Accounts

Description

An account is the way an user is presented on a target system.  There can be user accounts as well as system-purpose accounts.

An account belongs to a system and that account can have specific permissions assigned to it. An account must have defined the account type, that is if the account is a single user, privileged, shared, or unmanaged.

The password policy is also mandatory to create an account. That password policy determines the conditions that the password must meet.

It is allowed to set a password for an account, which can be a generated password by the system, or a password set by the administrator user. That password must comply with the password policies defined. When the account is unmanaged, if the password change, it will not be sent to the target system.

The account can be displayed in black or gray color. The gray color is used to indicate that the account is unmanaged, that is because the agent is disconnected or because the agent is in Read-Only Mode.

Screen overview

image-1719228483734.png

image-1719228508836.png

Related objects

An account is related, in Soffid, to other objects:

  1. User: users related to this account.
  2. Groups: groups to which the account belongs.
  3. Roles: the permissions that this account has associated with the system in which it is used. They can be assigned or revoked by users with administrator privileges.
  4. System: the environment in which that account is used (AD, Exchange, etc).

Standard attributes

Basic

On the basic account tab, you can view all the account attributes. It is allowed to add new accounts,  update or delete existing accounts and other options.

Commons attributes
💻 Image

image-1719233419405.png

Owners, Managers, and SSO users

Specify the list of users authorized to use this account. For accounts of type "single user", only one user can be specified. Other accounts can have more than one user. The users that can use this account can be specified either directly, by entering the user name, or indirectly, by entering a group or role name. At the latest, any user having that group or role will automatically be entitled to use this account.

There are three access levels for each account and user:

💻 Image

image-1719233557453.png


image-1719233513719.png

image-1719233528148.png

Password vault
💻 Image

image-1695656753816.png

Password synchronization
💻 Image

image-1719323670659.png

Launch properties

Defines the properties to connect to the target system.

💻 Image

image-1695656777606.png

Audit information
System properties
Events history

List of events on this account

💻 Image

image-1718876785949.png

Services

List of services on this account. The account type must be shared to view those services. All these services appear after agent reconciliation.

💻 Image

image.png

Soffid allows you to manage the existing services, you can add, update or remove services as well. This makes sense in the case of Linux machines. 

💻 Image

image.png

Roles

A role is a collection of permissions that can be granted.

On the roles tab, you can view the roles assigned to the account, it is shown information about the role name, description, application or start (and, if proceed, end) date of the role assignment. 

You can also assign roles to the account, you can click the add symbol (+), select the role that you want to assign, depending on the role you must fill the scope, and finally set memberships properties.

It is also possible to revoke roles to the account from the entitlement details or by selecting one or more records from the list and clicking the button with the subtraction symbol (-). 

By clicking on a record, it is shown the detail  role assignment information.

Additionally, you can download a CSV file with the roles information and you can also upload a CSV file to assign or revoke roles.

💻 Image

image-1719233811973.png

Effective roles

Hierarchy of permissions assigned to or inherited. 

This screen details the effective roles for the selected account.

💻 Image

image-1719233833791.png

Actions

Account query actions

Query

Allows you to query accounts through different search systems, Quick, Basic and Advanced.

Add or remove columns

Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed. The selected columns and order will be saved for the next time Soffid displays the page to the user.

Add new

Allows you to add a new account in the system. You can choose that option on the hamburger icon or click the add button (+).To add a new account it will be mandatory to fill in the required fields

Delete

Allows you to remove one or more accounts by selecting one or more records and next clicking the button with the subtraction symbol (-).To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Download CSV file

Allows you to download a CSV file with the basic information of all accounts. 

Bulk actions

Allows massive operations to be performed on all system accounts.  With that operation, updates can be made to any of the account's parameters. First of all, you must select the records that you want to update, once you have selected them, you must choose the bulk action on the hamburger icon. For more information visit the Bulk action page.

Account detail actions

Apply changes

Allows you to save the data of a new account or to update the data of a specific account. To save the data it will be mandatory to fill in the required fields

Delete

Allow you to remove the account. You can choose that option on the hamburger icon

To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Undo

Allows you to quit without applying any changes.

Set password

This option depends on the credential type selected.

Password

  • Allows you to set a new password to the account or a SSH key.
  • The password can be generated automatically, or you can set the password. 
  • It will be mandatory the password complies with the Password policies defined for the domain.
  • If an account is unmanaged, the password will not be sent to the target  system.
💻 Image

image-1719228754621.png


SSH key:

  • Allows you to generate a new key or enter an existing key.
💻 Image

image-1718953483648.png

 Kubernetes key:

  •  Allows you to  add a YAML descriptor


💻 Image


image-1718953740300.png



Show actual account properties

Display the account attributes at the target system. To perform that action, Soffid needs to connect with the target system and get the account attributes that will be shown.

Roles

Assign Role

Allows you to assign a new role to the account. You can choose that option on the hamburger menu or click the add button (+).

Then you need to select a role from the role list. If it is necessary, the next step will be to set the scope. Then you need to check and fill in the membership properties. And finally, apply changes.

Revoke Role

Allows you to revoke one by one or to revoke some roles at the same time.

To revoke some roles at the same time, you need to select the roles, and then click the button with the subtraction symbol (-).

To revoke one role, you can click the role, and then Soffid will show a form with the details. Then you can click the delete button (trash icon).

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

Import

Allows you to upload a CSV file with the role list to assign permission.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows you to download a CSV file with all the information about account roles. 




Revision #68
Created 24 March 2021 12:21:18 by pgarcia@soffid.com
Updated 11 November 2024 07:29:08 by pgarcia@soffid.com