Setting a local user's password
Unlocking a user's account
If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Local Login Control.
Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts, and the User Administrator and Help Desk Administrator to unlock non-administrator local users.
To unlock a user's account
There are two ways to unlock a user account:
- In Users, select a "locked" user, right-click, and select Unlock from the context menu.
- Click User Security and select Unlock.
Safeguard for Privileged Passwords allows you to add both local user groups (a set of local users) and directory groups (a set of directory accounts) to User Groups. The Security Policy Administrator can add a group of users to an entitlement to authorize them to request access to the accounts and assets governed by the entitlement's access request policies.
User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, Help Desk Administrator, Auditor, and Asset Administrator. Not all functionalities will be available to all user types.
The User Groups view displays the following information about the selected user or directory group.
Use these toolbar buttons to manage users.
Add User Groups: Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group.
Add Directory Group: Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group.
Delete Selected: Remove the selected user group. For more information, see Deleting a user group.
Refresh: Update the list of user groups.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
General tab (user groups)
The General tab lists information about the selected user group.
Large tiles at the top of the tab display the number of Users in the selected group and, when applicable, the number of Entitlements to which the selected group is an entitlement member or user. Clicking a tile heading opens the corresponding tab.
NOTE: The Entitlements tile is only visible to the Auditor and Security Policy Administrator.
Navigate to Administrative Tools | User Groups | General.
Table 220: User Groups General tab: General properties
The group name.
Distinguished Name (directory user group)
The distinguished name of the group.
Primary Authentication Provider (directory user group)
The name of the authentication provider (for example, the name of an external provider such as a Microsoft Active Directory domain name).
Permissions (directory user group)
Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions.
Modifying a user group