Skip to content

Administration of User Groups

Managing the users within their groups in Unified PAM is comprehensive in nature. You can configure the default user role for the users who are part of the group, configure the groups imported from directories to be continuous synchronization with their sources, and configure whether to fetch any subgroups of the domain group when importing or to ignore them.

Additionally, you can also select and assign specific MFA methods to the specific groups.

Configure Periodic Synchronization of Groups

You can keep the members of this group in synchronization with that of the AD. When new members get added to or removed from this group in AD, the changes get reflected here without requiring any manual intervention on your part.

Navigate to Groups >> Select the required group >> Members >> Schedule Sync section in the GUI to perform this step.

schedule group synchronization with ad in privileged access manager

You can either schedule the synchronization activity for a one-time run or create scheduled tasks to run periodically and ensure regular synchronization.

schedule ad group synchronization once in pam

For periodic synchronization, you can choose the start time, and set the synchronization interval of your choice.

schedule ad group sync periodically in pam

Once enabled, you can navigate to the Schedule Sync section as earlier to view the next planned schedule.

Group Settings

To set the Default Role in Securden for users who are part of the group, navigate to Group >> (Go to the required domain group) >> More Actions >> Group Settings.

Note: These settings are only available for domain groups. Any local group created manually will not have these options.

  1. Here, you can select the default role in Securden by choosing one from the drop-down.

select role of users in groups

  1. You can also choose whether to import subgroups or to skip them here.
  2. Once you have selected your preferences, click Save.

Configuring Multi-factor Authentication

Once the two-factor authentication methods are configured for the organization on the whole, you may select and assign specific methods for groups. The users who are part of the group will be allowed to authenticate using the configured methods.

To configure MFA at the group level, navigate to Groups >> (Select the required group) >> More Actions >> Configure 2FA.

configure mfa at the group level in pam

  1. Here, you can choose whether to enable or disable MFA for this group's members.
  2. Additionally, all the available 2FA methods are displayed as checkboxes. You may select the methods you want to assign to the selected group.

    select the required mfa methods

  3. Once you are done, click Save.