Use the controls and tabbed pages on the Users page to perform the following tasks to manage Safeguard for Privileged Passwords users:
It is the responsibility of either the Authorizer Administrator or the User Administrator to add Safeguard for Privileged Passwords users.
Where you define the identity provider and the user's contact information. | |
Authentication tab |
Where you define the authentication provider, login name and password, if necessary. |
Location tab | Where you set the user's time zone. |
Permissions tab | Where you set the user's administrator permissions. |
On the Identity tab, choose a provider from the list of available providers. When adding a user from an external provider such as Microsoft Active Directory, Safeguard for Privileged Passwords imports read-only contact information from the source, however, you can change the user photo.
Use valid combinations of identity and authentication providers. For more information, see Identity and Authentication.
Property | Description | ||
---|---|---|---|
Identity Provider |
The source of the user's identity. Safeguard for Privileged Passwords comes with a built-in identity provider called Local that will allow you to manually enter user information which is stored directly in Safeguard for Privileged Passwords. Or you can select an Active Directory or LDAP server that you have previously configured and then browse for a user. Safeguard for Privileged Passwords will periodically synchronize with the directory to keep the information up to date. Indicate how the user's identity is managed by Safeguard for Privileged Passwords:
| ||
Browse
(Active Directory or LDAP) |
If the identity provider is Active Directory or LDAP, click the Browse button to choose a user. The remaining fields are auto-populated. | ||
First Name (Local provider) |
Enter the user's first name. Limit: 30 characters; no double quotes. | ||
Last Name (Local provider) |
Enter the user's last name. Limit: 30 characters; no double quotes | ||
Work Phone (Local provider) |
Enter the user's work telephone number. Limit: 30 characters | ||
Mobile Phone (Local provider) |
Enter the user's mobile telephone number. Limit: 30 characters
| ||
Email Address (Local provider) |
Enter the user's email address. Limit: 255 characters
| ||
Description (Local provider) |
Enter information about this user. Limit: 255 characters. |
On the Authentication tab, specify the authentication settings for the user. An authentication provider can be the same or different as the user's identity provider.
Use valid combinations of identity and authentication providers. For more information, see Identity and Authentication.
Property | Description | ||
---|---|---|---|
Authentication Provider |
Indicate how this user is to authenticate to Safeguard for Privileged Passwords. The options are:
| ||
Login name (Local or Radius as Primary) |
If using Local or Radius as Primary for authentication, enter the user's login name. If using directory authentication, the login name is auto-populated. Limit: 255 characters | ||
Set Password (editing an existing Local provider) |
If you are editing an existing user for a Local provider, you may click Set Password to change a user's password. This button is not available when creating a new user or editing a user account from an external identity provider like Microsoft Active Directory. | ||
Password (Local provider) |
If adding a Local user, enter a password for the user. You must comply with the password requirements specified in the dialog. For more information, see Password Rules. Limit: 64 characters | ||
Certificate Thumbprint (SHA-1) (Certificate user) |
If adding a Certificate user, enter the unique hash value (40 hexadecimal characters) of the certificate. You can copy and paste the Thumbprint value directly from the certificate, including the spaces. | ||
Email Address or Name Claim (external federation) |
If adding an external federation user account, enter the email address or name claim that will be returned from the STS of an authenticated user. A case-insensitive comparison will be performed on the value when the user is logging in.
| ||
Require Certificate Authentication (Active Directory provider) |
Select this check box to require that the user logs into Safeguard for Privileged Passwords using their domain issued user certificate or SmartCard.
| ||
Require Secondary Authentication |
Select this check box to require that this user logs into Safeguard for Privileged Passwords with two-factor authentication. For more information, see Requiring user to log in using secondary authentication. Then choose the Secondary Authentication Provider for this user. Use valid combinations of identity and authentication providers. For more information, see Identity and Authentication. | ||
Login Name (if a directory is selected for secondary authentication) |
When a directory is selected for secondary authentication, Browse to select the account on the secondary authentication provider this user must use when logging into Safeguard for Privileged Passwords with two-factor authentication. If Radius as a secondary authentication provider is selected, enter the name of the account on the secondary authentication provider this user must use when logging into Safeguard for Privileged Passwords with two-factor authentication. | ||
Use alternate mobile phone number (if Starling Two-Factor Authentication) |
When Starling Two-Factor Authentication is selected, this option is available to enter an alternate Mobile phone number. The Number on file is the mobile phone number specified on the user's Identity tab.
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy