> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/pam-with-devolutions-cloud/providers/domain-user-provider.md).
# Domain user provider
The ***Domain user*** provider allows Devolutions Cloud to store the domain account credentials to be used for Active Directory account discovery and to achieve password rotation or password propagation.
### General
| SETTINGS | DESCRIPTION |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name** | Display name of the provider. |
| **Description** | Description of the provider. |
| **Domain name** | FQDN of the domain against where the scan or the password rotation will be executed. |
| **Protocol** | Protocol used to contact the domain controller. Select between:
|
| **Port** | Set the port number used with the configured protocol. |
| **Use Devolutions Gateway** | Choose a Devolutions Devolutions Gateway from your list. Requires Devolutions Gateway to be [installed and configured](https://docs.devolutions.net/gateway/getting-started/devolutions-cloud/rdm-configuration/) beforehand. |
| **Domain controller** | Set a Domain controller (optional). |
| **Username** | Username of the domain account. |
| **Password** | Password of the domain account. |
### Checkout policy
| SETTINGS | DESCRIPTION |
| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Checkout policy mode** | Choose a checkout policy mode:
- Default (inherited)
- Inherited: Inherit the checkout policy defined in Administration –Privilege access management – Settings – Checkout policy.
- Custom: Defines a custom checkout policy or uses the checkout policies defined in Administration –Privilege access management – Checkout policies.
|
### Account lifecycle policy
| SETTINGS | DESCRIPTION |
| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Account lifecycle policy** | Choose a checkout policy mode:
- Default (inherited)
- Inherited: Inherit the account lifecycle policy defined in Administration –Privilege access management – Settings – Account lifecycle policy.
- Custom: Defines a custom checkout policy or uses the checkout policies defined in Administration –Privilege access management – Account lifecycle policies.
|
### JIT privilege elevation
| SETTINGS | DESCRIPTION |
| ------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Select provider privileges to make available for temporary elevation** | Select the Active Directory groups of which a privileged account will be elevated to member status. Click on the pen icon next to a selected group to assign a Devolutions Cloud display name to it. |
| **Enable privilege sets** | Create privilege sets to group similar privileges together by assigning provider privileges and privileged accounts. |
| **Temporary group name prefix (max: 27 characters)** | Prefix of the Active Directory group name to be created, which will be a member of the selected group and in which the privileged account will be a member. |
| **Temporary group creation location** | Location (OU) where the temporary Active Directory group will exist in the Active Directory structure. |
| **Password propagation latency** | Some domains may require additional time to apply permissions. Introducing latency helps prevent sessions from opening too quickly, which could result in a failure. |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.devolutions.net/pam/pam-with-devolutions-cloud/providers/domain-user-provider.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.