When you add a new user, the user cannot access any of the Privileged Account Manager consoles until the user is added to a group that contains a role allowing the appropriate access. For example, if you want a user to be able to access only the Compliance Auditor console, you must create a group and configure the appropriate Compliance Auditor permissions, then create the user and add the user to the group.
You can create additional users with the same access as the admin user by adding them to the admin group, or create your own group with access to all modules and permissions. You can also configure these additional users to be superusers. Only users who belong to a group with the “super” role can view and administer superusers.
When you add a user:
The user’s account is set up according to the default values defined in the Account Settings option. You can change these settings for individual users by using the Edit User option.
The user’s password is set to expire immediately so he or she is prompted to change it on the first login to the Privileged Account Manager console. You can change this setting for individual users by using the Edit User option.
The user cannot access any of the Privileged Account Manager consoles until you have added the user to a group with the required permissions defined. For more information, see Section 3.2.2, Modifying User and Section 3.1.4, Configuring Permissions.
To add a new user:
Click Users on the home page of the console.
Click Create User, task pane is displayed.
In the General page, specify a name of the user in the User Name field and a password for the user in the Password field.
Specify the password in the Confirm Password field for confirmation.
(Optional) Set the slider to the right if you want to Change Password at Next Login. This invalidates the user’s current password immediately, forcing the user to change it on the next login.
(Optional) Set the slider to Disable Account to deactivate a user account.
(Optional) Set the slider to elevate the user as Super User.
NOTE:The Super user and Disable account options are available only if you are logged in as a superuser. Superusers can be viewed and administered only by users belonging to a group with the super role defined for the auth module.
(Optional) Set the Inactive Session timeout in minutes.
(Optional) Click Next to proceed to configure additional settings for the user’s account.
The Edit User option allows you to override the default account settings for an individual user. It also provides a number of additional configuration settings and tasks, including resetting a user’s password and assigning a user to a group.
To modify a user account:
Click Users on the home page of the console.
Select the preferred user.
Click Edit icon.
Change the following settings as required:
Edit Password: Select this option to change the current password.
Change Password at Next Login: Select this option to enable a prompt for changing password when a user logs in.
Disable Account: Select this option to disable the user’s account.
Last Successful Login: Displays the time stamp of last successful login.
Last Unsuccessful Login: Displays the time stamp of last unsuccessful login.
Super User: You can use this option to make the user as Super user during creation. You can add the user to a group later.
Bad Logons: The number of unsuccessful logons attempted by the user.
Reset Bad Logon Count: Use this option to reset the count to 0.
To configure additional options, click Next. The Membership page is displayed:
Add the user to the listed groups. You can also search for the groups using the Search icon.
Click Next. The Details page is displayed.
Display Name: Specify a display name for the user, for example, the user’s full name. If a name is defined here it can be automatically entered as the Manager Name in Account Group and User Group definitions for Command Control by selecting the manager’s Framework user name.
Email: Specify the user’s e-mail address. If an e-mail address is defined here, it can also be used in Command Control.
Staff ID: Specify the user’s staff ID, for example, the user’s unique company identifier.
Telephone Number: Specify the user’s telephone number. If a telephone number is defined here, it can also be used in Command Control.
Description: Specify a detailed description in the text box.
Click Next. The Password Validation and Timeout page is displayed.
Set the slider to the right to Modify Default User Settings.
Lock Account after This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.
Password Validation: Allows you to define the minimum number of alphabetic and numeric characters required in the user’s password. To override the default account settings for this user, select the appropriate check box and set the required values as follows:
Min Alpha Characters: Specify the minimum number of alphabetic characters you require in the user’s password.
Min Numeric Characters: Specify the minimum number of numeric characters you require in the user’s password.
Timeout: Allows you to define the time limit in days required for either disabling or deleting the user account if it remains in inactive state.
Click Save.
To assign a user to one or more groups:
Click Users on the home page of the console.
Select the user group you want to modify, and click Edit Group. The Edit Group page is displayed.
Click Sub Groups.
Select the preferred groups to assign this user.
Click Save.
There are several ways of removing a user group from a user’s account. You can modify the user, modify the group, or use the objects in the navigation pane.
Click Users on the home page of the console.
Select the group you want to remove from the user’s account.
Click Delete Group icon next to the group you selected to delete.
Click Yes in the confirmation dialog box. The user is removed.
Click Users on the home page of the console.
In the Users task pane, select the user you want to delete.
Click Delete User in the task pane.
Click Yes in the confirmation dialog box. The user is deleted.