Important: When you delete a local user, Safeguard for Privileged Passwords deletes the user permanently. If you delete a directory user that is part of a directory user group, next time it synchronizes its database with the directory, Safeguard for Privileged Passwords will add it back in. As a best practice, disable the directory user instead of deleting the account. For more information, see Enabling or disabling a user.
To delete a user
Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users. A .csv template for import can be downloaded when you click Import from the toolbar. For more information, see Creating an import file.
To import objects
Safeguard for Privileged Passwords imports the objects into its database.
Note: Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file with the follow exceptions:
You can use the steps like those above to import your existing directory infrastructure (such as Microsoft Active Directory). Additional information specific to directory import follows.
Import the directory (and service account) via Administrative Tools | Assets | Import Asset and browse to select the .csv file. Safeguard for Privileged Passwords imports the directory as an asset.
The directory's service account is automatically added to the list of accounts you can viewed via the Assets | Accounts tab.
By default, the service account password is automatically managed according to the check and change settings in the profile that governs the partition. For more information, see Creating a partition profile. If you do not want Safeguard for Privileged Passwords to manage the service account password, assign the account to a profile that is set to never change passwords. For more information, see Assigning assets or accounts to a partition profile.
The service account is added to the asset's Accounts tab and is disabled for password request and session request. For more information, see Accounts tab (asset).
To change either setting, navigate to Administrative Tools | Accounts and double-click the account. Then select the following check boxes, as desired: Enable Password Request and Enable Session Request. For more information, see General tab (account).
Active Directory and LDAP synchronization
Active Directory and LDAP data is automatically synchronized by asset or identity and authentication providers schema as shown in the following lists.
Asset schema list
Identity and Authentication Providers schema list
It is primarily the responsibility of the Authorizer Administrator to set passwords for administrators; and the User Administrator and Help Desk Administrator to set passwords for non-administrator local users. These administrators can only set passwords for local users. Directory user passwords are maintained in an external provider, such as Microsoft Active Directory.
To set a local user's password
If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Login Control.
Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts; and the User Administrator and Help Desk Administrator to unlock non-administrator local users.
To unlock a user's account
There are two ways to unlock a user account: