Local Users and Groups

Local users and groups can be created in Privileged Access Management’s internal user directory providing a method to quickly create, disable or automatically expire accounts for internal or external resources. 

These accounts are independent of any external user directories that you may also integrate with Privileged Access Management (i.e. Active Directory or LDAP). 

Only System Administrators may create and manage local users and groups on this global level.

Create a Local User

To create a new local user, navigate to Administration > Local Users and click the Create button. Populate the new user form as required.

Login

Enter a unique value that will be used to login to the system.

First Name

Enter a first name for this account.

Mail

Enter a last name for this account.

Mail

Enter an email address for this account.

Expiration

Enter a date and time when this account will be automatically disabled/locked. Leave blank if you do not want to automatically disable/lock this account.

Password

Enter the password for this account. The password must meet the requirements of the Local User Formula.

Repeat Password

Repeat the password for this account.

 

Click the Save button to complete the account creation process.

NOTE: Local Users can be added to Local Group membership only. Local Users cannot be added to any groups that originate from integrated external user directories like Active Directory.

Local User Password Formula

The local user password formula allows you to customize the complexity required for setting and resetting local user passwords. This formula is used for local user passwords only and is separate from all other formulas in the system.

To configure this formula, navigate to Administration > Local Users and click the Formula button. Customize this formula as required and click the Save button when complete.

Managing Local Users

Editing a local user account allows a System Administrator to update the First Name, Last Name, Email, Expiration and Password of any local user account.

Click the Edit button associated to the Login to edit an account.

 

Locking a local user prevents this account from logging into the system while Unlocking an account restores the ability to login to the system.

To Lock or Unlock an account, check the box next to the Login(s) and select Bulk Actions > Lock or Unlock option.

A locked account will display a lock icon () in the Locked column.

 

Deleting a local user removes the account from the system. 

Deleted accounts cannot be restored, so we would recommend using the Lock option instead of Delete if there is a possibility that the account will be needed again in the future. 

To delete a local user, click their Edit button and then the Delete button on their account’s edit page.

Create a Local Group

Local Groups are created and managed within Access Manager’s internal user directory and are used to provide group membership capabilities to both Local Users as well as external accounts like Active Directory Users.

 

To create a new local group, navigate to Administration > Local Groups and click the Create button. Populate the new group form as required.

Name

Enter a unique group name.

Description

Enter a group name description.

Once the group has been created, use the Add Member or Remove Members buttons to populate the group membership. Alternatively, you can use the Edit button to update membership or configuration of existing local groups.

NOTE: Local Group membership may include both local users and users that originate from your Privileged Access Management integrated Active Directory.

Use the Delete Group button to delete the group and use the Save Group button to save any changes that have been made to the group.