What role is required so everyone can use password vault
12-03-2018 11:25 AM
We are currently using Centrify cloud for all SSO and recently enabled password vault to store ID's and password for admin's. Now we want to enable it so all users who may have a priviledged ID for online apps or other applications can store those ID's and password in Centrify.
What role can I grant to all non-centrify admins to grant them access to Secrets / Domain accounts to be able to add ID's and passwords for Id's they own.
Thanks in advance.
12-03-2018 03:48 PM
For Applications (Web Apps) - Idaptive: No role is required. Everyone can add their own user/password apps and use the password wallet. That's part of the basic SKU.
For Infrastructure (Systems, Accounts, Secrets, etc) - Centrify: Use the Privilege Access Service User right for the role that will contain the users. I am not sure how you licensed the product, but there are cost implications of that move.
12-20-2018 06:31 AM
I created a new role and added Privilege Access Service User permissions to the role. I then added user to that role but the user cannot see the admin portal in the dropdown after they login.
12-20-2018 06:37 AM
Refresh the browser or reload the rights.
If you assigned by way of AD group membership, make sure changes in your directory have been replicated.
12-21-2018 11:27 AM
Thanks the info. The reload worked and the user can switch to admin portal and look at the accounts, but they still don't have the Add button available to add new secrets or accounts.
Is that a different role?
01-14-2019 12:51 PM
Please use examples.
All role profiles: https://docs.centrify.com/Content/CoreServices/UsersRoles/AdministrativeRights.htm