Business User Roles and Entitlements

Credential Manager provides an intuitive user interface for business users to seamlessly access their credentials on the Delinea Platform. Once you create a user and assign them to the Business User entitlement, credentials can be entered from the web or mobile device.

Currently, business users and entitlements are only assigned by an administrator of the Delinea Platform.

Once you complete authentication, Credential Manager redirects you with your Delinea Platform credentials when you log in to the platform or complete the initial account setup flow.

There are two license types for the overall Delinea Platform: Business User and IT User. Be careful not to confuse the term 'business user' as it is used in this topic with the Business User platform license type.

For more information, see:

Permissions Assigned to Business Users

From the Access page on the Delinea Platform, select Entitlements. The User Entitlements page displays Usage for the Business User role, indicating the currently assigned licenses.

Click Business User to display the business user page.

The Business User type is a role assigned in Secret Server. Users are automatically assigned an IT user role until you reassign them. See Business Users.

Permissions assigned to business users include:

  • View Secret

  • Launch Secret in Secret Server

  • Personal Folder in Secret Server

  • Own Secret

  • Add Secret

  • Copy Secret

  • Deactivate Secret

  • Edit Secret

  • Approve Access

  • Add Secret Server On Premises Templates

Assigning Entitlements (Administrators)

As an administrator, you assign entitlements to individual users or user groups. Click the Assignment tab to view the current business users and user groups. Here, the administrator assigns entitlements to users or user groups.

Platform Entitlements

Delinea Platform entitlements help your organization tailor access and user experiences based on each user's role. You maintain centralized control and security through Credential Manager and you enforce consistent permissions across the platform.

As an administrator, you can assign users or groups to either the Business User or IT User entitlements. By default, all users are assigned the IT User entitlement, which gives them full access to all platform features. If you assign the Business User entitlement, users receive restricted access, and the platform redirects them to Credential Manager when they log in.

When you assign the Business User entitlement, the platform enforces a fixed set of permissions. You cannot modify these permissions, but you can manage access to specific resources through secrets, policies, or other controls.

Business user capabilities include: 

  • View, add, edit, copy, and deactivate secrets

  • Own personal and shared secrets

  • Launch secrets in Secret Server

  • Access offline secrets on mobile devices

  • Approve access requests for secrets

Business users access a limited set of templates. Administrators control which templates are available from the following list. If you create a custom template with a web launcher, you can also add it to the Business User experience.

Business users can use the following secret templates: 

  • Combination Lock

  • Contact

  • Healthcare

  • Password

  • PIN

  • Security Alarm Code

  • Social Security Number

  • Bank Account

  • Credit Card

  • Web Password

  • Custom templates with a web launcher

FAQ

  1. How does the business user entitlement affect access to the Delinea Platform and browser extension?

    When a user is added to the business user entitlement, they are unable to access the Delinea Platform's web UI and are instead redirected to a full-screen experience of the browser extension upon logging into the platform. Users who are not included in the business user entitlement have access to both the Delinea Platform and the browser extension.

  2. How does the business user entitlement affect access for standalone Secret Server customers?

    Since Entitlements are only available on the Delinea Platform, users will be able to log in to Secret Server without a redirect.

  3. What options are available for configuring user profiles?

    Business users can access their Delinea Platform profile to configure multi-factor authentication (MFA) options, register mobile apps, and more by clicking a link in the extension that opens the Delinea Platform web UI in a scoped or limited view.

  4. Can Vendor users use Credential Manager

    No. The Vendor membership type is designed for third-party users who require limited access through Privileged Remote Access (PRA) only. Vendor users do not have access to Credential Manager. For more information, see Membership Type.