Adding Users

You can add local users directly to the platform. You can also add non-local users from Active Directories and Federation providers.

Adding Local Users

AddingClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. local users to the platform is not considered a best practice for privileged access management. Local user accounts should be addedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. only rarely, and for very specific purposes. For example, you might need to add a local user account for someone who needs to try out platform functionality for a very limited time. Vendors are also addedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. as local users.

Typically, the Delinea Platform is used by a corporate enterprise to manage privileged access for their employees and contractors. A local user would typically be addedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. by a platform administrator, but a platform administrator is not legally authorizedClosed Authorization is the process of verifying what specific applications, files, and data a user has access to. to formally establish a person's identityClosed Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person.. Only human resources personnel are legally authorizedClosed Authorization is the process of verifying what specific applications, files, and data a user has access to. to formally establish a new employee's identityClosed Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person., for example by confirming their proof of residency, asking to see their driver's license or work visa, and taking their photograph. And only human resources can authorizeClosed Authorization is the process of verifying what specific applications, files, and data a user has access to. that person to be addedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. as a new employee to the corporate Active Directory, and to authorizeClosed Authorization is the process of verifying what specific applications, files, and data a user has access to. their removal from the employee Active Directory.

Local users cannot be converted to external (Active Directory or federated) users.

(Migration customers only) After the Connector is installed and Active Directory is set up on the platform, do not add an existing Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. user as a local platform user, because doing so could cause synchronization issues between the platform and Secret ServerClosed The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions..

Add Local Users

  1. Click Access from the left navigation, then select Users.

  2. The Users page displays each user on a row, with columns showing basic user information including the user's Display Name, Email, Source, Status, Last Invite, and Last Login.

  3. Click Add Local User on the right to create a new local user.

  4. On the Add local user page, fill in the required fields for Login name, Email, and Display name,

    .Alt

    The checkbox Send email invitation for user profile setup is selected by default. If you leave this option selected, the user will automatically receive an email containing an Accept button, with a one-time password embedded in the button. When the user clicks the button, they are taken to the platform and automatically loggedClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in with the one-time password. They are then required to immediately change the password to logClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in again.

    If you choose to deselect Send email invitation for user profile setup, a panel opens where you can set a password for the user either manually or automatically. The user will not receive an email invitation to logClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in to the platform in this case, and you will need to copy and save the password and deliver it to the user some other way.

  5. Click Next.

  6. The Advanced Settings window appears. The default Membership Type is set to Employee. This can later be changed to Vendor. See Advanced Settings for more information. After you have selected the correct membership type, click Next.

  7. Add the new user to a group, if needed.

    .

Bulk Importing Local Users

With the bulk import feature, administrators can import a large number of local users in a single operation, rather than manually addingClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. each user one by one to the Delinea Directory. This feature saves administrators time and effort by eliminating repetitive data entry and reducing errors. Additionally, it supports a CSV format template, allowing for offline preparation of user data, which can be efficiently organized before import.

The platform does not natively support bulk import and synchronization of all users from an external source such as ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network., or from a federation service. Platform administrators can find ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. users to add to the platform by performing filtered searches through external ADClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. directories, but federated directories cannot be searched.

Workflow:

Steps:

  1. LogClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in to the platform.

  2. Click Access from the left navigation, then select Users.

  3. In the Users section, click Import Users.

  4. Download the provided CSV template by clicking the respective option.

  5. Open the downloaded CSV template and update it with the user account information you wish to add. Refer to the following guidelines:


  6. After updating the CSV template, return to the platform to upload the CSV file. Follow the same steps as before if you have exited from the Import Users flow. The file to upload must be: in CSV format, with a max size of 100 KB.

  7. Proceed by clicking Next .

  8. Review the first 15 records displayed in the preview. Use this opportunity to ensure that the entries are correctly formatted.

  9. Once reviewed, click Next to proceed.

  10. By default, the option Send email invite for user profile setup will be selected. If you wish to proceed with this option, the user will automatically receive an email invite to logClosed A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. into the platform. They will be prompted to change their password immediately upon login.

  11. Finally, click the Import button to initiate the import of the users.

The user import process operates asynchronously and the duration of completion depends on the number of users being addedClosed Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network.. Following the import, two email messages will be dispatched:

  • Bulk import report: Sent to the initiating Admin, this email provides details on the number of new users specified in the file and the successful additions. Additionally, explanations are given for any failed user import.

  • Platform Invite: Sent to each newly created user if the "Send email invite for user profile setup" option was chosen. This email contains a link that directs users to the platform, where they can set up a new password unless configured otherwise.

Service Users

Service users are specifically designed for non-interactive, programmatic access to the platform. They are intended for scenarios such as API integrations and automation scripts. Service users are not associated with regular users, and they are intentionally excluded from the predefined Everybody user group.

Key Points:

Add Service Users

  1. Click Access from the left navigation menu.

  2. Select Users to view the list of existing users.

  3. On the Users page, click More in the top-right corner.

  4. From the drop-down menu, select Add service user.

  5. Complete the required fields on the Add service user form:

    • Username: A unique identifier for the service user.

    • Email address: This field is optional.

    • Display name: A descriptive name for the service user, typically reflecting its purpose.

    • Set password: Set a secure password for the service user (Manual or Generated).

  6. Assign the service user to the appropriate group based on its intended role and permissions.

  7. Save the service user details.

  8. Verify that the service user appears on the Users list.

  9. Click the service user name in the Users list to open the user page and ensure that the user has the correct groups and permissions assigned.