Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Adding users to a user group

It is the responsibility of the Security Policy Administrator to associate both local or directory users to user groups. User groups belong to the identity group.

You can not add or remove users to or from a directory user group. This has to be done in Active Directory on the Directory Group object represented.

Directory group membership is still maintained in the directory, such as Active Directory.

To add users to a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list and open the Users tab.
  3. Click  Add User from the details toolbar.
  4. Select one or more users from the list in the Users selection dialog and click OK.

    Important: You cannot add a group to a user group's membership; group membership cannot be nested.

If you do not see the user you are looking for and you have Authorizer Administrator or User Administrator permissions, you can click Create New to create users. For more information, see Adding a user.

Adding a user group to an entitlement

When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies. It is the responsibility of the Security Policy Administrator to add user groups to entitlements.

To add a user group to entitlements

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list and open the Entitlements tab.
  3. Click Add Entitlement from the details toolbar.
  4. Select one or more entitlements from the Entitlements selection dialog and click OK.

If you do not see the entitlement you are looking for and you have Security Policy Administrator permissions, you can click Create New and add the entitlement. For more information about creating entitlements, see Adding an entitlement.

Modifying a user group

Only the Security Policy Administrator can modify user groups.

To modify a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group.
  3. Select the view of the user group's information you want to modify (General, Users, or Entitlements).

    For example:

    • To change a local user group's name or description, double-click the General information box on the General tab or click the  Edit icon.

      Note: You can double-click a user group name to open the General settings edit window.

    • To add (or remove) users to the selected local user group, click the Users tab. You can multi-select members to add or remove more than one from a user group.
    • To add (or remove) the selected user group to an entitlement, click the Entitlements tab.

  4. To view or export the details of each operation that has affected the selected user group, switch to the History tab. For more information, see History tab (user groups).

Deleting a user group

It is the responsibility of the Security Policy Administrator to delete groups of local users from Safeguard for Privileged Passwords. It is the responsibility of the Authorizer Administrator or the User Administrator to delete directory groups.

When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.

To delete a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list.
  3. Click Delete Selected.
  4. Confirm your request.
Related Documents