Overview
This guide explains how to configure a user sign-in through the alias identity of another user. Alias user sign-in enables admins to give access to resources and endpoints without sharing passwords or credentials between users. Alias access may be granted and revoked as needed to satisfy least-privileges access security principles. When configured properly, this simplifies identity and access management in a secure manner.
When a user signs in to a resource with an enabled alias user account, they are signed in as that alias user. A log is created that records the user who initiated the log in and who that user signed in on behalf of. For example, user@acme.com may sign in as admin@acme.com to a particular resource. A timestamped log will show that user@acme.com signed in to the resource as admin@acme.com.
NOTE: Alias users are a powerful feature that should be handled cautiously. Accidentally granting privileged access to the wrong user could result in potential security issues. It is recommended to periodically audit the alias user mappings to ensure least-privileges access principles are followed.
TABLE OF CONTENTS
Enable Alias Users
In the TraitWare console, navigate to Customer Settings in the bottom left of the page. Select Enable Alias Users.
Click Save Changes.
The Alias Users menu item is now visible and available for use.
Create Alias User
Navigate to the Alias Users menu in the TraitWare console. Click the blue button to add an alias user.
Name the alias mapping and select the Primary alias identity. This is the users others will log in as.
Click Submit.
Click on the newly created Mapping Name.
Click Manage Users to map users to the Primary User.
Select users that will be able to log in as the Primary User. When finished click Close.
The added users will be listed in the Shared Access list.
See the Alias User (User Perspective) documentation for examples of the alias user login experience.
Assign Web Application Access
Individual application access may be assigned to the alias user mapping. Any user with Shared Access will be able to log into the selected applications as the Primary user.
NOTE: The Primary user must already have the application permission turned on under the Primary user record for alias access to be granted.
Select the Approved Applications tab. To add applications, select Manage Applications
Select applications to grant access to the Shared Access users.
See the Alias User (User Perspective) documentation for examples of the alias user login experience.
Assign Windows Endpoint Access
Individual Windows endpoint access may be assigned to the alias user mapping. Any user with Shared Access will be able to log into the selected Windows endpoint as the Primary user.
NOTE: The Primary user must already have a Windows endpoint user registered with the Windows endpoint for alias access to be granted.
Select the Approved Endpoints tab. Select Manage Endpoints.
The endpoints available are listed. Click the Allowed toggle(s) to grant alias access to the Windows endpoint.
The toggle(s) will appear as active. Click Close when finished.
The selected Windows endpoint(s) will appear in the list of Allowed Endpoints.
See the Alias User (User Perspective) documentation for examples of the alias user login experience.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article