Preparing delegated administrators

After assigning individuals as administrators in any administrative role, make sure to give them the following information:

  • The URL for logging on to the Forcepoint Security Manager. By default: 
    https://<console_location>:9443

    Substitute the IP address or hostname of the management server.

  • What Policy Server to select after logon, if applicable. In an environment with multiple Policy Server instances, administrators can select the Policy Server to use from the Web Security toolbar. They must select the Policy Server that is configured to communicate with the directory service that authenticates their managed clients.
  • Whether to use their network logon account or a local Forcepoint account when logging on to the Security Manager. If administrators log on with local accounts, provide the user name and password.
  • Their permissions: to create and apply policies to clients in the role, generate reports, create policies and generate reports, or audit administrator tasks without implementing changes.

    Advise administrators who have both policy and reporting permissions to consider what activities they plan to perform during the session. If they only plan to generate reports, recommend that they go to the Role field in the Web Security toolbar, and choose Release Policy Permissions. This frees the policy permissions for the role, enabling another administrator to access the Security Manager and manage policy for that role.

  • How to find the list of clients managed by their role. Administrators can go to the Policy Management > Delegated Administration page, and then click their role name to display the Edit Role page, which includes a list of managed clients.
  • Limitations imposed by the Filter Lock, if any categories or protocols have been blocked and locked.
  • The tasks that are generally performed by administrators. See Performing delegated administrator tasks.

Be sure to notify delegated administrators when you add or change custom file types and protocols. These components automatically appear in filters and policies for all roles, so it is important for those administrators to know when changes have been made.