Adding a network account

You can assign users configured as administrators in the User Directory as Security Manager administrators.

Steps

  1. Go to Global Settings > General > Administrators, and click Add Network Account.
  2. If you had selected Microsoft Entra ID as the directory server, do one of the following in Directory Search:
    • In Search by, select Users or Groups, and select the desired users or groups.
    • In Search, enter keywords to search on to find the accounts.

      When you enter a display name, user name or email address value in Search, the system returns results based on different matching rules for each type of input:

      • Display name search returns users or groups that matches words split by spaces, numbers, different casing or symbols (for example, EmailOnline matches words that contain email, online).
      • User name search returns users whose name starts with the entered value.
      • Email search returns users or groups whose email starts with the entered value.
    Note:
    • Object ID search is not supported.
    • Users without email address are not available for selection.
    • Users that are disabled are not available for selection.
    • For the network accounts using Microsoft Entra ID, two-factor authentication and password authentication are not supported. You must enable Single Sign-On under Global Settings > General > Single Sign-On. Before enabling Single Sign-On, make sure there is a local account as a Global Security Administrator in the system that can use password authentication as a fallback method.
  3. For other type of directory servers, in the Search field, enter keywords to search on to find the accounts to add as Security Manager administrators. By default, the search query already includes a wildcard so there is no need to include an asterisk (*) in a search.
    By default, the search context for your search is the default domain context from the Directory Service page (see Setting email notifications). To edit this context, you can click Refine search and enter a new search context. To revert to the default context, you can click Restore default.
    • For users, the following attributes are searched in the selected context.
      • Active Directory: Email Address, Logon Name, and Display Name
      • Novell eDirectory, Oracle Directory Service, or Lotus Notes/Domino: Email, Display Name, Username, and Common Name (CN)
    • For groups, the CN field is searched for all directory services.
    Search results display in the Search results list on the left-hand side. The search results list both users and groups that match the specified keywords, and that include both user name and email address in the directory service.
  4. Click the right arrow to add the account to the Selected accounts list.
  5. To remove a user from the Selected accounts list, select the check box next to the account name, then click the left arrow ().
  6. If certificate authentication is enabled on the page General > Two-Factor Auth (see Configuring two-factor authentication), click Certificate Authentication to upload or import the certificate used to authenticate the selected administrators during Security Manager logon.
    • Click Import from LDAP to import the certificate from your user directory.
    • Click Upload Certificate to browse to the location of the certificate and upload it.

      When the certificate has been imported or uploaded successfully, the certificate name, expiration date, issuer, and source information display in the Certificate Authentication section of the page.

  7. Once you have added one or more accounts to the Selected accounts list, select the check box to indicate whether to Notify administrator of the new account via email.
    To send administrator emails, you must set up SMTP details on the Notifications page. You can also customize the contents of the email message on the Notifications page (see Setting email notifications).
  8. To select the access permissions for the new administrators, do the following:
    • Select the check box Global Security Administrator and create an administrator with full permissions across all Security Manager modules.
      Note: Only Global Security Administrators can create other Global Security Administrators.
    • If the accounts are not Global Security Administrators, in the section Module Access Permissions, select permissions for the new administrators.
    • Choose a setting under each of the available options (Web, Data, Email) to give the new administrator permissions to manage one or more Security Manager modules. The options available depend on the modules in your subscription.

      For each module, choose whether the new administrator has:

      • No access to that module
      • Only access to the module
      • Both access and the ability to manage other administrators in that module For more information see Security Manager administrators.
      Note: Administrators can assign access permissions only for the Security Manager modules for which they have management permissions.
  9. After configuring administrator accounts, click OK.
    The settings are saved.