What distinguishes Locally Managed Users/Groups from Transparently Managed Users/Groups?

Locally Managed Users/Groups are distinguished by the fact that they are created directly within the Vault itself. This means that all account management, including user creation, modification, and deletion, is handled internally in CyberArk's Vault environment. This leads to a more controlled and secure management approach, as all user credentials and permissions are stored and monitored within the CyberArk system.

On the other hand, Transparently Managed Users/Groups are typically linked to external directories, such as Active Directory. They are not created or managed within the Vault; instead, their credentials are referenced from these external sources. This allows for seamless integration with existing identity management systems but means that the Vault does not directly manage these user credentials.

This distinction is crucial for organizations that require comprehensive auditing and control over their privileged accounts. Understanding how these user types are managed helps administrators implement appropriate security practices and access control measures within CyberArk's Privileged Access Security framework.