Managing local identities directly in Trust Protection Platform
Like the external identity counterparts, local identities are included in a directory that is isolated from other directories containing identities from other data sources.
Even if you are using an external authentication method for the majority of your work in Trust Protection Platform, you will need to log in using your local identity to perform some system maintenance tasks including upgrading to a newer version of Trust Protection Platform.
A note about identity security across multiple directories
Groups of identities in Trust Protection Platform are maintained as closed systems called directories. Local users are in one directory, and each external data source is a separate directory. As a rule, users can only see other users within their own directory. (However, you can allow users in an external directory to view users in the local directory.)
This means that local users can only see local users and groups. If you have a single Active Directory connection, then when you are logged in via your AD account credentials, you can only see users and groups that are from that directory, or data source, but not any local users (unless configured) or any users from a different data source.
If you have multiple AD connections, you will only see users and groups that belong to the AD source connected to your account, as well as local users, if configured. This support for multiple external user directories enables you to effectively distribute system administration in environments that use multiple user directories without compromising the security of each directory.
For information about connecting external identities to see local identities, see Allowing AD and LDAP users to see teams and local users.
IMPORTANT You should not create Active Directory connections that overlap. In some cases, the provider cannot resolve the Trust Protection Platform user’s permissions assignment properly. An example of overlapping connections is Active Directory connection #1 includes domain Alpha which has a trust relationship with domain Bravo, and Active Directory connection #2 includes domain Charlie which also has a trust relationship with domain Bravo.