Adding a local account

To add local administrator accounts:

1. Navigate to the page Global Settings > General > Administrators and click Add Local Account.

   The Add Local Account page displays.

2. Enter a unique Name.
   • The name must be between 1 and 50 characters long, and cannot include any of the following characters:

     * < > ' ‘ { } ~ ! $ % & @ # . " | \ & + = ? / ; : , ^ ( )

   • Names can include spaces and dashes.
3. Enter a valid Email address for the user.

   This email address is used to send account information to the new administrator.

4. Enter and confirm a Password for this user.
   The password must be 8–255 characters and include at least one of each of the following:

   • uppercase letter
   • lowercase letter
   • number
   • special character (such as hyphen, underscore, or blank)
   Note: If certificate authentication is enabled and password authentication is disabled on the page General > Two- Factor Auth, password logon is not available for the local account.
5. Under Administrator type, select either User or Application. (Added version 8.6.3)
   • Select User for administrator accounts that require access to the Security Manager. This is the standard type for all administrators.
   • Select Application if the account is used to access REST API services in the Data Security module. The Application type provides permissions to perform API requests to the Security Manager.

     The Email Address provided for this account will be used as the Application owner’s contact. Forcepoint DLP uses this email address if there is an issue with the Application.

     If you select Application, then all module access permission options on this page are disabled. The Application type grants access to the Data module by default and grants no permissions to the other modules. These permissions cannot be edited. Also, the Notify administrator of the new account via email and Force administrator to create a new password at logon options are not available.

6. To create an administrator with full permissions across all Security Manager modules and functions, mark the check box Global Security Administrator.
   Note: Only Global Security Administrators can create other Global Security Administrators.
7. To send account information and access instructions to the new administrator via email, mark the check box Notify administrator of the new account via email.

   To send administrator emails, you must set up SMTP details on the Notifications page. Optionally, also customize the contents of the email message on the Notifications page (see Setting email notifications).

8. To require the administrator to change the account password the first time he or she logs on to the Security Manager, mark the check box Force administrator to create a new password at logon.
9. If certificate authentication is enabled on the page General > Two-Factor Authentication:
   1. Click Certificate Authentication.
   2. Browse to the location of the certificate to use for administrator authentication for this account.
   3. Click Upload Certificate.

   For more information, see Configuring two-factor authentication.

10. If this account is not a Global Security Administrator, in the section Module Access Permissions, select the permissions to give to the new administrator.
    • Choose a setting under each of the available options (Web, Data, Email) to give the new administrator permissions to manage one or more of the Security Manager modules. The options available depend on the modules in your subscription.
      For each module, choose whether the new administrator has:

      • No access to that module
      • Only access to the module
      • Both access and the ability to manage other administrators in that module For more information see Security Manager administrators.

      Note: Administrators can assign access permissions only for the Security Manager modules for which they have management permissions.
11. When you are finished making changes, click OK.

    The changes are saved.