The Sectona platform administrator is responsible for setting up details of all the users who are permitted to assign product users. PAM users are given access according to their user role. Each user can be a member of one or more user groups. Groups define the ownership of accounts that the user is permitted to access.
The system can integrate with your corporate LDAP infrastructure like Microsoft Active Directory. LDAP groups can be mapped to Sectona discovery groups and thereby assigned permission on the system.
A user is set up in a system as a Person Data object and can subsequently be associated with other objects. All actions in the system are recorded against a unique user identity for audit purposes. It is strongly recommended to consider adding an extra layer of authentication with multi-factor authentication.
This chapter covers details about how to onboard users in the system. Sectona provides several enrollment methods to add users to the system. Users can be manually added automatically via directory sync or bulk import.
Adding a new user manually
The Sectona platform administrator can set up new users and assign them to groups. For this purpose, go to
Platform Configuration → User Management → Users → Add new user details:
Authentication type: Select one of the following types:
Sectona Authentication for enabling authentication within the application.
Directory Authentication for validating user access via Active Directory.
A user authentication system called Sectona Authentication is included. However, if your organization already uses an authentication service that incorporates Microsoft Active Directory, it is best practice to integrate the application with this service. Using one service prevents having to manage two sets of user information.
Directory store: If you have selected Directory authentication as an authentication type, choose a system-configured directory. For configuring a new directory store in the system, refer to Configuring directory service authentication
Username: Provide a unique username in the application. If you add a directory user, you can validate the user details or skip to the user role as other details are synced from Active Directory.
Password: Provide a valid password for the user. You can set up password control in the section Authentication Providers by selecting Sectona MFA.
First Name: Provide the user's first Name (applicable for Sectona Authentication).
Last Name: Provide the user's last name (which is applicable for Sectona Authentication).
Mobile No: Provide the user's mobile no. (applicable for Sectona Authentication).
Email ID: Provide the user's email ID (which is applicable for Sectona Authentication).
- Tags: Add relevant tags to this user. Refer to Tags for more information about adding context with tags.
- User Logon policy: Under the policies tab, select user logon policy and configure policy parameters like access duration, session recordings, collaboration policy, multi-factor policy, etc.
- User Role: Under the policies tab, with this option you can select a user role configured in User Role Management.
- Company: Under the policies tab, provider user's company information (applicable for Sectona Authentication).
Department: Under the policies tab, provide the user's department (applicable for Sectona Authentication).
- Manager: Provide the user's manager details.
Devoid Security: If you tick the checkbox, the created user will always be allowed to log in without getting Locked or Dormant.
- Expiry: You can set an expiry date for the user account.
Status: By default, all users are provisioned with Active Status. You can disable the user here anytime.
Once you have completed adding a User to the Sectona Platform, you can add this User within the PAM product. Click on Manage from the navigation bar, User Management → + Add User → Select the name of the User from the drop down menu. Add the policy and activate the user from the slider.
Adding users in bulk
To add large numbers of new users to Sectona, it is recommended to use one of Sectona’s supported Active Directory-based groups (explained in the next section) or by using the bulk import function. Go to Platform Configuration → User Management → Users → Bulk User → Import and add the following details.
Step 1: Add user details
Authentication Type: Select one of the following types
Sectona Authentication for enabling authentication within the application
Directory Authentication for validating user access via directories like Active Directory
User Role: Select a user role. If you want to add any custom role for this user, refer to the Managing user role.
Tags (optional): Add relevant tags to this user. Refer to tags or more information about adding context with tags.
User logon policy: Select relevant user logon policy and configure policy parameters like access duration, session recordings, collaboration policy, multi-factor policy, etc. If you have not configured any access policy, add User Logon Policy.
Expiry (optional): You can set an expiry date for the user account.
Devoid Security: If you tick this checkbox, the created users will always be allowed to log in without getting Locked or Dormant.
Step 2: Copy User Data to be onboarded
Download the CSV to add user details in the mentioned format
Copy the text from the CSV of user details to the text box.
Move to the next step.
Step 3: Summary & finalize
Validate the data entered and complete the action or review the details.
Please note that the username should be unique, and using the bulk method, you can add up to 1000 users simultaneously in the system.
Sync active directory user groups
IT environments with a Microsoft Active Directory domain/LDAP directory can import users with directory synchronization. This enables easy to sync with Active Directory security groups containing user information with a specific user group on the platform. User information for imported users is updated regularly to reflect the latest user status and information. Before executing this step, you must have configured Active Directory with the platform. Read more about configuring in Adding new LDAP/LDAPs directory.
To perform this step, go to Manage → User Groups → Add new User groups and follow-below mentioned steps:
Group name: Provide a valid user group name
Group description: Add any additional group information
Method: Active Directory Group
Directory store: Select the directory store name preconfigured in the system
User Groups: Browse and Select User Groups fetched from the directory selected above.
Exclude Users: If you want to exclude any user from the sync process, mention the names, and they will not be onboarded with the platform.
Activate this setting to start your sync process.
User synced with active directory groups is added with default 'User Role.'
This sync process requires system services to be activated: UserManagementService
Update user attributes
You can click on the respective username to edit/change details. After selecting the user, a form appears in which you can specify the modifications. Click on the Update button, and the changes made in the form will be updated.
Update user attributes in bulk
The user's list can be updated in bulk. You can go to Platform Configuration → User Management → User→ Bulk User → Update.
To update/change asset details, follow the below steps:
Tick the checkbox for the fields you want to update and provide the updated value for those fields.
Click on the Download Format link.
This will download an Excel sheet on your system.
Click on the Next button.
Open the Excel sheet and add details of the users you want to update.
Copy the user's data into the Excel sheet and paste it into the text box.
Click on the Next button.
Validate the data in the Summary section and click on the Finish button.
All the users mentioned in the Excel sheet get updated in bulk with the current details.