User Properties

The User properties dialog window is available for every user in the Server Manager. You can access the user properties either by double- or right-clicking a user in the Users area. 

Administrators can edit the users in the user properties dialog window. The following tabs are available here:

  • General
  • Account
  • Roles
  • Member of
  • Active Directory DS
  • Azure AD
  • Advanced

The content of each tab is explained below.

General

The General tab includes the following options:

  • Full name: Enter the user's first and last name here if different from the actual user name on the server. 
  • Email: Enter the user's email address.
  • Phone: Enter the user's phone number.
  • Department: Enter the user's department.
  • Description: Here you may add additional information about the user, if required.

Account

In the Account tab you can set the following:

Authentication

You can see here the different types of authentication available for the server users:

  • Password Depot credentials
  • On-Premises Active Directory
  • Azure Active Directory

If you select the authentication via Password Depot credentials, administrators have to define a specifc user name and password for each user. Afterwards, they have to share the data with their users. Users can or may change the password for the Enterprise Server login afterwards, if this option is enabled in the Server Manager. Please have a look at the following knowledge base article to learn about how to change the password:

How to change the password for the Enterprise Server login?

The On-Premises Active Directory authentication is the so called Integrated Windows Authentication (SSO). It requires a full Active Directory synchronization in the Server Manager so that the users can connect to the Enterprise Server using their Windows credentials. Find detailed information about the Active Directory Synchronization in the Server Manager here.

Using the Azure Active Directory authentication users will have to logon on the Enterprise Server with their Microsoft credentials. This authentication also requires a full Azure AD synchronization in the Server Manager prior to the login of a user. Azure AD users can only be added to the Server Manager through synchronization and not manually. Find detailed information about the Azure AD synchronization in the Server Manager here.

Two-Factor Authentication

  • Operation Mode: With this setting you can change the 2FA operation mode individually depending on the user's requirements (this setting was implemented in v17.0.5).

Account options

  • Account deactivated: If this box is checked, the user's account has been locked temporarily. This may occur if a user has reached the maximum failed login attempts allowed on the server. Uncheck the box to activate the account again and thus, enable the user affected to access and log on on the server again.
  • User may not change password: Check this box if you do not want to enable local users changing their password for login on the Enterprise Server. Please note that his option can only be used if a user is accessing Password Depot Enterprise Server via Password Depot credentials authentication. 
  • User must change password at next logon: Check this box if you want users to be forced changing their password for login on the Enterprise Server next time they want to connect. Changing the password will then be mandatory for the user at the next login in any case. Again, please note that his feature can only be activated for local users but not for Active Directory or Azure AD users that have been imported to the Server Manager.

Roles

With version 15, additional server roles were implemented. This way, you can assign specific server roles to single or multiple server users and thus, server administration can now be carried out by multiple users instead of having only one person being responsible for server configuration and administration. Users being assigned an additional server role can access both the Server Manager as well as the Enterprise Server using a client. The following server roles are available:

  • Server Administrator: This role grants full access to the server and Server Manager. In general, a server administrator has full access to all databases and entries. In addition to that, they can manage and configure the server and its settings by accessing the Server Manager.
  • Database Administrator: A Database Administrator can create new databases on the server and edit already existing ones. This server role enables a user, for example, to change a user's or groups' permissions for databases and entries.
  • Account Administrator: An Account Administrator can manage users and groups on the server and, in this context, also add new users and groups to the server, for example.
  • Active Directory Operator: An Active Directory Operator can perform Active Directory or Azure AD synchronization in the Server Manager. Please note: This server role requires additional server roles, that is, either Database or Account Administrator. If a user is an Active Directory Operator only, they will not be able to perform Active Directory or Azure AD synchronization in the Server Manager or change any other server settings.
  • Event Log Reader: An Event Log Reader can access the server's logs.

NOTE: Introducing different server roles in the Server Manager with version 15 did also have an impact on the super administrator's account: The latter is now only used for server administration in the Server Manager and thus, the super administrator can only login to the Server Manager but not to the Enterprise Server to access databases. In general, the super administrator's account is not a classic user account anymore and is therefore not a part of the total number of users available on the server.

Member of

You can check here, if the user selected is a group member of one or several server groups. In addition to that, you can add single users to new or other server groups , provided those groups are already available in the Server Manager. 

  • Add group: Click this button to add a user to a new or other group.
  • Delete: Select a group from the list and click Delete afterwards to remove the selected user from the corresponding group.

Active Directory DS

This tab contains all Active Directory attributes of a user who has been added to the Server Manager through Active Directory synchronization.

  • Logon Name: Displays a user's user name which is used for the domain login.
  • User Principal Name: The User Principal Name displays the name of the Active Directory system user in email format.
  • ADs Path: Displays a user's correct path in the Active Directory. 
  • Object GUID: Displays the ID of an Active Directory user which is generated automatically.

NOTE: The information displayed in the tabs called Azure AD or Active Directory DS is of importance only if Active Directory or Azure AD synchronization is performed in the Server Manager thus, enabling users to login to the server through Integrated Windows Authentication (SSO) or using their Azure AD access data. During synchronization the users' Active Directory or Azure AD attributes will be added to the Server Manager automatically. Therefore, please do not enter here any data manually but instead please let Password Depot Enterprise Server do so during the process of synchronization. 

Azure AD

This tab contains all Azure AD attributes of a user who has been added to the Server Manager through Azure AD synchronization.

  • User Principal Name: You can see here a user's User Principal Name if the user has been added to the Server Manager through Azure AD synchronization. 
  • Object ID: Every Azure AD user is assigned a specific object ID. A user's object ID is also displayed in the Server Manager once the Azure AD synchronization has been completed.
  • User Type: You can see here the user type of a user who was imported from Azure AD into the Server Manager. Azure Active Directory has two types of users: members and guests. Members belong to your own organization. A guest can be invited to your organization temporarily, for example if temporary collaboration is required. 

Advanced

The Advanced tab is divided into two parts:

  • WebSockets port for browser add-ons
  • IP address verification

Web Sockets port for browser add-ons

Here, administrators can define the web sockets port settings for the browser add-ons. You can choose between the following:

  1. Use global settings [25109]: If you select this option, by default all clients will use the port number 25109 to communicate with the browser add-on.
  2. Auto-generate unique port number: Activate this option if you want to automatically assign individual port numbers to every single user on the server. Users can then see their port number in the desktop client by going to Edit → Options → Browser.
  3. Use custom port number: Administrators can assign custom port numbers to their users and define specific port numbers themselves. In this case, users can also see the custom port number in the desktop client by going to Edit → Options → Browser.

IP address verification

Here, you can assign a user a fixed IP address. Every connection attempt of the same user with another IP address will then be rejected. This can increase security, but it also requires using static IP addresses.