Managing user operations
In a typical enterprise environment, user information and attributes need to be updated continuously and their updated status must be maintained efficiently. This chapter provides help with managing user management operations. It includes:
Disabling a user account
If you want to disable or deactivate a user within PAM, follow the below-mentioned procedure:
- Login to the system and select PAM from the product navigator.
Navigate to Manage → Users.
Search or select the user within the user list from the user tab.
Browse the user details and toggle the status.
Changing a user account password
Follow any one of the methods to change the user account password :-
Method1:
- Login to the system and select Platform Configuration from the product navigator.
Click on your User Profile and select Change Password from the drop-down menu.
- From the pop-up, enter the current password and the password you would like to change.
Method 2:
- Login to the system and select Platform Configuration from the product navigator.
- From the User Management section → click on Users.
- Click on the edit button of the user whose password you would like to change.
- Enter the new password in the defined field and click on update.
FOR METHOD 2
Only users with Sectona Authentication can change their password from Platform Configuration.
Changing user status
A Sectona PAM user's status can be one of the following:
Pending Approval - User must be approved by a user to be enabled in the system.
Active - The user can authenticate and access functions of the system.
Disabled - The user is not permitted to use the system and log on is denied. This status is enabled based on Dormancy threshold settings configured in the User authentication policy. For more information, refer section here.
Dormant - The user is not permitted to use the system and log on is denied. User account status is Inactive when the account is manually disabled by the administrator of the solution.
Locked - The user is not permitted to use the system and log on is denied. This status is enabled based on Account lockout threshold settings in user authentication settings. For more information, refer to the section here.
To change the status of an account within PAM, refer below procedure:
- Login to the system and select Platform Configuration from the product navigator.
Select Users from User Management.
Select the user you wish to update.
Click on the edit button next to the user.
View the Status Change and modify the status as Active or Inactive.
Adding user-specific account alias
In case named user accounts have multiple privileged accounts without any standard naming convention, User Aliases can be added for each user to define user profiles. For example, username John (active director authenticated) has multiple privileged accounts like jhn12 (for administration), 1823jhn (for job management), you can define an alias for user John listing all usernames or type of username he frequently accesses. Follow the steps listed below for adding user aliases:
- Login to the system and select PAM from the product navigator.
Navigate to Manage → User Management → Users.
Click on to the action icon for the selected User and then click on the 'User Alias' tab.
Provide alias name and click on Add.
Adding security to sessions taken by the user
When a user accesses an asset using a particular account, the recording of that session is visible under Session → Session View.
To add security to those sessions in regards to, which session recording should be visible to a user, the following ways can be used:
Adding security using User Groups
- Login to the system and select PAM from the product navigator.
Navigate to Manage → User Management → Users.
Click on the action button and select Security Settings tab.
Toggle the Session View Restricted To slider.
Click on the Specific User Groups radio button and select the User Group from drop-down menu.
Click on Save.
Under this configuration, the users belonging to the selected user group will be able to view the session recordings under Session → Session View.
Adding security using Account Groups
- Login to the system and select PAM from the product navigator.
Navigate to Manage → User Management → Users.
Click on the action button and select Security Settings tab.
Toggle the Session View Restricted To slider.
Click on the Specific Account Groups radio button and select the Account Group from drop-down menu.
Click on Save.
Under this configuration, the user with accounts belonging to the selected account group will be able to view the session recordings under Session → Session View.
Adding session timeout for user
- Login to the system and select PAM from the product navigator.
Navigate to Manage → User Management → Users.
Click on the action button and select Security Settings tab.
Untick the Global checkbox under Session Lockout and select a session timeout value from the drop-down menu.
Click on Save.
Under this configuration, the session taken by the user will be terminated after the specified session lockout value.
The global value for Session Timeout is under Platform Configuration → System Defaults → User Session Lockout (Minutes).
Adding security using Thin Client
- Login to the system and select PAM from the product navigator.
Navigate to Manage → User Management → Users.
Click on the action button and select Security Settings tab.
Toggle the Allow Access via Thin Client slider.
Click on the Allow Only From Specific Clients slider and mention the keys of the client machine in the text field.
Click on Save.
Under this configuration, the user will be able to take sessions only from the machines whose keys are specified in the settings.
To get the key to your client machine, follow the below steps:
Login to the system, select PAM product navigator→ Click on User Profile → Settings → Download Utilities → Click on Thin Client ID.
A window will display the key of your client machine for 15 seconds. To copy the key, click on the Copy to Clipboard button.
Resetting the multifactor authentication of user
To reset multifactor authentication for a user, login as an administrator and go to Platform Configuration → Users under User Management column click on the icon of the user and click on Reset Multifactor. On the reset multifactor window, choose the appropriate authentication type applied on the user and click on Reset.
| Icon | Title |
|---|---|
| Action |
| Edit |
