User Settings

Search forUsersto get to the Users page, and select the related user from the list to view its settings under the General tab. Below is a brief explanation of each text-entry field or control:

  • Username: The username used to log in.
  • Display Name: Text that is used throughout the user interface, such as in audits. A friendly name for this user.
  • Domain: If a drop-down list is visible, selecting a domain from the list is one way to set the expected domain of the user. However, a more dynamic way to have this text-entry field (and all the other text-entry fields) set is through Active Directory synchronization.
  • Email: Email address used for Request Access, email two-factor authentication, and the like.
  • Slack ID: The Slack ID for this user.

  • Application Account: Application accounts have limited functionality and are intended for application integrations where this user can call the API services but not log in to the application.

  • Multifactor Authentication: Multifactor authentication for new users. See Email Authentication for details. Available multifactor types:
    • FIDO2: Passwordless authentication using security keys or biometrics, offering strong, phishing-resistant security.
    • TOTP Authenticator: Generates time-limited passcodes via apps like Google Authenticator for two-factor authentication.
    • Duo: Cloud-based MFA solution offering various methods like push notifications and passcodes for enhanced security.
    • Radius: Protocol for centralized authentication and access management, commonly used for network and VPN access.
    • Email: Sends a one-time passcode or link to the user's email for secondary authentication.
  • Enabled: Disabling this control removes the user from the system. Effectively, this is the way to delete a user. Secret Serverdoes not allow complete deletion of users due to auditing requirements. To re-enable a user, search forUsers, select the Include disabled in the status field, and edit the user to mark them enabled (see Configuring Users).
  • Status: A locked out account is unable to log in until the account is unlocked by an administrator.

  • Restricted By Team: Indicates whether or not the user has the role permission Unrestricted By Teams.

  • User managed by: Allows specific users to manage this user that are not neccessarily user admins. Can be set to a specific user or All Users with Administer Users Role Permission.

  • IP address restrictions: IP Address restrictions allow you to choose what IP Address range this user can use to access the application. When one or more IP Address ranges are enabled, this user will only be able to access the application from the enabled IP Address Range(s).