Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Enable, Disable, or Mirror: A Deeper Look into User Administration

Written by Thycotic Team

January 7th, 2014

Controlling users is one of the most important facets of Secret Server password management administration. While Secret Server supports local users and groups, the easiest way to administer users is to use Active Directory (AD) integration. Secret Server can automatically pull in existing AD users and groups and create user accounts with the same permissions. After discovering the groups, Secret Server offers several different options on importing the data.

Edit Active Directory Administration in Secret Server

Enabling Users. First, you have the option of automatically creating and enabling all users from the selected groups. This is the best option for small groups with only user accounts that need enabling.

Disabling Users. The next option is to have the users created and marked as disabled. Don’t worry, disabled users do not count towards license seats. This is ideal when importing groups with a mix of service and user accounts. Disabling allows administrators to import the existing groups without worrying about exceeding license limits and adds another layer security because users added through AD don’t automatically have access to Secret Server. Simply import and select which users you want to enable. This can all be done using the Bulk Operation feature by administrating multiple users at once.

Mirroring User’s Status. Finally, Secret Server can mirror the user’s status in AD. Mirroring the status will not only create the users in Secret Server but also automatically enable and disable users based on their status within the AD group. Unlike the other options, it is the only method that actively affects existing users. This is useful for administrators who want to automate permissions based on groups. Mirroring allows you to administer AD groups and automatically reflect changes within Secret Server. As for security options, Secret Server supports the use of RADIUS if two-factor authentication is a concern, along with our built-in email based two-factor.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS