Managing Third-Party Contractors and Vendors
Organizations can use membership types in the Delinea Platform to manage user entitlements between limited Vendor User capabilities and full-featured IT User capabilities in Secret Server The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions.. The following table shows the differences between these two types of entitlements.
Delinea Platform users are automatically granted IT User entitlements unless their membership type is explicitly set to “Vendor”.
Customers who have purchased PRA A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS). concurrent user licenses are entitled to Vendor User capabilities automatically. Learn more about PRA
A feature of Delinea Platform that enables secure remote access to computers that is audited and session recorded. Formerly Remote Access Service (RAS). Understanding Entitlements and Licenses.
Entitlements are enforced even if a user is granted RBAC permissions for related actions.
Prerequisites
If you are using Secret Server The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. On-Premise with the Delinea Platform, see Manually Integrate Secret Server On Premise for the currently supported version.
Local Users
Customers can use their Delinea Platform local directory to onboard third-party users who need short-term access. Customers can also use the local directory when they do not want to add third-party users to their own identity Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. sources. For details, see Adding a Local User Account.
Bulk Import of Vendors
Delinea Platform provides a bulk import capability for organizations that deal with large numbers of third-party users and need an efficient way to manage access to Secret Server The Delinea secrets vault. Delinea Secret Server is an enterprise-grade secrets storage vault for securely storing, managing, and controlling access to privileged credentials and other sensitive data. See Secret Server on Platform, Secret Server Cloud (SSC), and Secret Server on Premises (SSOP) for distinctions. entitlements. To use bulk import, you prepare a file with user data, format it according to the system's requirements, and upload it.
For more detailed information about importing vendors in bulk, see Bulk Importing Local Users.
Active Directory
Tenant administrators can manage third-party vendor entitlements through Active Directory. For more information, see Managing Third-Party Vendor Entitlements When Using Active Directory.
Federated Vendors
Tenant administrators must create a custom attribute in the identity Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. provider (IdP) and map it to a PlatformUserMembershipType claim in the Delinea Platform. Claims for users must have a value of either Vendor or Employee.
For more information about managing third parties from a federated identity Identity is the process of identifying a particular user, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. source using SAML or OIDC, see Setting Up Federation.