Athena EPP (Endpoint Protection Platform)

Athena EPP (formerly Sangfor Endpoint Secure) integrates NGAV, EDR, and endpoint management into a single, powerful solution for comprehensive endpoint protection.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.0.4R4
Athena EPP (Endpoint Protection Platform) {{ breadTitle }} User Manual Getting Started System Administrators
{{sendMatomoQuery("Athena EPP (Endpoint Protection Platform)","Administrators")}}

Administrators

{{ $t('productDocDetail.updateTime') }}: 2026-04-09

4.7.5.1 Administrator Roles

You can create administrator accounts with different roles as needed. To create an administrator account, go to System > Administrators and choose New > Local Account. The dialog box shown in the following figure appears.

From the Role drop-down list, select one of the following roles as needed:

System Admin: Allowed to view the home page and configure system settings (excluding log settings).

Security Admin: Allowed to view and configure administrators, security policies, and security events. This role cannot perform operations on micro-segmentation, integrated devices, reports, account management, system updates, licensing, branches, and system settings.

Audit Admin: Can only view system information. This role cannot perform any operations to edit, add, or delete information.

4.7.5.2 Manager Login Authentication

When you create an administrator, you can configure the authentication policy for the administrator to log in to the Athena EPP manager. Two types of authentication policies are supported: Password Auth or Password + TOTP.

 

Password Auth

Go to System > Administrators, and choose New > Local Account to create an administrator account. In the dialog box that appears, select Password Auth for Auth Policy, as shown in the following figure.

Password + TOTP

This authentication policy indicates that administrators can log in to the Athena EPP manager only after they complete the password-based primary authentication and the TOTP-based secondary authentication. The configuration procedure is as follows:

Go to System > Administrators, and choose New > Local Account in the upper-left corner or click Edit in the Operation column of an existing account. In the dialog box that appears, select Password + TOTP for Auth Policy, as shown in the following figure.

Click Generate and add authentication information as prompted, as shown in the following figure.

After the configuration, administrators must enter their accounts and passwords and TOTPs sent to their mobile devices when they log in to the Athena EPP manager, as shown in the following figure.

4.7.5.3 Login Restriction Based on IP Addresses

The Athena EPP manager supports login restrictions that allow logins only from the specified IP addresses. In the New Administrator User dialog box, you can select Only allow login from specified IP addresses, and specify the IP addresses from which endpoints are allowed to log in to the Athena EPP manager, as shown in the following figure.