Skip to main content

KYDSO

Defining a new privileged account type

A privileged account is an account that has special access rights, e.g. administrator account.

You must first define a privileged account that you want to manage in KYDSO as a separate account type.

In the Order menu, select whether you need the third-party system account for yourself or for another person.

The wizard for the selected action starts and guides you through the process.

  1. Framework data

    The values Customer Costcenter and Customer Location must be entered in the Costcenter and Location fields, otherwise the privileged account type cannot be ordered.

  2. Article selection

    Search for the article Privileged account and select it.

    You can define several privileged accounts at the same time by clicking Select article again until the desired number of privileged accounts is in the article list.

  3. If additional data is required, this will be requested.

    The following data must be entered:

    • Name of the privileged account type in German and English (e.g. Administrator-Konto/Administrator account).

      Assign a name with which users of the web application can uniquely identify the privileged account type.

    • Target container in which new privileged accounts are created

      System default: CN=Users

      You can change the target container if required: Changing the target container

    • Generation rule with which the sAMAccountName is created for new privileged accounts

      It is mandatory to enter a prefix for Variant 1 and a prefix or suffix for Variant 2, otherwise the order will be canceled.

      More information on the generation rule and how you can change it if necessary can be found here: Generation of the sAMAccountName for privileged accounts

    • Generation rule with which the User Principal Name (UPN) is created for new privileged accounts

      System default: Use sAMAccountName

      You can find more information about the generation rule and how you can change it if necessary here: Generation of the User Principal Name

    The other fields are optional and you cannot edit the description afterwards.

  4. In the last step, check your entries again and trigger the order.

After the order has been completed, you can order the privileged account type for employees in KYDSO: Ordering a privileged account for employees

In this section: