Adding a User Account

Use the User Accounts screen to create new user accounts for Control Manager administrators or to import users or groups from an integrated Active Directory structure.

Important:
  • Only the Root, Administrator, or Administrator and DLP Compliance Officer accounts can create new user accounts.

  • Importing users or groups from an Active Directory structure requires an integrated Active Directory structure.

    For more information, see Active Directory Integration.

  • Integrating an Active Directory structure allows Active Directory users or groups to log on to Control Manager by using the Log On with Domain Credentials button without having to provide their user names and passwords.

    For more information, see Accessing the Web Console.

  1. Go to Administration > Account Management > User Accounts.

    The User Accounts screen appears.

  2. Click Add.

    The User Accounts > Step 1: User Information screen appears.

  3. Select Enable this account to enable the account upon creation.
    Note:

    Control Manager cannot disable accounts for Active Directory users or groups. To disable an Active Directory account, you must disable the account from the Active Directory server.

    For more information, contact your Active Directory administrator.

  4. Select an account types.
    • To create a new Control Manager user account:

      1. Select Custom account.

      2. Configure the following required account information:

        Information

        Description

        User name

        Type the account name that the user provides to log on to the Control Manager web console.

        Full name

        Type the full name of the user.

        Password

        Type the password that the user provides to log on to the Control Manager web console.

        Note:

        Users can change their passwords on the My Account screen.

        For more information, see Viewing or Editing User Account Information.

        Confirm password

        Type the same password provided in the Password field.

        Email address

        Type the email address to which the user has notifications delivered.

        Note:
        • This field is required for Control Manager to send reports and event notifications by email or when Two-Factor Authentication is enabled.

        • You must also configure SMTP server settings in order for Two-Factor Authentication to work properly and for Control Manager to send reports and notifications by email.

          For more information, see Configuring SMTP Server Settings.

    • To import users or groups from an integrated Active Directory structure:

      1. Select Active Directory user or group.

      2. Search for Active Directory users or groups using the following:

        • User/Group name

          Note:
          • This field is required.

          • You can use an asterisk wildcard (*) to search using partial string matching.

            For example, typing "tom*" searches for all users or groups with names that start with "tom".

        • Base distinguished name

      3. Click Search.

        Active Directory accounts that match the specified criteria appear in the Search result list.

      4. Select Active Directory users or groups from the Search result list and click >.

        The selected Active Directory users or groups appear in the Selected users/groups list.

      Important:
      • Control Manager 7.0 requires you to manually synchronize Active Directory data before imported users or groups can log on to Control Manager using their Active Directory domain credentials.

        For more information, see Active Directory Integration:

      • You do not need to manually synchronize Active Directory data from an Active Directory structure migrated from Control Manager 6.0. Users and groups from the migrated Active Directory structure can log on to Control Manager as soon as the migration completes.

  5. Click Next.

    The User Accounts > Step 2: Access Control screen appears.

  6. Select a user role from the Select role drop-down.
    Note:
    • The access rights defined for a user role take precedence over the managed product/folder access rights that you configure for individual user accounts.

    • The DLP Compliance Officer and DLP Incident Reviewer roles are only available to Active Directory users or groups.

      For more information, see User Roles.

  7. In the Select accessible products/folders tree, select the products or folders that the user can access in the Product Directory structure.
    Note:

    You can restrict a user to a single managed product or allow access to the entire Product Directory. Assigning access to a folder allows users to access all of the sub-folders and managed products.

    For more information, see Managed Product Access Control.

  8. Specify the managed product/folder access rights for the user account.
    Note:

    Access rights determine the actions that the user account can perform on managed products. Privileges granted to an account cannot exceed those of the grantor.

    For more information, see Managed Product Access Control.

  9. Click Finish.

    The new user account appears on the User Accounts screen.