Fortanix Data Security Manager - Sysadmin - Delete Users and Accounts

Prev Next

1.0 Introduction

This article describes how a Fortanix-Data-Security-Manager (DSM) system administrator can clean up users and accounts when the users leave an organization.

2.0 Disable and Delete Accounts

Before deleting a user, verify that the user is not associated with any active Fortanix DSM accounts. If the user belongs to an active account, disable the account first and then delete it. Once the account is removed, you can proceed to delete the user.

2.1 Disable Account

When you disable an account, Fortanix DSM enforces a mandatory 7-day waiting period before it can be deleted. This delay helps prevent accidental deletions. The waiting period is fixed and cannot be modified.

WARNING

When an account is disabled, all access, cryptographic operations, and sessions will instantaneously stop for that account.

Perform the following steps to disable an account:

  1. Navigate to the System Administration → Accounts menu item.

    Figure 1: Account page

  2. Select the check box next to the account that you want to disable, then click DISABLE from the top action bar.

    Figure 2: Disable account

  3. On the Disable account confirmation dialog box, click SAVE to confirm the action.

    After the account is disabled, check the COMMENTS column in the Accounts table to view the waiting period during which the account can be re-enabled.

    Figure 3: Wait period for enabling account

  4. You can enable a disabled account using one of the following two methods :

    1. Click the overflow menu next to the account and select ENABLE from the menu.

      Figure 4: Enable account using menu

    2. Select the check box next to the disabled account and click ENABLE from the top action bar.

      Figure 5: Enable account using top bar

2.2 Delete the Account

The system administrator can permanently delete a disabled Fortanix DSM account once the waiting period for re-enabling it has passed.

Perform the following steps to delete an account:

  1. Go to the detailed view of the disabled account.

  2. If the waiting period is still active, a message is displayed at the end of the screen showing the remaining number of days before the account can be deleted. When the waiting period passes, the DELETE ACCOUNT button is enabled.

    Figure 6: Waiting period to delete an account

  3. Click DELETE ACCOUNT to delete the account.

    Figure 7: Delete account

  4. In the DELETE ACCOUNT confirmation dialog box, click DELETE to confirm the account deletion.

    NOTE

    When you delete an account, the action is irreversible.

3.0 Disable and Delete Users

This section describes how to disable, remove, or permanently delete users from Fortanix DSM.

3.1 Disable System Administrators/Operators

When a system administrator or system operator is disabled, all system administration access is immediately revoked for that user, and they will no longer be able to select the System Administration account after logging in.

Perform the following steps to disable a system administrator or an operator:

  1. Navigate to the System Administration → Users → SYSTEM ADMINISTRATORS tab.

    Figure 8: System administration tab

  2. You can disable a system administrator or operator using one of the following two methods :

    1. Select the check box next to the system administrator or operator that you want to disable, then click DISABLE from the top action bar.

      Figure 9: Disable user using top bar

    2. Disable the toggle button associated with the user to disable the user.

      Figure 10: Disable user using toggle button

  3. On the Disable user confirmation dialog box, click DISABLE to confirm the action.

  4. You can enable a disabled user using one of the following two ways:

    1. Enable the toggle button associated with the user to enable the user.

      Figure 11: Enable user using toggle button

    2. Select the check box next to the disabled user and click ENABLE from the top action bar.

      Figure 12: Enable user using top bar

  5. On the Enable user confirmation dialog box, click ENABLE to confirm the action.

3.2 Remove the User as Administrator/Operator

Perform the following steps to remove a user from the Fortanix DSM system administrator or operator role:

  1. Select the check box next to the user to be removed as system administrator or operator and click the REMOVE SELECTED button.

    Figure 13: Remove user

  2. On the Remove user confirmation dialog box, click REMOVE to confirm the action.

The user is now removed from the SYSTEM ADMINISTRATORS tab and no longer has system administrator or operator privileges.

3.3 Delete the User

You can delete a user when they are not associated with any Fortanix DSM accounts.

Perform the following steps to delete a user:

  1. Navigate to the System Administration → Users → USERS tab.

    Figure 14: Users tab

  2. Go to the detailed view of a user that you want to delete and click DELETE USER to delete the user.

    Figure 15: Delete the user

  3. In the Delete user confirmation dialog box, click DELETE to confirm the deletion.

4.0 Edit the System Administrator/Operator Role

You may need to switch a user’s role between System Administrator and Operator as required.

Perform the following steps to edit a user role:

  1. On the USERS page, select the SYSTEM ADMINISTRATORS tab.

  2. Go to the detailed view of the user whose role you want to update, and hover over the user's name. Click the Edit button.

    Figure 16: Edit user roles

  3. In the Choose Role drop down menu, select the required option to change the role to Administrator or Operator. You can also delete a user using the Remove user option.

    Figure 17: Edit Users roles menu