01
Navigation
Access User Management in Secret Server
âē
Begin by navigating to the User Management section within the Secret Server administration console. You must have Administrator privileges to create new accounts.
Ensure you are logged in with an Administrator or User Administrator role. Regular users cannot create accounts.
đ Dashboard
đ Secrets
âī¸ Admin
đ Reports
Admin Panel â Select
User Management from the left-side menu under the Administration section.
- 1Log in to your Secret Server instance with admin credentials.
- 2Click
Adminin the top navigation bar. - 3In the left sidebar under Administration, select
User Management. - 4The User Management page will display all current users and groups.
02
Initiation
Click "+ Create User" to Begin
âē
On the User Management page, locate the button to create a new user. This opens the user creation form where you'll configure the vendor's local account.
User Management
Filter Users
+ Create User
- 1On the User Management page, locate the
+ Create Userbutton in the top-right area. - 2Click it â a new user creation dialog or page will open.
- 3You will see a form with fields for user details and directory selection.
03
Directory Selection
Select "Delinea Directory" as the Directory
âē
In the user creation form, the first critical step is selecting the correct directory. You must choose Delinea Directory to create a managed local account within Secret Server's built-in identity store.
Do not select Active Directory or LDAP for vendor accounts. Vendor local accounts must be created under Delinea Directory to ensure proper access controls and expiration policies.
New User â Directory Selection
* Directory
Delinea Directory
âŧ
đĸ Active Directory â corp.example.com
đ LDAP â ldap.example.com
â
Delinea Directory â Local Identity Store
âī¸ Azure AD â example.onmicrosoft.com
đ DIRECTORY OPTIONS â SELECT THE CORRECT ONE:
Active Directory â For domain-joined accounts (corp users)
LDAP â For existing directory service users
Delinea Directory â â Local Identity Store for vendor accounts
Azure AD â For cloud-only Microsoft identities
- 1Find the Directory dropdown at the top of the user creation form.
- 2Click the dropdown and scroll to find
Delinea Directory. - 3Select Delinea Directory â the form will update to show local account fields.
04
User Details
Enter Vendor User Information
âē
Fill in the vendor's identity details. Use a consistent naming convention for vendor accounts â many organizations use a prefix like vnd- or vendor- to clearly distinguish vendor accounts from internal users.
Use a naming convention such as
vnd-firstname.lastname or vendor-companyname to make vendor accounts easily identifiable in audit logs and reports.New User â Basic Information
Filled / Active
Empty
Required
* Username
vnd-john.smith
* Display Name
John Smith (Vendor)
* Email Address
j.smith@vendorco.com
Phone Number
Optional...
* Password
âĸâĸâĸâĸâĸâĸâĸâĸâĸâĸâĸâĸ
* Confirm Password
âĸâĸâĸâĸâĸâĸâĸâĸâĸâĸâĸâĸ
Company / Vendor Name
VendorCo Solutions Inc.
- 1Username: Enter a unique username following your naming convention (e.g.,
vnd-john.smith). - 2Display Name: Use the vendor's full name and optionally append
(Vendor)for clarity. - 3Email Address: Enter the vendor's corporate email â this is where the invite will be sent.
- 4Password: Set an initial password or enable "Require Password Change at Next Login."
05
â Critical Step
Set Account Type to "Vendor"
âē
This is the most critical step. You must set the Account Type (or User Type) field to Vendor. This classification enables vendor-specific policies, limited access scopes, and time-bound invitation workflows.
Selecting Vendor as the account type automatically applies your organization's vendor access policies, including session monitoring, expiration dates, and restricted secret access.
New User â Account Classification
* Account Type / User Type
đˇī¸ Vendor
âŧ
Account Status
â Enabled
đ¤ Internal User â Full employee account
đ¤ Service Account â Automated process account
â
Vendor â External / Third-party limited access account
đ Auditor â Read-only access account
Vendor account type selected â vendor access policies will be applied automatically.
If you do not see a Vendor option in the Account Type dropdown, contact your Secret Server administrator â the Vendor account type must be configured in the system settings before it appears as an option.
- 1Scroll to the Account Classification or User Type section of the form.
- 2Click the Account Type dropdown field.
- 3From the list, select
Vendorâ it may show as "Vendor" or "External Vendor." - 4Confirm the field shows Vendor and that the vendor policy notice appears below it.
06
Access Control
Configure Access Groups & Expiration
âē
Set access group membership and configure an account expiration date. Vendor accounts should always have a defined expiration â this enforces least-privilege access and ensures accounts are not left open indefinitely.
New User â Access & Expiration
Group Membership
Vendor-ReadOnly Ã
SecretViewer-Vendors Ã
+ Add group...
* Account Expiration Date
đ
2026-06-30
Require Password Change
â Yes â on first login
Access Restrictions
IP Restriction: None | MFA: Required
- 1Under Group Membership, add the vendor to relevant restricted groups (e.g.,
Vendor-ReadOnly,SecretViewer-Vendors). - 2Set an Account Expiration Date â best practice is the end of the vendor's contract or project timeline.
- 3Enable Require Password Change on first login to ensure the vendor sets their own secure password.
- 4Optionally configure MFA (Multifactor Authentication) â strongly recommended for vendor accounts.
- 5Set IP restrictions if the vendor will only connect from known IP ranges.
Security best practice: Vendor accounts should follow Least Privilege â only assign access to the secrets and folders the vendor specifically needs for their engagement.
07
Finalize
Save Account & Send Vendor Invite
âē
Review all details, save the account, and send the invite email to the vendor. The invitation email will contain login instructions and a link for the vendor to activate their account.
Review Summary
Directory
Delinea Directory
Username
vnd-john.smith
Email
j.smith@vendorco.com
Account Type
Vendor â
Expiration
2026-06-30
Groups
Vendor-ReadOnly, SecretViewer
Invite Options
â Send Welcome / Invite Email to vendor
â Require password set on first login
Cancel
đž Save User & Send Invite
- 1Review the summary panel â verify that Account Type = Vendor and the directory is Delinea Directory.
- 2Check the "Send Welcome / Invite Email" option is selected. This sends the vendor an email with login instructions.
- 3Click
Save User & Send Invite(orCreate Userdepending on your version). - 4Secret Server will create the account and send an activation email to the vendor's email address.
- 5The vendor will receive an email with a link to set their password and access the platform.
After saving, verify the new account appears in the User Management list with the Vendor type badge and the correct expiration date. The vendor invite email should arrive within a few minutes.