Configuring Local ITM On-Prem (ObserveIT) Identification Users

After creating Forced-Identification users, you must configure an authentication target. This authentication target can be one or more Active Directory Identification targets (or domains) or Local ITM On-Prem (ObserveIT) Identification Users.

When no central Active Directory is available against which ITM On-Prem (ObserveIT) Identification services can authenticate, you will need to use local ITM On-Prem (ObserveIT) targets for user authentication.

This feature does NOT create any actual local users. It just configures ITM On-Prem (ObserveIT) to check if the credentials of a Forced-Identification user at log on match those of any Local ITM On-Prem (ObserveIT) User.

This topic describes how to configure the local ITM On-Prem (ObserveIT) targets against which the users will authenticate. (It also describes how to delete local ITM On-Prem (ObserveIT) users.)

To configure Local ITM On-Prem (ObserveIT) Identification users

1. Navigate to the Configuration > Security & Privacy > Identification page.

2. In the Local ObserveIT Identification Users section, click Create.

   

   The Add Operator window opens.

3. Type the user name, the required password, and confirm the password. You MUST enter a password.

   The user name and password are created locally inside the ITM On-Prem (ObserveIT) Database, and are not matched against any external source. When a Forced-Identification user logs on to any ObserveIT-monitored server, they must enter this user name and password for secondary authentication in the ITM On-Prem (ObserveIT) Windows log on screen/Unix prompts. For further details, see Configuring ITM On-Prem (ObserveIT) Identification Services.

   

4. Click Add.

5. Repeat steps 2 and 3 for each user that you want to add.

   The new Local ITM On-Prem (ObserveIT) users are displayed in the Local ObserveIT Identification Users section.

   

   Local ITM On-Prem (ObserveIT) users cannot be modified. If you need to change the user's password or log on name, you must first delete the user, and re-create it.

   After configuring the users, whenever a Forced-Identification users logs on to a monitored server, they will be able to use the user name and password credentials that were configured for this Local ITM On-Prem (ObserveIT) Identification User for secondary authentication.

   In addition, the ITM On-Prem (ObserveIT) administrator or security auditor will be able to see exactly who used the Administrator's built-in account by looking at the Endpoint Diary, User Diary, Search, or Reports page.

   

Deleting Local ITM On-Prem (ObserveIT) Users

Deleting a Local ITM On-Prem (ObserveIT) user does not have any effect on the actual user object, either in Active Directory or on the Windows Local Users. However, if this user is still listed in the Forced-Identification Users section and configured in one or more Server Policies, then since it will not be able to authenticate against any available Local ITM On-Prem (ObserveIT) user, that user will NOT be able to log on to the ObserveIT-monitored server. Therefore, use caution before deleting Local ITM On-Prem (ObserveIT) users.

To delete a Local ITM On-Prem (ObserveIT) user from the list

1. Navigate to the Configuration > Security & Privacy > Identification page.

2. In the Local ObserveIT Identification Users section, click the relevant Delete link of the user that you want to delete.

   

   A window opens, warning that you are about to delete a Local ITM On-Prem (ObserveIT) Identification user.

3. Click OK to delete the user.