Add and Manage Vault Account Groups

Vault admins can use account groups to logically group credentials together, providing a quick and easy way to grant users access to multiple shared vault accounts at one time. Account groups can also be associated to a group policy, granting policy members access to that group of shared vault accounts.

A shared vault account can belong to only one group at a time and personal vault accounts cannot be added to an account group.

Add an Account Group

  1. From the /login interface, go to Vault > Account Groups.
  2. Click Add.

Add an Account Group

  1. Provide a Name and Description for the group.
  2. Under Accounts, select the accounts you wish to add to the group from the Accounts Not in a Group list.
  3. Click Add to move the accounts over to the Accounts in This Group list.

The None group is a system generated group that contains all user accounts that do not belong to an account group. The None group is selected by default. You can filter the list of available accounts to add to the group by selecting a group from the Source Account Group list or by using the Search Selected Account Group box to search by Name, Endpoint, and Description.

  1. In the Allowed Users section, add a user and select their vault role from the New Member Role dropdown, and then click Add.
  2. Click Save at the top of the page.

 

Add a Vault Account to an Account Group from the Accounts Page

  1. From the /login interface, go to Vault > Accounts.

Edit Vault Account

  1. From the Shared tab, select the account, click the ellipsis (...), and then select Edit.

 

Add Vault Account to an Account Group

  1. Select the group from the Account Group list, and then click Save at the top of the page.

 

Import a Discovered Account to an Account Group

  1. From the /login interface, go to Vault > Discovery.
  2. Scroll down to the Discovery Jobs section.

View Results for a Discovery Job

  1. Click View Results for the job.

 

  1. Select the Local Accounts or Domain Accounts tab as applicable.
  2. Check the box located next to the account to select it.
  3. Click Import Selected.

Import a Vault Account to an Account Group

  1. Select the group from the Account Group list.
  2. Click Start Import.

 

Add an Account Group to a Group Policy

  1. From the /login interface, go to Users & Security > Group Policies.
  2. Click Edit for the desired group policy.

Add Account Group to Group Policy

  1. Scroll down to the Memberships section.
  2. Check the Add Vault Account Group Memberships setting.
  3. Select the Account Group from the list.
  4. Select the Vault Account Role from the list.
  5. Click Add.
  6. Click Save at the top of the page.

 

Account Group - Group Policies Section

  1. The group policy and its vault account role are now displayed under the Group Policies section for the account group that was added to the policy.

 

Account Group - Allowed Users

  1. The members of the group policy are now added under Allowed Users for the account group.

If a user was granted access individually from the account group edit page and also through a group policy, the group policy access is overidden by the explicity granted individual access for this this user.