Managing Groups

This page explains how to manage groups.

Predefined Groups

The Delinea Platform has two predefined groups:

• Everybody: All platform users belong to the Everybody group. Through that group membership they inherit the Platform User role, with permissions to log A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in to the Delinea Platform, access their secrets A piece of information that is stored and managed in the Delinea Secret Server vault. Typical secrets include privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, such as private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents, and more. Secrets are derived from secret templates., launch PRA A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS). sessions, and view their own session recordings. The Everybody group cannot be renamed or deleted.

• System Administrator Platform users who belong to the System Administrator group inherit the Platform Admin role, with extensive administrative permissions. The System Administrator group cannot be renamed or deleted. Compare to cloudadmin.: Platform users who belong to the System Administrator Platform users who belong to the System Administrator group inherit the Platform Admin role, with extensive administrative permissions. The System Administrator group cannot be renamed or deleted. Compare to cloudadmin. group inherit the Platform Admin A Delinea Platform role with extensive permissions that is automatically assigned to all members of the System Administrator group. role, with all administrative permissions. When the Delinea Platform is first installed, the user account that is created automatically belongs to the System Administrator Platform users who belong to the System Administrator group inherit the Platform Admin role, with extensive administrative permissions. The System Administrator group cannot be renamed or deleted. Compare to cloudadmin. group. The System Administrator Platform users who belong to the System Administrator group inherit the Platform Admin role, with extensive administrative permissions. The System Administrator group cannot be renamed or deleted. Compare to cloudadmin. group cannot be renamed or deleted.

Types of Groups

The platform supports the following types of groups: global AD Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. security groups, universal AD Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. security groups, and user attributes/claims named groups. It does not support distribution lists. A distribution list, sometimes inaccurately called a distribution group , is used to send email to users specified on the list. But on any access control system including the Delinea Platform, groups are used for access control. A distribution list cannot be used for access control because it cannot be listed in discretionary access control lists (DACLs). A distribution list has no index, so you can’t query it to determine if a user (trying to access something) is or is not on the list, rendering the distribution list useless for purposes of controlling access. 

For more information on groups, roles, and permissions, see Understanding Roles and Permissions.

Adding a Group

1. Click Access from the left navigation, then select Groups.

   

2. Click Add Group.

   

3. Click Save.

4. On the Add group page, enter a group Name and Description.

5. Click Save.

Adding Users to a Group

You can add several types of members to a group, including users, directory groups such as AD Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network., and Delinea groups. To add a member to a group, follow these steps:

1. Click Access from the left navigation menu, then select Groups.

2. On the Groups page, click a group.

   

3. On the specific group page, click the Members tab.
   

   

4. Click Assign Members.

5. On the Assign members page, search for and select each user you want to add, then click Add.
   

   

User Directory Service Configuration

1. Click Settings from the left navigation, then select Directory services.

2. Select the checkbox next to a directory service you want to use or remove. Actions available for a selected directory service vary:

   • Delinea and Federated directory are read only (no actions).
   • Active directory can only be moved (no remove).
   • Other directory types can be removed.

A dialog appears with options that include one or more of the following, depending on the type of directory or directories you selected: Clear Selected, Move Down, Move Up, or Remove Selected.

Additional Attributes

1. On the Configuration page, click the Additional Attributes tab.

   

2. Click Add Attributes.

3. On the Add Attributes page, enter a name in the Name field. The name can contain only letters, numbers, and underscores. It must begin with a letter and contain at least one underscore.

   

4. In the Type field, search for a type or click the dropdown arrow and pick one of the following:

   • Number
   • Number (Decimal)
   • Text
   • True/False
   • Data Time

5. Click Save. A message appears: Your Attribute has been Added Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. Successfully.

On the platform, user roles and their associated permissions are assigned to users through the users' memberships in platform groups, including platform groups mapped to federated groups (see Mapping Federated Groups). For more information on groups, roles, and permissions, see Understanding Roles and Permissions.

For related content, see the following: 

• Managing User Accounts and Groups

• Managing User Accounts

• Managing Your User Profile