It is the responsibility of the Security Policy Administrator to add users to entitlements. When you add users to an entitlement, you are specifying which people can request access governed by the entitlement's policies.
To add a user to entitlements
If you do not see the entitlement you are looking for and are a Security Policy Administrator, you can click Create New in the Entitlements dialog. For more information about creating entitlements, see Adding an entitlement.
It is the responsibility of the Security Policy Administrator to link directory accounts to a user. Once linked, these linked accounts can be used to access assets and accounts within the scope of an access request policy.
To link a directory account to a user
Click Add Linked Account from the details toolbar.
The Directory Account dialog displays, listing the directory accounts available in Safeguard for Privileged Passwords. This dialog includes the following details about each directory account listed:
Select one or more accounts from the list in the Directory Account selection dialog and click OK.
The Authorizer Administrator can modify the General information for a user. The User Administrator can modify the General information for a Help Desk User. Other administrators can view information for users.
You cannot modify a directory user's contact information that is managed in the directory, such as Active Directory. If you need to add a valid mobile phone number, use the alternate mobile phone number option on the Authentication tab instead.
TIP: As a best practice, if you change a user's administrative permissions, ensure the user closes all connections to the appliance (or reboot the appliance) to prevent users from gaining access to information.
To modify a user
On the General tab, click the Edit icon next to Identity, Authentication, Location, and Permissions or double-click the user's name to open the User dialog and update the information on the tabs.
The Authorizer Administrator and the User Administrator can view or Export the details of each operation that has affected the selected use on the History tab. For more information, see History (user).
Typically, it is the responsibility of the Authorizer Administrator to enable or disable administrator users and the User Administrator to enable or disable non-administrator users. You can modify a disabled user's information. If a directory user is disabled in the directory asset, the user cannot be enabled in Safeguard.
Disabling a user prevents him or her from logging into Safeguard for Privileged Passwords; however, if you disable a directory user, that does not prevent that user from logging into the directory.
When re-enabling a disabled account, the Authorizer Administrator must reset the user's password. Simply enabling the account does not permit the user to login with his previous password.
You configure the number of days you want Safeguard for Privileged Passwords to wait before automatically disabling an inactive user account in the Disable After Login Control Setting. For more information, see Login Control.
To enable or disable a user