You can edit the details pertaining to existing list of users to change details such as email id, access level, password policy, department and location. Also, you can enable or disable two-factor authentication for any user, anytime.
To edit users,
- Go to "Admin" tab and click "Users"
- The list of users will be displayed
- Click the "Edit" button present against the user. In the UI that pops-up, you can edit the first name, last name, mail id, access level, password policy, department and location of the user
- You can also enable/disable 'two-factor authentication' for the particular user
- When RSA SecurID is used as the second authentication factor, you need to ensure that the user name in RSA Authentication Manager and the corresponding one in PMP are same. In case, for the already existing RSA users, if the user name in PMP and in RSA Authentication Manager are different, you can do a mapping of names in PMP instead of editing the name in RSA. This can be done from here through "RSA SecurID UserName". (Assume the scenario that in PMP you have imported a user from Active Directory, who has the username (say) ADVENTNET\rob in PMP. In RSA Authentication Manager, assume that the username is recorded as 'rob'. In normal case, there will be mismatch of usernames between PMP and RSA Authentication Manager. To avoid that, you can do a mapping in PMP - ADVENTNET\rob will be mapped to rob).
- You can change 'Access Scope' to make an administrator/password administrator, a super administrator by choosing the option "All Passwords in the system". Conversely, a super administrator can be changed to his earlier role of administrator/password administrator by choosing the option "Passwords owned and shared".
- Click "Save" to give effect to the changes
Important Note: While changing the access levels/ access scope, the following rule would be applied:
If you are an Administrator, you will not be allowed to change your access level or scope (that means, the currently logged in administrator's access level cannot be changed). You will have to request another administrator to do the change.
Administrators can delete those users who are no longer required. The delete operation is a permanent one and cannot be reverted.
(1) PMP will allow to delete users only if the user/users do not own any resource. If the user(s) own any resource, you need to first transfer the ownership of all the resources to some other Password Administrator.
(2) Currently logged-in user will not be permitted to delete himself/herself
To delete a user or users,
- Go to "Admin >> Users" tab
- Select the user/Users and click "Delete Users". The user will be deleted from the database once and for all
- Since the resources owned by the user have been transferred to other users prior to deletion, there will not be any loss of enterprise data. However, all the personal data stored by the user will be deleted once and for all. The audit trails will clearly capture all these changes and deletion. The audit trails depicting the activities of the user will remain unaffected in the database even after deleting the user. Audit trails will not be deleted.
How to delete the in-built 'admin' user?
Before proceeding to delete the admin user, check if the admin user owns any resources. If so, the resources should be transferred to another administrator/password administrator.
- Go to "Admin >> Users" tab
- Transfer all the resources owned by 'admin' to another administrator/password administrator
- If you have logged-in as the 'admin' user who has to be deleted, you will not be permitted to delete (currently logged-in user cannot be deleted)
- Place a request to some other administrator (other than the one to be deleted) to delete the 'admin' user.
- The above procedure holds good for deleting any user with the role administrator/password administrator