Skip to main content

Help desk trustees

A user can be designated as the help desk trustee, who can make requests on behalf of any team.

Help desk trustees have access to the following pre-defined requests:

  • Account: Offboard

  • Account: Onboard

  • Account: Update

  • System: Offboard

  • System: Onboard

  • System: Update

  • Team: Manage Group Membership

  • Team: Update

  • Team Vault: Archive

  • Team Vault: Create

  • Team Vault: Update

  • Vault Account: Archive

  • Vaulted File: Upload

  • Vault Account: Create

  • Vaulted File: Update

  • Vault Account: Update

  • PAMUtil: Create OTP API User

Help desk trustees can submit these requests, but the associated trustee must approve them. For example, a help desk trustee can submit a request to onboard an account for Team A, but the account trustees of Team A must authorize the request. Also, if a request made by the help desk trustee involves multiple teams, such as in the case where a system is migrated from Team A to Team B, the system trustees from Team A and Team B must authorize the request.

To define help desk trustees, users need to be added to the PAM_TRUSTEE_HELP_DESK user class:

  1. Click Manage the system > Policies > User classes .

  2. Select PAM_TRUSTEE_HELP_DESK.

  3. Click the Explicit users tab.

  4. Click Select .

  5. Search and select a user.

  6. Click Add.

This user can now log in and view the pre-defined requests.