ManageEngine named a Challenger in the 2023 Gartner ® Magic Quadrant ™ for Privileged Access Management

Read full report.

Access Manager Plus » Features » User management

The need for a central console for user management

Enterprises today depend on a range of user directories to manage users. For example, Active Directory (AD) is the main user directory in a Windows-dominated network, and Lightweight Directory Access Protocol (LDAP) is mostly preferred for Linux systems. Apart from the primary directories, there might also be an internal directory or other types of user directories in place to manage diverse user accounts. Employing multiple directories not only makes user administration difficult but also increases management overhead.

Access Manager Plus’ built-in user management module

Access Manager Plus enables administrators to seamlessly integrate users and facilitate their authentication, authorization, and access—all from a single point of control. Access Manager Plus’ user management module:

  • Helps administrators limit access to critical enterprise systems to authorized users.
  • Provides insights into the assignment and distribution of user-based licenses so administrators can use licenses more effectively.
  • Enables administrators to log users out of the application automatically after a specified period of inactivity, modify their configured settings, and lock or delete them permanently.
  • Facilitates the transfer of resource ownership when an employee leaves the organization or moves to another team within the organization.
  • Helps monitor user access and address violations of defined policies.

Onboard, authenticate, and authorize users

Administrators can either add users to Access Manager Plus manually or import them from CSVs, TXT files, or user directories.

Adding a user manually in Access Manager Plus
Adding a user manually

 

Leveraging the directory setup saves a substantial amount of time in the onboarding process by enabling quick user import and authentication. The user database in Access Manager Plus constantly synchronizes with the directory and is automatically updated whenever users are added to or removed from it.

import users from LDAP in Access Manager Plus
Importing users from LDAP

 

Access Manager Plus helps organizations adopt a well-defined two-factor authentication architecture by integrating with various tools available in the market for primary and secondary factors of authentication.

After defining the authentication mechanism for users, administrators can authorize them by defining their access scopes or privileges, thereby granting or denying them permission to access a resource.

Replicate user groups from directories or create custom user groups

Integrating Access Manager Plus with AD, LDAP, or Azure AD helps with importing user groups directly from the directory with the same hierarchical structure. Administrators can also combine users into custom user groups based on the resources they can access; their role, permissions, team, or department; or other functionalities. With user groups, administrators can quickly set preferences and assign functions for users in bulk.

Assign default or custom roles for users

With the rising number of IT assets and applications available to users at their fingertips, it’s increasingly important for administrators to define role-based controls for users and provision access to various IT resources based on need. Apart from the two predefined user roles, i.e., Administrator and Standard User, Access Manager Plus enables administrators to create custom roles from scratch, specifying the desired permissions for each role, and then assign them to users or user groups.

Adding a custom role in Access Manager Plus
Adding a custom role