If you are unable to log in, your account may have become disabled or "locked". For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Login Control.
Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts; and the User Administrator and Help Desk Administrator to unlock non-administrator local users.
There are two ways to unlock a user account.
To unlock a user's account
-OR-
Typically, it is the responsibility of the Authorizer Administrator to enable or disable administrator users and the User Administrator to enable or disable non-administrator users.
This icon, located in the upper-right corner of the console, toggles between the two settings.
|
Note: You configure the number of days you want Safeguard for Privileged Passwords to wait before automatically disabling an inactive user account in the Disable After Login Control Setting. For more information, see Login Control. |
|
Note: The Authorizer Administrator must also reset the user's password when re-enabling a disabled account. Simply enabling the account does not permit the user to login with his previous password. |
Disabling a user prevents him or her from logging into Safeguard for Privileged Passwords; however, if you disable a directory user, that does not prevent that user from logging into the directory. You can modify a disabled user's information.
Safeguard for Privileged Passwords allows you to add both local user groups (a set of local users) and directory groups (a set of directory accounts) to User Groups. The Security Policy Administrator can add a group of users to an entitlement to authorize them to request access to the accounts and assets governed by the entitlement's access request policies.
User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, and the Auditor. However, it is only available to the Authorizer Administrator and User Administrator if a directory has been added to Safeguard for Privileged Passwords. For more information, see Adding a directory.
The User Groups view displays the following information about the selected user or directory group.
Tab | Description |
---|---|
General tab |
Displays general information about the selected user group. |
Users tab |
Displays the members of the selected group. |
Entitlements tab |
Displays the entitlements to which the users associated with the selected user group are "users". |
History tab |
Displays the details of each operation that has affected the selected group. |
Use these toolbar buttons to manage users.
Option | Description |
---|---|
Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group. | |
|
Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group. |
Remove the selected user group. For more information, see Deleting a user group. | |
Update the list of user groups. |
The General tab lists information about the selected user group.
Large tiles at the top of the tab display the number of Users in the selected group and, when applicable, the number of Entitlements to which the selected group is an entitlement member or "user". Clicking a tile heading opens the corresponding tab.
|
NOTE: The Entitlements tile is only visible to the Auditor and Security Policy Administrator. |
Navigate to Administrative Tools | User Groups | General.
Property | Description |
---|---|
Name |
The group name. |
Description: Information about the selected group.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy