Enabling access to the Security Manager

Use the page Global Settings > General > Administrators to create and manage the accounts that administrators use to access the Security Manager.

Note: This page is available only to Global Security Administrators and administrators who have permission to manage at least one Security Manager module.

In deployments that include a combination of web, email, and data solutions, administrator accounts can be given individual or joint access to the available Security Manager modules.

Next to the Name column, the Administrator type column (new in version 8.6.3) displays the type of administrator:

  • The User type is used for all administrator accounts that require access to the Security Manager. This is the standard role for all administrators accounts.
  • The Application type is used to access REST API services in the Data Security module. The Application type provides permissions to perform API requests to the Security Manager. This type is not supported for administrators with permissions on the Web or Email modules.

Next to the Administrator type column, the Account type column displays the type of account:

  • Local accounts are created specifically for use within the Security Manager.
  • Network accounts are accounts from a supported directory service that have been granted access to the Security Manager (see Setting email notifications).

To add an account, click either Add Local Account or Add Network Account (see Adding a local account, and Adding a network account).

Note:

If RSA SecurID authentication is enabled on the page General > Two-Factor Auth, any administrator accounts with a User type added on this page are used only as a fallback if the RSA Authentication Manager cannot be reached.

RSA SecurID is not supported for the Application type. See Configuring two-factor authentication.

If an administrator account has an exclamation mark icon next to the name on this page, the account does not have an email address associated with it. This means the administrator will not receive notifications of password changes or permission updates. Edit the administrator details to add an email address.

If you are viewing this page as a Security Manager administrator with permission to manage at least one Security Manager module, you can manage and delete only administrator accounts for those modules.

Global Security Administrators can manage and delete any existing accounts. To delete an account, mark the check box next to the account name and click Delete.

Important: If you delete an administrator account, actions performed by this administrator will no longer appear in the Forcepoint DLP incident history. To preserve administrator actions, it is recommended that you do not delete the account, but instead limit the administrator’s role in the Data Security module.