NOTE: The User Groups page is accessible from the following locations:
Safeguard for Privileged Passwords allows you to either create a local group that exists and is managed within Safeguard for Privileged Passwords only, or add a directory group that is synchronized from an external Active Directory or LDAP server. Then a Security Policy Administrator can add one or more user groups to an entitlement, which will authorize members of the group(s) to request access to the accounts and assets governed by the entitlement's access request policies.
User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, Help Desk Administrator, Auditor, and Asset Administrator. Not all functionalities will be available to all user types.
The User Groups view displays the following information about the selected user or directory group.
Use these toolbar buttons to manage users.
User Group : Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group.
Directory User Group : Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group.
Delete : Remove the selected user group. For more information, see Deleting a user group.
Edit: Edit the selected user group.
Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
Refresh: Update the list of user groups.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
The Properties tab lists information about the selected user group.
To access Properties:
web client: Navigate to Security Policy Management > User Groups > (New) or (Edit) > Properties or User Management > User Groups > Properties.
Table 203: User Groups: Properties tab properties
|
Name |
The entitlement name. |
|
Description |
Information about the selected entitlement. |
|
Delete |
Click this button to delete the user group. |
The Properties > Permissions tab lists the user's administrator permissions or "Standard User" if the user does not have administrative permissions.
The Users tab displays the members of the selected group.
Click Add User from the details toolbar to add one or more users to the selected local user group.
NOTE: For directory groups, group membership is read-only. That is, you cannot add or remove users from a directory group using the Users tab.
To access Users:
- web client: Navigate to Security Policy Management > User Groups > (Edit) > Users or User Management > User Groups > (Edit) > Users.
Table 204: User Groups: Users tab properties
|
Username |
The user's display name. |
|
Name |
The user's first and last name, if the information exists in the user's properties; otherwise, the user's display name. |
|
Description |
Description of the user. |
|
Provider |
The name of the authentication provider: Local, Certificate, or the name of an external provider such as a Microsoft Active Directory domain name. |
|
Distinguished Name |
The distinguished name of the user. |
|
Last Name |
The user's last name. |
|
First Name |
The user's first name. |
|
Email |
The user's email address. |
|
Work Phone |
The user's work phone. |
|
Mobile Phone |
The user's mobile phone. |
|
Time Zone |
The user's time zone. |
|
Identity Provider |
The user's identity provider. |
|
Domain Name |
The domain name for the user. |
|
Login Name |
The user's login name. |
|
Deactivated |
This column indicates if a user is currently deactivated. |
|
Permissions |
The user's permissions. |
Use these buttons on the details toolbar to manage the users in your user groups.
Table 205: User Groups: Users tab toolbar
|
Add User |
Add one or more users to the selected user group. For more information, see Adding users to a user group. |
|
 Remove
|
Remove the selected user from the user group. |
|
Export |
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data. |
|
Refresh |
Update the list of users in the user groups. |
|
Search |
To locate a specific user or set of users in this list, enter the character string to be used to search for a match. For more information, see Search box. |
The Entitlements tab displays the entitlements for which the group has been assigned to. All members of the group then inherit access to the request policies of the entitlement.
NOTE: The Entitlements tab is only available to a user with Auditor or Security Policy Administrator permissions.
Click Add Entitlement to add the selected user group as a user of one or more entitlements.
To access Entitlements:
- web client: Navigate to Security Policy Management > User Groups > (Edit) > Entitlements or User Management > User Groups > (Edit) > Entitlements.
Table 206: User Groups: Entitlements tab properties
|
Name |
The name assigned to the entitlement. |
|
Accounts |
The number of unique accounts in this entitlement. |
|
Users |
The number of unique users and user groups in this entitlement. |
|
Policies |
The number of unique policies in this entitlement. |
Use these buttons on the details toolbar to manage the entitlements associated with the selected user group.
