It is the responsibility of the Security Policy Administrator to associate both local or directory users to user groups. User groups belong to the identity group.
You can not add or remove users to or from a directory user group. This has to be done in Active Directory on the Directory Group object represented.
|
Note: Directory group membership is still maintained in the directory, such as Active Directory. |
To add users to a user group
|
Important: You cannot add a group to a user group's membership; group membership cannot be nested. |
If you do not see the user you are looking for and you have Authorizer Administrator or User Administrator permissions, you can click Create New to create users. For more information, see Adding a user.
When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies. It is the responsibility of the Security Policy Administrator to add user groups to entitlements.
To add a user group to entitlements
If you do not see the entitlement you are looking for and you have Security Policy Administrator permissions, you can click Create New and add the entitlement. For more information about creating entitlements, see Adding an entitlement.
Only the Security Policy Administrator can modify user groups.
For example:
|
Note: You can double-click a user group name to open the General settings edit window. |
It is the responsibility of the Security Policy Administrator to delete groups of local users from Safeguard for Privileged Passwords. It is the responsibility of the Authorizer Administrator or the User Administrator to delete directory groups.
When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy