The Sectona Privileged Access Management (PAM) platform administrator is responsible for setting up details of all the users who are permitted to use. Users are given access according to their user role. Each user can be a member of one or more user groups. Groups define the ownership of accounts that the user is permitted to access.
The system can integrate with your corporate LDAP infrastructure like Microsoft Active Directory. LDAP groups can be mapped to Sectona discovery groups and thereby assigned permission on the system.
A user is set up in a system as a Person Data object and can subsequently be associated with other objects. All actions in the system are recorded against a unique user identity for audit purposes. It is strongly recommended to consider adding an extra layer of authentication with multi-factor authentication.
This chapter covers details about how to onboard users in the system. Sectona provides several enrollment methods to add users to the system. Users can be manually added automatically via directory sync or bulk import.
Adding a new user manually
The Sectona platform administrator can set up new users and assign them to groups. For this purpose, go to
Manage → User → Add new user and follow the below-mentioned steps:
Authentication type: Select one of the following types:
Sectona Authentication for enabling authentication within the application.
Directory Authentication for validating user access via Active Directory.
A user authentication system called Sectona Authentication is included. However, if your organization already uses an authentication service that incorporates Microsoft Active Directory, it is best practice to integrate the application with this service. Using one service prevents having to manage two sets of user information.
Directory store: If you have selected Directory authentication as an authentication type, choose a system-configured directory. For configuring a new directory store in the system, refer to Configuring directory service authentication.
Username: Provide a unique username in the application. If you add a directory user, you can validate the user details or skip to the user role as other details are synced from Active Directory.
Password: Provide a valid password for the user. You can set up password control in the section Authentication Providers by selecting Sectona MFA.
First Name: Provide the user's first Name (applicable for Sectona Authentication).
Last Name: Provide the user's last name (which is applicable for Sectona Authentication).
Mobile No: Provide the user's mobile no. (applicable for Sectona Authentication).
Email ID: Provide the user's email ID (which is applicable for Sectona Authentication).
Department: Provide the user's department (applicable for Sectona Authentication).
Company: Provider user's company information (applicable for Sectona Authentication).
Manager: Provide the user's manager details.
User role: Select a user role. If you want to add any custom role for this user, refer to the Managing user role.
Tags: Add relevant tags to this user. Refer to Tags for more information about adding context with tags.
User access policy: Section to select user access policy and configure policy parameters like access duration, session recordings, collaboration policy, multi-factor policy, etc.
If you have not configured any access policy, add User Access Policy.
Expiry: You can set an expiry date for the user account.
Devoid Security: If you tick the checkbox, the created user will always be allowed to log in without getting Locked or Dormant.
Status: By default, all users are provisioned with Active Status. You can disable the user here anytime.
Adding users in bulk
To add large numbers of new users to Sectona, it is recommended to use one of Sectona’s supported Active Directory-based groups (explained in the next section) or by using the bulk import function. Go to Manage → User → Import Bulk Users and follow the below-mentioned steps:
Step 1: Add user details
Authentication Type: Select one of the following types
Sectona Authentication for enabling authentication within the application
Directory Authentication for validating user access via directories like Active Directory
User Role: Select a user role. If you want to add any custom role for this user, refer to the Managing user role.
Tags (optional): Add relevant tags to this user. Refer to Tags for more information about adding context with tags.
User access policy: Select relevant user access policy and configure policy parameters like access duration, session recordings, collaboration policy, multi-factor policy, etc. If you have not configured any access policy, add User Access Policy.
Expiry (optional): You can set an expiry date for the user account.
Devoid Security: If you tick this checkbox, the created users will always be allowed to log in without getting Locked or Dormant.
- Linked User Group: Select the static user group in which you want to add the onboarded users from the drop-down list.
Step 2: Copy User Data to be onboarded
Download the CSV to add user details in the mentioned format
Copy the text from the CSV of user details to the text box.
Move to the next step.
Step 3: Summary & finalize
Validate the data entered and complete the action or review the details.
Please note that the username should be unique, and using the bulk method, you can add up to 1000 users simultaneously in the system.
Sync active directory user groups
IT environments with a Microsoft Active Directory domain/LDAP directory can import users with directory synchronization. This enables easy to sync with Active Directory security groups containing user information with a specific user group on the platform. User information for imported users is updated regularly to reflect the latest user status and information. Before executing this step, you must have configured Active Directory with the platform. Read more about configuring in Adding new LDAP/LDAPs directory.
To perform this step, go to Manage → User Groups → Add new User groups and follow-below mentioned steps:
Group name: Provide a valid user group name
Group description: Add any additional group information
Method: Active Directory Group
Directory store: Select the directory store name preconfigured in the system
User Groups: Browse and Select User Groups fetched from the directory selected above.
Exclude Users: If you want to exclude any user from the sync process, mention the names, and they will not be onboarded with the platform.
Activate this setting to start your sync process.
User synced with active directory groups is added with default 'User Role.'
This sync process requires system services to be activated: UserManagementService
Update user attributes
You can click on the respective username to edit/change details. After selecting the user, a form appears in which you can specify the modifications. Click on the Update button, and the changes made in the form will be updated.
Update user attributes in bulk
The user's list can be updated in bulk. You can go to the Users from the sidebar and select the Update Bulk Users option under the +Add New User(s) drop-down list.
To update/change asset details, follow the below steps:
Tick the checkbox for the fields you want to update and provide the updated value for those fields.
Click on the Download Format link.
This will download an Excel sheet on your system.
Click on the Next button.
Open the Excel sheet and add details of the users you want to update.
Copy the user's data into the Excel sheet and paste it into the text box.
Click on the Next button.
Validate the data in the Summary section and click on the Finish button.
All the users mentioned in the Excel sheet get updated in bulk with the current details.