Help desk trustees
A user can be designated as the help desk trustee, who can make requests on behalf of any team.
Help desk trustees have access to the following pre-defined requests:
Account: Offboard
Account: Onboard
Account: Update
System: Offboard
System: Onboard
System: Update
Team: Manage Group Membership
Team: Update
Team Vault: Archive
Team Vault: Create
Team Vault: Update
Vault Account: Archive
Vaulted File: Upload
Vault Account: Create
Vaulted File: Update
Vault Account: Update
PAMUtil: Create OTP API User
Help desk trustees can submit these requests, but the associated trustee must approve them. For example, a help desk trustee can submit a request to onboard an account for Team A, but the account trustees of Team A must authorize the request. Also, if a request made by the help desk trustee involves multiple teams, such as in the case where a system is migrated from Team A to Team B, the system trustees from Team A and Team B must authorize the request.
To define help desk trustees, users need to be added to the PAM_TRUSTEE_HELP_DESK user class:
Click Manage the system > Policies > User classes .
Select PAM_TRUSTEE_HELP_DESK.
Click the Explicit users tab.
Click Select .
Search and select a user.
Click Add.
This user can now log in and view the pre-defined requests.