Adding users to a user group
It is the responsibility of the Security Policy Administrator to associate both local or directory users to user groups. User groups belong to the identity group.
You can not add or remove users to or from a directory user group. This has to be done in Active Directory on the Directory Group object represented.
Directory group membership is still maintained in the directory, such as Active Directory.
To add users to a user group
- Navigate to Administrative Tools | User Groups.
- In User Groups, select a user group from the object list and open the Users tab.
- Click
Add User from the details toolbar.
- Select one or more users from the list in the Users selection dialog and click OK.
Important: You cannot add a group to a user group's membership; group membership cannot be nested.
If you do not see the user you are looking for and you have Authorizer Administrator or User Administrator permissions, you can click
Create New to create users. For more information, see Adding a user.
Adding a user group to an entitlement
When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies. It is the responsibility of the Security Policy Administrator to add user groups to entitlements.
To add a user group to entitlements
- Navigate to Administrative Tools | User Groups.
- In User Groups, select a user group from the object list and open the Entitlements tab.
- Click
Add Entitlement from the details toolbar.
- Select one or more entitlements from the Entitlements selection dialog and click OK.
If you do not see the entitlement you are looking for and you have Security Policy Administrator permissions, you can click
Create New and add the entitlement. For more information about creating entitlements, see Adding an entitlement.
Modifying a user group
Only the Security Policy Administrator can modify user groups.
To modify a user group
- Navigate to Administrative Tools | User Groups.
- In User Groups, select a user group.
- Select the view of the user group's information you want to modify (General, Users, or Entitlements).
For example:
- To change a local user group's name or description, double-click the General information box on the General tab or click the
Edit icon.
Note: You can double-click a user group name to open the General settings edit window.
- To add (or remove) users to the selected local user group, click the Users tab. You can multi-select members to add or remove more than one from a user group.
- To add (or remove) the selected user group to an entitlement, click the Entitlements tab.
- To view or export the details of each operation that has affected the selected user group, switch to the History tab. For more information, see History tab (user groups).
Deleting a user group
It is the responsibility of the Security Policy Administrator to delete groups of local users from Safeguard for Privileged Passwords. It is the responsibility of the Authorizer Administrator or the User Administrator to delete directory groups.
When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.
To delete a user group
- Navigate to Administrative Tools | User Groups.
- In User Groups, select a user group from the object list.
- Click
Delete Selected.
- Confirm your request.