Managing User Accounts and Groups
To manage users on the Delinea Platform, begin by clicking Access from the left navigation menu, then selecting Users. The Users page displays all users on the platform, including Active Directory, Federated, and Delinea Directory (local) users.
Click a USERNAME to go to that specific user's page, where you can view and edit settings for the user account, including the user's group memberships, roles, policies, activities, and attributes. For detailed instructions on managing platform users, see Managing User Accounts.
Risk Score
This feature is currently available only to customers participating in a private preview. If you'd like to participate to be among the first to try this feature, ask our support or account team for details.
Risk Score is displayed for each user. Risk is based on the analytics that generate non-resolved alerts and the associated findings. Risk scores are assigned as Low, Medium, and High. Refer to Analytics Findings and Risk.
External User Accounts vs. Local User Accounts
Virtually every user account on the platform should be an external user account, meaning either an Active Directory account or a federated account.
A local user account is added Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. directly to the platform by an administrator.
An external user account isn't added Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. directly to the platform, but becomes accessible on the platform when the associated Active Directory or federation is connected to the platform.
The administrator must still provide permissions to the user to access platform features.
A local user must satisfy local authentication Authentication is a way for a user to prove that they are still the person they claimed to be during the identification phase by inputting something a person knows, such as a password or security question; something a person has, such as a token, smartcard, ID card, or cryptographic key; or something a person "is," using biometric data such as a fingerprint or facial scan. requirements to log
A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in to the platform.
An external user must only satisfy the authentication Authentication is a way for a user to prove that they are still the person they claimed to be during the identification phase by inputting something a person knows, such as a password or security question; something a person has, such as a token, smartcard, ID card, or cryptographic key; or something a person "is," using biometric data such as a fingerprint or facial scan. requirements through the external source (AD
Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. or federation IdP).
A local user account appears on the Users page (Access > Users) when an administrator adds the account to the platform.
An external user account appears on the Users page only after the user logs A record of background events typically related to systems, performance, outages, etc. A log is typically consumed by IT/Ops to help them ensure that things are running optimally and delivered according to the appropriate SLA. in to the platform for the first time.
Avoid Adding Local User Accounts
Adding Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. local user accounts to the platform is not considered a best practice for privileged access management. Local user accounts should be added
Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. only rarely, and for very specific purposes. For example, you might need to add a local user account for someone who needs to try out platform functionality for a very limited time. Vendors are also added
Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory runs on Windows Server and stores information related to user accounts, computer objects, groups, policies, and other entities on the network. as local accounts. For details, see Adding Local User Accounts.
For related content, see the following: