You can manually move users whose accounts are stored in the internal database to other security domains. You can also move user groups.
When you move users to another security domain, the policies for the new security domain take effect immediately. Also, after you move users, only administrators with permissions to manage users in that security domain can manage the users you moved.
When you move users, consider that users who are enabled for risk-based authentication (RBA) before the move retain their RBA user settings after the move. If users are disabled for RBA before the move, the users remain disabled for RBA after the move.
You can automatically move LDAP directory users to other security domains by mapping directory objects, such as organizational units, to the security domain of your choice. Authentication Manager uses security domain mappings to add users to the appropriate security domain when new user records are added to the database.
In the Security Console, click Identity > Users > Manage Existing.
Use the search fields to find the users that you want to move. Some fields are case sensitive.
Select the users that you want to move.
From the Action menu, select Move to Security Domain, and click Go.
From the Move to Security Domain drop-down list, select the security domain where you want to move the user.