User Classifications

This topic explains the different ways users are classified on the Delinea Platform.

Although the Platform uses the terms, IT User and Business User, these are not user classifications but rather license types.
For more information see Platform License Types.

On the Delinea Platform, users are classified in multiple ways, including by whether they are human or non-human, by their identity source, by their membership type, and by their relationship to Secret Server. These classifications, along with the user’s permissions granted through their roles and memberships, determine how the user is authenticated and what resources they can access.

For more information see

• Managing User Accounts

• Business User Roles and Entitlements (Credential Manager Browser)

 

Human vs. Non-Human

• Users: All human users

• Service users: Non-human, non-interactive, programmatic access (API and service accounts). For more information, see Authenticating with Platform APIs.

On the Users page, you can change the users displayed by filtering by Users or Service Users.

Identity Source

Platform users are also identified by their Identity Source for authentication purposes:

• Delinea Directory: (Local) Created and managed directly in the Delinea Platform

• Active Directory: Synced from on-premises Active Directory.

• Federated Directory Service: Synced from external identity providers (e.g., SAML, OIDC).

• Entra ID Directory: Synced from Entra ID

On the Users page, you can change the users displayed by filtering by Source.

Membership Type

Platform users are also identified by their Membership Type, sometimes known as their Identity Type. Membership Type classifies users according to their relationship to the organization, and specifies the policies and compliance standards that apply. Membership Types include the following:

• Employee: Internal staff members of your organization.

• Vendor: External users (contractors, consultants, third-party partners, etc.). A Vendor membership can apply to any User Type (Delinea Directory, Active Directory, Federated Directory Service, etc.) and to the IT User License Type, but vendors are managed with additional controls and workflows. See Contractor and Vendor Access.

On the Users page, you can change the users displayed by filtering by Membership Type.

Secret Server Relationship

Platform users are also identified by their relationship with Secret Server, which will be one of the following:

• Hybrid: The user account existed in Secret Server first, and the platform user account is applied "on top" of that. These users have direct access to both the Delinea Platform and Secret Server. They can log into Secret Server directly if they need to. Passwords are not synchronized between the platform and Secret Server. Users must reset their passwords independently in platform and Secret Server.

• Native: The user account existed on the platform first, and the associated Secret Server account was created afterward. These users can only log in through the platform, but not through Secret Server. They cannot authenticate directly with Secret Server.

• None: The user account exists in Secret Server only. It is not associated with any platform account.

On a specific user page, you can view the user’s Secret Server relationship under Secret Server Details.

See the following content on users:

• Managing User Accounts

• Managing Your User Profile

• Managing Vendor Entitlements with Active Directory

• Adding Users

• Platform License Types