User Management

Users vs. Accounts :

Users : People who have been granted access to the system (To access passwords, To manage policies, Typically defined by their Domain credentials)

Accounts : The actual privileged account IDs and passwords ( Stored in Safes, Examples include domain administrators, local administrators, root accounts, service accounts and more)

Internal vs. Transparent Users and Groups

Internal Users and Groups : Internal users and groups in CyberArk are created, stored, and managed entirely within the CyberArk system, without relying on external identity providers like Active Directory or LDAP. These users authenticate directly with CyberArk, and groups simplify permission management by collectively applying roles to multiple internal users.

Transparent users and groups : Transparent users and groups in CyberArk are managed externally, typically through an identity provider like Active Directory, with their identities synced into CyberArk for authentication and authorization. These users and groups are not managed directly within CyberArk but are visible and used within the system for access control.

Predefined users and groups :

Predefined users and groups in CyberArk are default accounts and roles that come with the CyberArk installation. These are built-in entities with specific roles and permissions designed to facilitate initial setup and basic management tasks.

For example : the Vault Admin is a predefined user with full administrative rights, and there are predefined groups like Auditors for overseeing activities without altering configurations.

The most important user is the Master user

Master User : The Master user is the most powerful user in the system, with full Safe and Vault authorizations that cannot be removed

Add users in PrivateArk client :

• Log on to the PrivateArk Client as an Administrator.
• From the Tools menu, select Administrative Tools > Users and Groups.

• In the hierarchy, select the location where the user will be, click New, and then select User.
• In the different tabs of the New User window, fill in the information as described below. The General and Authentication tabs are mandatory. The other tabs are optional.

User Management in PVWA

Starting on PAM version 13,

? Create and Edit CyberArk Users

? Create Groups and Assign users to them

? Disable a user or Activate a suspended user

? Reset a user’s password