External user accounts

This topic describes how to manage external user accounts and groups.

Modify external user accounts

After External User Accounts and Groups have been created in the Vault, you can view their properties and modify some of them in the External User Account in the Vault.

Set up PKI authentication when the certificate subject names are different from the Active Directory DNs

If a user's Distinguished Name (DN) in the Active Directory does not match the Subject in their PKI certificate, their user will not be identified and they will not be able to log onto the Vault. However, if at least one element of the DN matches the certificate subject, you can configure the Vault to identify LDAP users according to that specific element.

Change the external user’s certificate

If the certificates that can be used to enable PKI authentication to the Vault are in the external directory, you can change the certificate that is specified in the External User’s Account.

Modify LDAP groups’ properties

After LDAP groups have been created in the Vault, their Safe Ownership properties can be altered.