Account Groups: Add and Manage Account Groups

Vault

Account Groups

Shared Vault accounts can be added to an account group to allow Vault admins to grant users access to multiple shared Vault accounts more efficiently. Account groups can also be used to associate a group of shared Vault accounts to a group policy.

A shared Vault account can belong to only one group at a time and personal Vault accounts cannot be added to an account group.

Account Groups

Add, view, and manage account groups.

Add Account Group

Click Add to add an account group, add Vault accounts to the group, and grant users access to the group of shared Vault accounts.

Search Account Groups

Search for a specific account groups based on Name or Description.

Add Account Group

The Add Account Group option allows you to add account groups for the purpose of granting users access to multiple Vault accounts at once.

Name

Enter a name for the account group.

Description

Enter a brief and memorable description of the account group.

Group Policies

If the account group was added to any group policies, they are listed here, along with their Vault account roles.

Accounts

Source Account Group

Filter the list of accounts available to add to the group by selecting a group from the Source Account Group list.

Search Selected Account Group

Filter the list of accounts available to add to the group by searching for an account group. You can search by Name, Endpoint, and Description.

Accounts Not in a Group

List of Vault accounts available to add to the account group.

Add

Select accounts from the list of available groups, and then click Add to add them to the Accounts in This Group list.

Remove

Select accounts from the list of Accounts in This Group, and then click Remove to remove them from the account group.

Search This Account Group

Filter the list of Accounts in This Group by searching for an account group by Name, Endpoint, and Description.

Accounts in This Group

List of Vault accounts that exist in this account group.

Allowed Users

New User Name

Select users who are allowed to access this account.

New Member Role

Select the Vault account role for the new user, and then click Add. Users can be assigned one of two roles:

  • Inject (default value): Users with this role can use this account in Privileged Remote Access sessions.
  • Inject and Checkout: Users with this role can use this account in Privileged Remote Access sessions and can check out the account on /login. The Checkout permission has no affect on generic SSH accounts.

The Vault Account Role is visible in the list of users added to the Vault account.