Use the User Accounts screen to create new user accounts for Apex Central administrators or to import users or groups from an integrated Active Directory structure.
-
Only the <Root> account created during installation, or user accounts that have been assigned the Administrator or Administrator and DLP Compliance Officer user role, can create new user accounts on Apex Central.
-
Importing users or groups from an Active Directory structure requires an integrated Active Directory structure.
For more information, see Active Directory Integration.
-
Integrating an Active Directory structure allows Active Directory users or groups to log on to Apex Central by using the Log On with Domain Credentials button without having to provide their user names and passwords.
For more information, see Accessing the Web Console.
-
Go to Administration > Account Management > User Accounts.
The User Accounts screen appears.
-
Click Add.
The User Accounts > Step 1: User Information screen appears.
-
Select Enable this account to enable
the account upon creation.
Note:
Apex Central cannot disable accounts for Active Directory users or groups. To disable an Active Directory account, you must disable the account from the Active Directory server.
For more information, contact your Active Directory administrator.
-
Select the account type.
-
To create a new Apex Central user account:
-
Select Custom account.
-
Configure the following required account information:
Information
Description
User name
Type the account name that the user provides to log on to the Apex Central web console.
Full name
Type the full name of the user.
Password
Type the password that the user provides to log on to the Apex Central web console.
Note:Users can change their passwords on the My Account screen.
For more information, see Viewing or Editing User Account Information.
Confirm password
Type the same password provided in the Password field.
Email address
Type the email address to which the user has notifications delivered.
Note:-
This field is required for Apex Central to send reports and event notifications by email or when Two-Factor Authentication is enabled.
-
You must also configure SMTP server settings in order for Two-Factor Authentication to work properly and for Apex Central to send reports and notifications by email.
For more information, see Configuring SMTP Server Settings.
-
-
-
To import users or groups from an integrated Active Directory structure:
-
Select Active Directory user or group.
-
Search for Active Directory users or groups using the following:
-
User/Group name
Note:-
This field is required.
-
You can use an asterisk wildcard (*) to search using partial string matching.
For example, typing "tom*" searches for all users or groups with names that start with "tom".
-
-
Base distinguished name
-
-
Click Search.
Active Directory accounts that match the specified criteria appear in the Search result list.
-
Select Active Directory users or groups from the Search result list and click >.
The selected Active Directory users or groups appear in the Selected users/groups list.
Important:-
Apex Central 2019 requires you to manually synchronize Active Directory data before imported users or groups can log on to Apex Central using their Active Directory domain credentials.
For more information, see Active Directory Integration:
-
You do not need to manually synchronize Active Directory data from an Active Directory structure migrated from a previous version of Control Manager. Users and groups from the migrated Active Directory structure can log on to Apex Central as soon as the migration completes.
-
-
-
Click Next.
The User Accounts > Step 2: Access Control screen appears.
-
Select a user role from the Select role
drop-down.
Note:
-
The access rights defined for a user role take precedence over the managed product/folder access rights that you configure for individual user accounts.
-
The DLP Compliance Officer and DLP Incident Reviewer roles are only available to Active Directory users or groups.
For more information, see User Roles.
-
-
In the Select accessible
products/folders tree, select the products or folders that the
user can access in the Product Directory structure.
Note:
You can restrict a user to a single managed product or allow access to the entire Product Directory. Assigning access to a folder allows users to access all of the sub-folders and managed products.
For more information, see Managed Product Access Control.
-
Specify the managed product/folder access rights for the
user account.
Note:
Access rights determine the actions that the user account can perform on managed products. Privileges granted to an account cannot exceed those of the grantor.
For more information, see Managed Product Access Control.
-
Click Finish.
The new user account appears on the User Accounts screen.