User management

As an EPM administrator, add users that will be working in the various areas of the application based on roles and responsibilities:

• Security administrators to look after policy
• IT administrators to look after configuration like SIEM integration or ServiceNow integration

For example, in an international corporate infrastructure, IT administrators might be assigned assets based on region. In this scenario, organize computers regionally in groups and the assign the IT administrator in that region to that group.

When creating accounts, consider the responsibilities of the user and use the role based access model of EPM to create groups and assign roles or permissions.

Roles and permissions

Starting in version 24.5, there are two ways to delegate access to EPM features:

• Use roles to assign permissions: Use builtin roles or create roles to assign permissions. A role is a group of permissions that can be assigned to one or more users.
• Customize permissions to delegate access: Assign the Standard user type to individually select permissions for a user.

Before creating user accounts

Before adding accounts, set up the following:

• All users that you want to add to EPM must exist in your authorization provider. Currently, Azure B2B and OpenID Connect are supported providers.
• Add a domain that can receive email notifications from EPM.

For Azure B2B, you must register an Azure tenant.