The Accounts tab gives system administrators an interface for managing the users of the system. An administrator can search for a user and disable the entire account, or disable individual devices that have been connected and authenticated as a particular user. Administrators can also define the list of unmanaged users.
|Name||The user's name (coming from their Active Directory user object).|
|This is the email address that is associated with the Smartcrypt account for the user. The email addresses for users are entered when allowing and denying access to Smartkeys.|
|UPN Mode||If you have user accounts stored in multiple Active Directory forests, UPN Mode allows admins to allow users to login to Smartcrypt with User Principal Names. Users will need to authenticate with the proper credentials for each Active Directory user to access each of the correlated Smartcrypt Identities.|
|Allow||The allow flag is the status of the account for the user. If a user's account has been compromised, an administrator can kill access to the account and all the devices the account is logged in on from this field.|
Managed versus unmanaged users
Smartcrypt supports two types of users: Managed and Unmanaged. From the Smartcrypt user's perspective, it does not matter much whether they are managed or not. For administrators, there is an important difference to point out.
An unmanaged user is also a "Zero Knowledge User" in the system. What this means is that Smartcrypt Enterprise Manager (SEM) cannot access or unlock any of the Smartkeys this type of account generates. In addition, if an unmanaged user loses or forgets their password, SEM cannot recover this type of account, because it cannot decrypt any of the content (including the unmanaged user's encrypted password stored in SEM).
Setting up an unmanaged user
- To define a group or list of users who are eligible to become unmanaged users, an administrator needs to enter the Active Directory group, or user entry in the text box labeled Unmanaged Users/Groups.
Note: An unmanaged user still needs to exist in Active Directory.
- After a user is defined in the unmanaged user group, the user can change their password through the Smartcrypt client. This dialog is available when looking at the account information from the right click menu in the system tray. Click Change to start the process.
- This will create a separate "unmanaged" credential different from their credentials being used in Active Directory.
- After a user is unmanaged, the user will need to keep their own credentials secure. There is no recovery for a lost unmanaged credential.