Privileged Access Service creates a default Centrify Directory administrator account when your organization signed up. The login name of the default account is based on the work email account entered in the Privileged Access Service sign-up form. Typically, the login name to the default Privileged Access Service account uses the following format: "admin_<username>@<emailsuffix>" (where username@emailsuffix is the email address of the account used to register for the service). For example, if the email account is email@example.com, the default Privileged Access Service account is firstname.lastname@example.org. Legacy tenants may likely use a default admin name of cloudadmin@<emailsuffix>.
If the email suffix in the email account is already in use by another Privileged Access Service customer, a number is appended to the login suffix. The login suffix is that part of the full account name following “@” -- “acme.com” in this example. For example, if “acme.com” is already in use, the default Privileged Access Service administrator account would be email@example.com (or another number).
The account name is provided in the email you received after you signed up. You use this account to log in to Privileged Access Service. This account is automatically added to the sysadmin role, giving you full administrator permissions in the Privileged Access Service.
Updating the default administrator account is the same as updating any account. You typically update this default account because the person who registered the tenant has left your organization. It is important to ensure the default administrator account name has a unique value and does not match any Active Directory or LDAP user account. This account is critical for troubleshooting when Active Directory login is unavailable. You can use an email address for the account that does match a local directory user.
For account recovery purposes, we recommend that you keep the account username and password in a safe location and to ensure account self-service options for password recovery are enabled. See How to configure user self-service options.
- Log in to Admin Portal.
- Click Users and select the default user account.
Update the relevant fields, for example the email address and login name.
The email address of the account can be used for account recovery and to satisfy MFA challenges.
For account recovery and lockout assistance when self-service options are not available, please contact Centrify Support.