Where you update user account information depends on the account source.
For Active Directory accounts, you must use Active Directory Users and Computers to update the account information. The update information is updated in Privileged Access Service according to the Active Directory user verification interval you set in the connector .
For other LDAP services and G-Suite accounts, you must use the relevant tool or GUI to update the account information.
For Centrify Directory accounts, you use Admin Portal to update the account information.You must be a member of the sysadmin role or any Privileged Access Service role that has the User Management administrative right to create, delete, and modify Centrify Directory accounts.
- Log in to Admin Portal
Click Users > relevant user.
Update the information on the Account page as needed.
Refer to the following table for more information about the fields you can change.
Option Does this
The login name the used to log in to the tenant. Users log in with <Login Name>@<Suffix>.
The login suffix identifies the ID repository containing the user account when the user logs in to the portals or enrolls a device. Be careful if you change the user’s login suffix because this affects their role memberships and policies.
See How to use login suffixes for more information about login suffixes.
The name visible to users once they are logged in to the tenant.
Locks the account.
Set this field to prevent the user from launching Centrify services. This setting can either be manually enabled or enabled automatically through policy. To configure the policy, navigate to Policies > Policy Set > User Security Policies > Password Settings > Maximum consecutive bad password attempts allowed within window and select desired attempts. The best practice is to set the policy to a level below your directory service threshold. When locked, users are prevented further access to Centrify services but are not locked out entirely in their directory service.
Password never expires
Overrides the default “Maximum password age” policy setting. Regardless of the “Maximum password age” setting, the password for this account never expires.
The default maximum password age for user service accounts is 365 days. You use the Account Security Policies > Password Settings > Maximum password age policy on the Policies tab in Admin Portal to reset this value.
Note: This setting and the “Require password change at next login” setting are interdependent. If you select one, the other is reset.
Require password change at next login (recommended)
Forces users to create a new password the next time they log in.
The user is subject to any password reset policy controls and settings you have enabled (see Applications).
This setting is reset as soon as the user logs in and creates a new password.
Note: This setting and the “Password never expires” setting are interdependent. If you select one, the other is reset.
Is Service User
Select this option for users who should NOT belong to the Everybody role. For example, you might select this option for contract or temporary users. See Predefined roles for more information.
Is OAuth confidential client
Select this option for users representing web applications with the Client ID Type set to Confidential. See the Centrifydeveloper docs for more information.
Send email invite for Admin Portal setup
Select this option to send new users an email invite to log in to the Admin Portal.
Send SMS invite for device enrollment
Select this option to send an SMS invite to users to enroll their device (for example, their phone).
Updates user profile information such as Mobile Number, User Photo, etc. If you have users who will be registering devices or you are using mobile devices as a form of multi-factor authentication, be sure to put the device’s phone number in the Mobile Number field.
Redirect multi factor authentication to a different user account
Users who have multiple accounts can redirect their Mobile Authenticator notifications to another user account. See Using Mobile Authenticator Redirect for more information.
Updates the user reporting structure. Specifying a user's manager has implications for access requests. See Managing application access requests for more information.
- Click Save.
User management commands
To view or change user management commands, see User Management commands