Assign domain users or groups to System Administrator role

Skip this section if you have done it as part of another tutorial.

It is a best practice to secure your default administrator account by using your own personal account to administer CyberArk Identity. Assigning domain users or groups to the System Administrator role allows you to log in to CyberArk Identity with domain credentials. This also allows you to centrally manage CyberArk administrator access through Active Directory. If you do not have Active Directory, you can add users from LDAP, Google Workspace, or create users in the CyberArk Directory.

To assign domain users or groups to role

  1. Log in to the Identity Administration portal using the credentials provided in your welcome email.
  2. Click Core Services > Roles.
  3. Click the System Administrator role.
  4. Click Members > Add button.
  5. Search for the relevant domain user(s) and/or group(s) you want to grant administrative rights to the Identity Administration portal.

    The domain user should NOT match your Active Directory user name.

    Distribution groups and local groups display in the filter; however, only security groups are supported.

  6. Click Add.

    The Add Members page closes.

  7. Click Save.

    You can now log in with your domain credentials to the Identity Administration portal.