Adding users to a user group
It is the responsibility of an Authorizer Administrator, User Administrator, or Security Policy Administrator to add users to local Safeguard for Privileged Passwords groups. For directory user groups, you cannot manually add or remove users. Instead, those groups will automatically be synchronized with the Active Directory or LDAP server they came from.
To add users to a user group
-
Navigate to:
- web client: Security Policy Management | User Groups or User Management | User Groups.
- In User Groups, select a user group from the object list and open the Users tab.
- Click Add User from the details toolbar.
-
Select one or more users from the list in the Users dialog and click OK.
IMPORTANT: You cannot add a group to a user group's membership; group membership cannot be nested.
Adding a user group to an entitlement
When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies. It is the responsibility of the Security Policy Administrator to add user groups to entitlements.
To add a user group to entitlements
-
Navigate to:
- web client: Security Policy Management | User Groups or User Management | User Groups.
- In User Groups, select a user group from the object list and open the Entitlements tab.
- Click Add Entitlement from the details toolbar.
- Select one or more entitlements from the Entitlements dialog and click OK.
Deleting a user group
Both Authorizer Administrator and User Administrator can delete local and directory user groups. A Security Policy Administrator can only delete local groups without permissions on them.
When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.
To delete a user group
-
Navigate to:
- web client: Security Policy Management | User Groups or User Management | User Groups.
- In User Groups, select a user group from the list.
- Click Delete.
- Confirm your request.
Time Zone
Safeguard for Privileged Passwords sets a default time zone based on the location of the person performing the set up. The time zone is expressed as UTC + or – hours:minutes and is used for timed access (for example, access from 9 a.m. to 5 p.m.). It is recommended that the Bootstrap Administrator set the desired time zone on set-up. An Authorizer Administrator can also change the time zone.
To configure the time zone
- Navigate to User Management | Settings | Time Zone.
- The User Administrator can search for and select the desired time zone.
- The User Administrator can change Allow users to modify their own time zone.
- Enable the setting to let users change their time zone (the default).
- Disable the setting to prohibit a user from changing their time zone, possibly to ensure the user conforms with policy.