Fortanix Data Security Manager - Sysadmin - Delete Users and Accounts

Introduction

This guide describes how a Fortanix Data Security Manager (DSM) System Administrator can clean up users and accounts when the users leave an organization.

Disable and Delete Accounts

Before deleting a user, you have to first check that the user does not belong to any active accounts. If the user belongs to an active account, first delete the account. To delete the account, you should first disable the account and then delete it.

Disable Account

When an account is disabled, it will go into a waiting period before it can be deleted. This is to ensure that an account is not deleted by error. The wait period duration for account deletion in Fortanix DSM is 7 days. This cannot be configured.

WARNING
When an account is disabled, all the access, crypto operations, and sessions will instantaneously stop for that account.

To disable an account:

  1. Go to the Accounts page.
  2. Select the check box for the account to be disabled and click DISABLE to disable the account. Sysadmin_disable.pngFigure 1: Disable account
  3. Once the account is disabled, see the Comments column in the Accounts table. Notice that there is a waiting period displayed until which the account can be enabled. Sysadmin_disable2.pngFigure 2: Wait period for enabling account
  4. If you want to enable the account, click the Disabled only check box on the top of the Accounts page. This will filter all the disabled accounts. Sysadmin_disable1.pngFigure 3: Disabled accounts
  5. Select the check box for the account that is disabled and click ENABLE on top to enable the account. Sysadmin_enableAccount.pngFigure 4: Enable the account

Delete the Account

When the waiting period has been completed to re-enabling the account, the sysadmin can delete the account. To delete an account:

  1. Go to the detailed view of a disabled account.
  2. If the waiting period is still valid, then you will see a message that shows how many days are remaining to delete the account. Sysadmin_enableAccount.pngFigure 5: Waiting period to delete an account
  3. When the waiting period has passed, the DELETE ACCOUNT button will be enabled.
  4. Click DELETE ACCOUNT to delete the account. Sysadmin_deleteAccount2.pngFigure 6: Delete account
  5. In the DELETE ACCOUNT window, click DELETE to confirm the account deletion. ConfirmDeleteAccount.png
                     Figure 7: Enter Sysadmin password
    NOTE
    When you delete an account, the action is irreversible.

Disable and Delete Users

Disable System Administrators/Operators

When a System Administrator/Operator is disabled, all the sysadmin access will be instantaneously terminated for that user, and they will no longer be able to select the System Administrator account after login. To disable a sysadmin/operator:

  1. On the System Administration page, click the USERS tab.
  2. Select the check box for the sysadmin/operator to be disabled and click the Disable button. Sysadmin_disableuser.pngFigure 8: Disable user
  3. To enable the user, select the check box for the disabled user and click ENABLE on top to enable the user. Sysadmin_enableUser.pngFigure 9: Enable the account

Remove the User as Administrator/Operator

To remove a user from the Fortanix DSM System Administrator or Operator role:

  1. Select the check box for a user to be removed as sysadmin or operator and click the REMOVE SELECTED button on top. Sysadmin_removeUser.pngFigure 10: Remove user
    The user is now removed from the SYSTEM ADMINISTRATORS tab and will lose the sysadmin/operator privileges.

Delete the User

When a user is not a part of any Fortanix DSM accounts, you can delete them. To delete a user:

  1. Go to the USERS tab on the Users page. Select the user to be deleted.
  2. In the detailed view of a user, click DELETE USER to delete the user. Sysadmin_removeUser1.pngFigure 11: Delete the user
  3. In the Delete User confirmation dialog, click DELETE to confirm the deletion. Sysadmin_removeUser1.pngFigure 12: Confirm delete

Edit the System Administrator/Operator Role

Sometimes there might be a need to switch a user’s role from System Administrator to Operator or vice versa. To edit a user role:

  1. On the USERS page, select the SYSTEM ADMINISTRATORS
  2. From the list of system administrators/Operators, hover on a user and click the Edit icon Edit.png at the end of the row. Sysadmin_editUser.pngFigure 13: Change the sysadmin role
  3. In the Role column, click the drop-down for the user and change the role to Operator or Administrator. Sysadmin_editUser1.pngFigure 14: Edit user role

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful