuh indexer and dashboard # rsync -aREz \ /etc/wazuh-dashboard/certs/ \ /etc/wazuh-dashboard/opensearch_dashboards.yml \ - /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore + /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore $bkp_folder #. If present, back up your downloads and custom images. diff --git a/source/user-manual/user-administration/ldap.rst b/source/user-manual/user-administration/ldap.rst index c124bfd2df..a9fe8d6875 100644 --- a/source/user-manual/user-administration/ldap.rst +++ b/source/user-manual/user-administration/ldap.rst @@ -233,9 +233,7 @@ Follow these steps to create a new role mapping and grant administrator permissi Done with success SUCC: Expected 1 config types for node {"updated_config_types":["rolesmapping"],"updated_config_size":1,"message":null} is 1 (["rolesmapping"]) due to: null -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. @@ -288,9 +286,7 @@ Setup read-only role #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, assign the name of the read-only role you have in your LDAP server and click on **Map** to confirm the action. In our case, the backend role (CN) is ``readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click the upper-left menu icon **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/password-management.rst b/source/user-manual/user-administration/password-management.rst index c294ca9d45..053708b238 100644 --- a/source/user-manual/user-administration/password-management.rst +++ b/source/user-manual/user-administration/password-management.rst @@ -237,6 +237,4 @@ Follow the instructions below to change the passwords for all the Wazuh indexer .. include:: /_templates/common/restart_dashboard.rst -#. Update the password of the API host entry with the new `wazuh-wui` password generated in the second step. - - Go to **Dashboard management** > **Server APIs**, click on edit button of the related API host, change the **Password** and then click on **Apply** to save the changes. \ No newline at end of file +#. Go to **Dashboard management** > **Server APIs** to update the password of the API host entry with the new `wazuh-wui` password generated in the second step. Click on the edit button of the related API host. Change the **Password** and then click on **Apply** to save the changes. \ No newline at end of file diff --git a/source/user-manual/user-administration/rbac.rst b/source/user-manual/user-administration/rbac.rst index 42a42c1adb..2b69c88b61 100644 --- a/source/user-manual/user-administration/rbac.rst +++ b/source/user-manual/user-administration/rbac.rst @@ -69,7 +69,7 @@ Follow these steps to create an internal user, create a new role mapping, and gi #. Click **Save role mapping** to save and map the user with Wazuh as *administrator*. - For the role mapping to take effect, make sure that ``Run as`` is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. Creating and setting a Wazuh read-only user ------------------------------------------- @@ -126,7 +126,7 @@ Follow these steps to create an internal user, create a new role mapping, and gi #. Click **Save role mapping** to save and map the user with Wazuh as *read-only*. - For the role mapping to take effect, make sure that ``Run as`` is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. Creating an internal user and mapping it to Wazuh @@ -172,7 +172,7 @@ Follow these steps to create an internal user and map it to a role of your choic #. Click **Save role mapping** to save and map the user with Wazuh. - For the role mapping to take effect, make sure that ``Run as`` is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. .. _wazuh-rbac-use-case-agents-group: @@ -345,7 +345,7 @@ To map the user with Wazuh, follow these steps: #. Click **Save role mapping** to finish the action. - For the role mapping to take effect, make sure that ``Run as`` is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. + For the role mapping to take effect, make sure that **Run as** is set to ``true`` in the API host entry configuration on **Dashboard management** > **Server APIs**. Restart the Wazuh dashboard service and clear your browser cache and cookies. You have now created a new internal user and mapped it to manage a Wazuh agents' group. Authenticate with the new user and open the Wazuh dashboard, see that only ``Team_A`` agents' alerts and information are displayed. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/google.rst b/source/user-manual/user-administration/single-sign-on/administrator/google.rst index 9f1bc9341b..757f7bcd95 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/google.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/google.rst @@ -243,9 +243,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst b/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst index 1c72eac888..65373f77e6 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/jumpcloud.rst @@ -279,9 +279,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst b/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst index 64867750b7..c289c2f856 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/keycloak.rst @@ -353,9 +353,7 @@ The command output must be similar to the following: Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst b/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst index 8e2cf7161a..d7339f7bbb 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/microsoft-entra-id.rst @@ -276,9 +276,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/okta.rst b/source/user-manual/user-administration/single-sign-on/administrator/okta.rst index cf6dafdca7..76ac7703ba 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/okta.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/okta.rst @@ -276,9 +276,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst b/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst index 27ed9f4490..da4e88eada 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/onelogin.rst @@ -277,9 +277,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst b/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst index 64610461d3..e685be123f 100644 --- a/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst +++ b/source/user-manual/user-administration/single-sign-on/administrator/pingone.rst @@ -247,9 +247,7 @@ Edit the Wazuh indexer security configuration files. We recommend that you back Wazuh dashboard configuration ----------------------------- -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/google.rst b/source/user-manual/user-administration/single-sign-on/read-only/google.rst index 32e5394e84..866aa0c566 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/google.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/google.rst @@ -214,9 +214,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Department** field you created in Google Workspace and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst b/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst index 4cbd24fd78..1251d7621d 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/jumpcloud.rst @@ -250,9 +250,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the group you created in JumpCloud and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst b/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst index 3345f07557..ba3f73b059 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/keycloak.rst @@ -326,9 +326,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Role name** attribute in Keycloak configuration and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst b/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst index dec1f603a4..589b633956 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/microsoft-entra-id.rst @@ -231,9 +231,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value attribute of the app role you created in Microsoft Entra ID and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/okta.rst b/source/user-manual/user-administration/single-sign-on/read-only/okta.rst index 12153ffd2c..6f591329ff 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/okta.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/okta.rst @@ -246,9 +246,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the read-only group you created in Okta and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst b/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst index 0c287cafd1..0321a472b5 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/onelogin.rst @@ -246,9 +246,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the value of the **Department** field in OneLogin configuration and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page. diff --git a/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst b/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst index f4ed3e2c44..d7cee26814 100644 --- a/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst +++ b/source/user-manual/user-administration/single-sign-on/read-only/pingone.rst @@ -217,9 +217,7 @@ Wazuh dashboard configuration #. Select the **Mapped users** tab and click **Manage mapping**. #. Under **Backend roles**, add the name of the group you created in PingOne and click **Map** to confirm the action. In our case, the backend role is ``wazuh-readonly``. -#. Check the value of ``Run as`` in the API host entry configuration on **Dashboard management** > **Server APIs**. If ``Run as`` is set to ``false``, proceed to the next step. - - If ``Run as`` is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: +#. Check the value of **Run as** in the API host entry configuration on **Dashboard management** > **Server APIs**. If **Run as** is set to ``false``, proceed to the next step. If **Run as** is set to ``true``, you need to add a role mapping on the Wazuh dashboard. To map the backend role to Wazuh, follow these steps: #. Click **☰** to open the menu on the Wazuh dashboard, go to **Server management** > **Security**, and then **Roles mapping** to open the page.