Deactivating all local users (Advanced) - Security Center 5.11

Security Center Hardening Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2023-03-13

When using third-party authentication for Security Center users, we recommend deactivating all local user accounts to ensure every account follows the same authentication policies. This includes the default Admin account.

External identity providers can impose advanced authentication requirements, like the use of smartcards or Multi-Factor Authentication (MFA), to increase confidence that a user is who they say they are. After setting up third-party authentication, keeping local Security Center users active weakens the overall security of your system because local users do not follow the same authentication policies as those authenticated by the identity provider. Additionally, these separately managed accounts increase the attack surface of Security Center.

For more information, see Deactivating user profiles.