Users & Groups


With the local user manager in OPNsense one can add users and groups and define the privileges for granting access to certain parts of the GUI (Web Configurator).

Adding Users

To add a new user go to System ‣ Access ‣ Users and click on the + sign at the bottom right corner of the form.



Can be used to (temporarily) disable an account



A unique username



A strong password

Full name

John Doe

Optional, Full username, for reference only


Optional, users email, for reference only


Optional, comment field, for reference only

Preferred landing page


Optional, landing page to visit after login

Login shell


The shell to use when logging in via the console.

Expiration date

Optional, if account should expire enter as mm/dd/yyy

Group Membership

Optional, select one or more groups

Effective Privileges

Optional, additional grants for this user, usually these are being handled via a group

User Certificates

Optional, check if a user certificate should be created

API keys

Optional, when planning to use the API from another application, create keys for this user

OTP seed

Optional, enter or generate a OTP seed (base32)

Authorized keys

Optional, paste ssh key for ssh console access

Creating Groups

Go to System ‣ Access ‣ Groups and click on the + sign in the lower right corner of the form.

Enter a Group name and a Description and add users to the group.

When users should access resources on this firewall via a group, connect the relevant ones via Assigned Privileges.