Assigning Users to Roles

Before you can add Active Directory users and groups to roles, you must first integrate Active Directory with Privileged Access Service. Installing the Delinea Connector initiates the integration. See How to install a Delinea Connector. After you install the Delinea Connector, you can add those domain users to specific roles.

If you assign users to custom roles or change the default behavior for the Everybody role, it is important to verify that users can access the Privileged Access Service Admin Portal. Access to the portal is required to open assigned applications and register mobile devices.

Only members of the System Administrator role or members of a role with the Role Management administrative right can create and assign users to roles.

To Assign Users to a Role:

  1. In Admin Portal, click Roles.

  2. Select the role from the list of roles available.

  3. Click Members, then click Add to display the Add Members dialog box.

  4. Start typing the user name, Active Directory/LDAP group name, or an existing role.

    Entries matching the string you type are displayed.

  5. Select the check box associated with the user, group, or role you want to add, then click Add.

    You must select a universal or security group. Local or distribution groups are not supported.

    If you are using Active Directory/LDAP as an identity store, all of the matching users accounts and groups in the Users container in the domainsthat the can “see” in the domain or forest are displayed. See Supportinguser authentication for multiple domains for more information on which domains can be “seen.”

    After you add an Active Directory/LDAP user or group to a role, the name is not shown on the Users page until the user logs in to the Admin Portal or registers a device.

  6. Click Administrative Rights > Add.

  7. Click Save.

  8. Select the check box associated with the rights you want to assign.

    See Admin Portal Administrative Rights for information on the rights.

  9. Click Add.

  10. Click Assigned Applications > Add.

    The Add Applications page shows the applications you have added to your tenant. See Applications for application-specific configuration instructions.

  11. Select the check box associated with applications you want to assign.

  12. Click Add > Save.

  13. Select the check box associated with the rights you want to assign.

    See Admin Portal Administrative Rights for information on the rights.

  14. Click Add.

  15. Click Assigned Applications > Add.

    The Add Applications page shows the applications you have added to your tenant. See Applications for application-specific configuration instructions.

  16. Select the check box associated with applications you want to assign.

  17. Click Add > Save.