Users
A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups. in Overview of the Entities.
Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.
- Authorizer Administrator: General, History
- User Administrator: General, User Groups (directory users only), History
- Help Desk Administrator: General, History
- Auditor: General, Owned Objects, User Groups, Entitlements, Linked Accounts, History
- Asset Administrator: General, Owned Objects
- Security Policy Administrator: General, User Groups, Entitlements, Linked Accounts, History
The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Activating or deactivating a user account.
Go to Users:
web client: Navigate to Security Policy Management > Users
Users view
The Users view displays the following information about a selected user:
- Properties tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
- User Groups tab (user): Displays the user groups in which the selected user is a member.
- Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
- History (user): Displays the details of each operation that has affected the selected user.
Toolbar
Use these toolbar buttons to manage users:
New User: Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.
Delete: Remove the selected user. For more information, see Deleting a user.
View details: View and edit the details for a selected user.
Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
Set Password: Use this option to set a password for a local user.
Unlock: Use this option to unlock the account of a local user.
Activate User: Use this option activate the account of a selected user.
Deactivate User: Use this option to deactivate the account of a selected user.
Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
Refresh: Update the list of users.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
Properties tab (user)
The Properties tab lists information about the selected user.
To access Properties:
- web client: Navigate to User Management > Users > (View Details) > Properties.
Table 216: Users Properties tab: Authentication properties
|
Identity |
|
|
Identity Provider |
The source from which the user’s personal information comes from and is synchronized with. |
| Username |
A user's display name. |
|
First Name |
The user's first name. |
|
Last Name |
The user's last name. |
|
Work Phone |
The user's work telephone number. |
| Mobile Phone |
The user's mobile telephone number. |
| Email |
The user's email address. |
|
Description |
The description text entered the user information was added or updated. This may be entered on the User dialog, Identity tab in the Description text box. |
|
Location |
User can change their time zone, by default. Or, the User Administrator can prohibit a user from changing the time zone, possibly to ensure adherence to policy. For more information, see Time Zone. |
|
Authentication |
|
| Authentication Provider |
How the user authenticates with Safeguard for Privileged Passwords:
- Certificate: with a certificate
- Local: with a user name and password
- Directory name: with directory credentials
|
|
Login name |
The identifier the user logs in with. |
| Domain Name |
If the primary Authentication Provider is a directory, this indicates the directory's domain name. |
|
Distinguished Name |
The distinguished name for authentication. |
| Secondary Authentication |
If you set up a user to require secondary authentication, this indicates the name of this user's secondary authentication service provider. |
| Secondary Authentication Username |
The name of the user account on the secondary authentication service provider required at log in. |
|
Password Never Expires |
When enabled, this field indicates the password associated with the user does not expire. |
|
User Must Change Password at Next Login |
When enabled, this field indicates the user will be prompted to change their password the next time they login. |
|
Require Certificate Authentication |
When enabled, a certificate will be required for authentication. |
|
Permissions |
|
| Permissions |
Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions. |
User Groups tab (user)
The User Groups tab displays the user groups in which the selected user is a member.
The User Groups tab is available to a user with Auditor or Security Policy Administrator permissions and to the User Administrator for directory users (not for local users).
To access User Groups:
- web client: Navigate to User Management > Users > (View Details) > User Groups.
Use the following buttons on the details toolbar to manage the user groups associated with the selected user.
Table 217: Users: User Groups toolbar
|
Add |
Add the user to one or more user groups to the user. For more information, see Adding a user to user groups. |
|
 Remove
|
Remove the selected user group from the selected user. |
|
Export |
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data. |
|
Refresh |
Retrieve and display an updated list of user groups associated with the selected user. |
|
Search |
To locate a specific user group in this list, enter the character string to be used to search for a match. For more information, see Search box. |
Entitlements tab (user)
The Entitlements tab displays the entitlements in which the selected user is a member. The Entitlements tab is only available to a user with Auditor or Security Policy Administrator permissions.
To access Entitlements:
- web client: Navigate to User Management > Users > (View Details) > Entitlements.
Table 218: Users: Entitlements tab properties
| Name |
The name of the entitlements in which the selected user is assigned as a user. |
|
Description |
The description of the entitlement. |
| Policies |
The number of unique access request policies in the entitlement. |
| Accounts |
The number of unique accounts in the selected entitlement. |
| Users |
The number of unique users in the entitlement. |
| User Groups |
The names of the user groups that associate the selected user to the entitlement.
NOTE: If the selected user is associated with the entitlement explicitly and not through user group membership, then this column is blank and the Direct Member column is True. |
| Direct Member |
Indicates True if the selected user was explicitly added to the entitlement as a user. For more information, see Adding users or user groups to an entitlement. |
Use the following buttons on the details toolbar to manage the entitlements associated with the selected user.
Table 219: Users: Entitlements tab toolbar
|
Add |
Add the selected user as a user of one or more entitlements. For more information, see Adding a user to entitlements. |
|
Remove |
Remove the user from the selected entitlement. |
|
Export |
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data. |
|
Refresh |
Update the list of entitlements. |
|
Search |
To locate a specific entitlement or set of entitlements in this list, enter the character string to be used to search for a match. For more information, see Search box. |
