Manage domain administrative accounts

This topic describes how to store Active Directory domain administrative accounts so that an administrator can log in to the Identity Administration portal and synchronize user data from a specific system (for example, Workday) to Active Directory. The stored accounts can be any user or service account that has domain or enterprise administrator permissions.


You must meet the following requirements before you can store domain administrative accounts on CyberArk Identity:

Store domain administrative accounts

Store domain administrative accounts so these accounts can be used to perform high-privilege operations.

To store domain administrative accounts:

  1. Log in to the Identity Administration portal.
  2. Click Settings > Users > Administrative Accounts.

    The Administrative Accounts page shows the Active Directory domains.

  3. Select the domain that contains the account you want stored.

    Only domains associated with an active CyberArk Identity Connector are displayed. The Actions drop-down list becomes available after you select a domain.

  4. Select Set Administrative Account from the Actions drop-down list.

  5. Select the source of the account.

  6. Click Select next to the Account text box to search for and select the relevant account, then click Add to add the account.

    The relevant account is displayed in the Administrative Account column.