Some Vaults belong to domains with other Vaults. If you have Domain Admin checkbox set on your User record, you’ll see the Domain Users page in addition to the Vault Users page when you navigate to Admin > Users & Groups. From the Domain Users page, you can filter the user list to see only members of specific Vaults, cross-domain users, or all users, including the current domain and cross-domains. You only have access to Vaults where you have the correct permissions.
Note: This article explains additional user management options for users with Domain Admin access. To learn about options that are available for Admins without Domain Admin access, see Creating & Managing Users.
Permissions & Settings for Domain User Management
The following settings govern whether you can access the Domain Users page and manage users across Vaults:
- For every Vault, you must have a security profile with a permission set that grants the Admin: Users: Create, Edit permissions.
- Your user profile must have the Domain Admin checkbox enabled.
How to Grant Domain Admin Access
Only users who already have the Domain Admin setting can give access to another user. You can enable this setting for any user, but only users with the correct permissions on all Vaults will have access to all options.
To grant Domain Admin access:
- Navigate to Admin > Users & Groups > Vault Users.
- Click the user’s name to open the user details page.
- Click Details or scroll down to the Details section.
- Click Edit.
- Select the Domain Admin checkbox.
- Click Save.
The Domain Admin setting and permissions allow access to all Vaults in a multi-Vault domain. This access should be limited to only the users who need it.
How to Import Users from Other Vaults
If your domain includes multiple Vaults, you can import users that already belong to another Vault on the domain. To import users:
- From the Domain Users page, select the users you wish to add.
- Choose Add Selected Users to Vaults from the Actions menu.
- The Add Selected Users to Vaults dialog opens, showing all Vaults that exist on the domain. Select the Vaults to which you wish to add the selected users.
- Click Add.
- Select a License Type and Security Profile for each Vault. Vault assigns the same license type and security profile to all users selected for import.
- Click Save.
About the Domain User Details Page
When you click a user’s name from the Domain Users page, Vault opens the Domain User details page. The Domain User details page is read-only except for Vault membership assignments across Vaults.
You can edit users assigned to the current Vault from Admin > Users & Groups > Vault Users. You can also edit users not assigned to the current Vault from the Admin > Users & Groups > Vault Users page in any Vault where the user is assigned.
How to Add Vault Memberships for Domain Users
As a user with Domain Admin access, you can edit the Vault Memberships section of the Domain User details page. This section lists each Vault to which the user belongs, as well as the user’s security profile and license type for that Vault, as long as you have access to that Vault.
To add a user to a Vault:
- Navigate to the Vault Memberships section of the Domain User details page.
- Click Add.
- The Add User to Vaults dialog opens, showing all Vaults to which you have access and the user has no membership. Select up to 25 Vaults to which to add the selected user.
- Click Add.
- On the Vault Memberships page, select the desired license type and security profile for each membership. In cases where you are not authorized to edit a membership, these fields are read-only. You can never assign a security profile that includes permissions that you do not have.
- Click Save.
How to Edit Vault Memberships for Domain Users
To edit the license type, security profile, or status assigned to a user, click the desired field within the Vault Memberships section. Additional fields may be editable based on your Vault’s configuration. From the dropdown, make a selection. In cases where you are not authorized to edit a membership, these fields are read-only. You can never assign a security profile that includes permissions that you do not have.
System-owned users are read-only and cannot be edited from any page.
How to Export Memberships for Domain Users
In the Vault Memberships section of the Domain User details page, you can export all memberships belonging to the specific user. Click Export Memberships to export information on each Vault membership in CSV format.
How to Change User Status for the Domain
To change a user’s status for the entire domain, click the user’s name on the Domain Users page. From the Domain User detail page, select Change Domain Status to Active/Inactive from the Actions menu.
When you use this action to change a user’s domain status, you need to refresh the page before the updated status appears in the Vault Memberships section. You can also click the Edit button in Vault Membership to see the updated status.
A user may be Inactive in all Vaults, but still have a Domain Status of Active. If the Domain Status is Inactive, the user cannot be Active in any Vaults.