How to Update User Account Information
Where you update user account information depends on the account source.
For Active Directory accounts, you must use Active Directory Users and Computers to update the account information. The update information is updated in Privileged Access Service according to the Active Directory user verification interval you set in the connector.
For other LDAP services and G-Suite accounts, you must use the relevant tool or GUI to update the account information.
For Delinea Directory accounts, you use Admin Portal to update the account information.You must be a member of the sysadmin role or any Privileged Access Service role that has the User Management administrative right to create, delete, and modify Delinea Directory accounts.
To update user information for Delinea Directory accounts
-
Log in to Admin Portal
-
Click Users > relevant user.
-
Update the information on the Account page as needed.
Refer to the following table for more information about the fields you can change.
| Option | Does this |
|---|---|
| Login Name | The login name the used to log in to the tenant. Users log in with <Login Name>@<Suffix>. |
| Suffix | The login suffix identifies the ID repository containing the user account when the user logs in to the portals or enrolls a device. Be careful if you change the user’s login suffix because this affects their role memberships and policies. See How to Use Login Suffixes for more information about login suffixes. |
| Email Address | The email address for the user |
| Display Name | The name visible to users once they are logged in to the tenant. |
| Locked | Locks the account. Set this field to prevent the user from launching Delinea services. This setting can either be manually enabled or enabled automatically through policy. To configure the policy, navigate to Policies > Policy Set > User Security Policies > Password Settings > Maximum consecutive bad password attempts allowed within window and select desired attempts. The best practice is to set the policy to a level below your directory service threshold. When locked, users are prevented further access to Delinea services but are not locked out entirely in their directory service. |
| Password never expires | Overrides the default “Maximum password age” policy setting. Regardless of the “Maximum password age” setting, the password for this account never expires. The default maximum password age for user service accounts is 365 days. You use the Account Security Policies > Password Settings > Maximum password age policy on the Policies tab in Admin Portal to reset this value. Note: This setting and the “Require password change at next login” setting are interdependent. If you select one, the other is reset. |
| Require password change at next login (recommended) | Forces users to create a new password the next time they log in. The user is subject to any password reset policy controls and settings you have enabled (see Applications). This setting is reset as soon as the user logs in and creates a new password. Note: This setting and the “Password never expires” setting are interdependent. If you select one, the other is reset. |
| Is Service User | Select this option for users who should NOT belong to the Everybody role. For example, you might select this option for contract or temporary users. See Predefined Roles for more information. |
| Is OAuth confidential client | Select this option for users representing web applications with the Client ID Type set to Confidential. See the developer docs for more information. |
| Send email invite for User Profile setup | Select this option to send new users an email invite to log in to the Admin Portal. |
| Profile information | Updates user profile information such as Mobile Number, User Photo, an d so forth. If you have users who will be registering devices or you are using mobile devices as a form of multi-factor authentication, be sure to put the device’s phone number in the Mobile Number field. |
| Organization | Updates the user reporting structure. Specifying a user's manager has implications for access requests. See Managing application access requests for more information. |
-
Click Save.
-
Update information on the Unix Profile page as needed, and then click Save. For details, see Specifying UNIX Profile Information.
-
Update information on the MFA Redirection page as needed, and then click Save. For details, see How to Use MFA Redirection.
The other pages (Activity, Roles, Additional Attributes, and Policy Summary) are view-only.
