What role is required so everyone can use password vault

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Participant III
Posts: 11
Registered: ‎10-10-2018
#1 of 7 828

What role is required so everyone can use password vault

We are currently using Centrify cloud for all SSO and recently enabled password vault to store ID's and password for admin's.  Now we want to enable it so all users who may have a priviledged ID for online apps or other applications can store those ID's and password in Centrify. 

 

What role can I grant to all non-centrify admins to grant them access to Secrets / Domain accounts to be able to add ID's and passwords for Id's they own.

 

Thanks in advance.

Centrify Guru I
Posts: 2,431
Registered: ‎07-26-2012
#2 of 7 823

Re: What role is required so everyone can use password vault

[ Edited ]

@SD810161

 

For Applications (Web Apps) - Idaptive:  No role is required.  Everyone can add their own user/password apps and use the password wallet.  That's part of the basic SKU.

user-portal.png

 

For Infrastructure (Systems, Accounts, Secrets, etc) - Centrify:  Use the Privilege Access Service User right for the role that will contain the users.  I am not sure how you licensed the product, but there are cost implications of that move.

 

psu.PNG

 

R.P

 

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant III
Posts: 11
Registered: ‎10-10-2018
#3 of 7 745

Re: What role is required so everyone can use password vault

I created a new role and added Privilege Access Service User permissions to the role.  I then added user to that role but the user cannot see the admin portal in the dropdown after they login. 

Centrify Guru I
Posts: 2,431
Registered: ‎07-26-2012
#4 of 7 741

Re: What role is required so everyone can use password vault

Refresh the browser or reload the rights.

If you assigned by way of AD group membership, make sure changes in your directory have been replicated.

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant III
Posts: 11
Registered: ‎10-10-2018
#5 of 7 690

Re: What role is required so everyone can use password vault

Thanks the info.  The reload worked and the user can switch to admin portal and look at the accounts, but they still don't have the Add button available to add new secrets or accounts.

 

Is that a different role?

 

Participant III
Posts: 11
Registered: ‎10-10-2018
#6 of 7 460

Re: What role is required so everyone can use password vault

Is there a role different from being able to view?

Centrify Guru I
Posts: 2,431
Registered: ‎07-26-2012
#7 of 7 453

Re: What role is required so everyone can use password vault

What’s your requirement?
Please use examples.

All role profiles: https://docs.centrify.com/Content/CoreServices/UsersRoles/AdministrativeRights.htm
Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: