In some Portal instances, users sign in using credentials that are authenticated by a federated identity server (e.g., Active Directory Federation Services).
When a user signs in using single sign-on credentials, the identity server sends user name, type and site information to Portal. A Portal user is then automatically created with the specified name, type and site. If an automatically-created user already exists in Portal for the user that signs in, the user is updated with information from the identity server.
As shown below, the name, status and role of an automatically-created user is read-only in Portal. This information can only be updated by the identity server. However, you can specify user settings, assign computers and vault settings, and perform other management tasks for these users.
Agent Registration passwords must be specified for Admin and regular users who sign in to Portal. These passwords allow the users to register Agents to Portal, but do not affect users’ sign-in passwords. See Change your Agent Registration password.
Information for an automatically-created user in Portal is not always consistent with information in the federated identity server. For example, if a user is deleted from Active Directory, the corresponding user is not automatically deleted from Portal. An automatically-created user can be deleted manually from Portal, however.
For information about setting up Portal single sign-on, see the Portal Installation and Configuration Guide.