I have a company in UK that wants to have the ability to grant accounts but account access will need to be managed locally in the USA. (The accounts will need to be managed in its entirety from the UK. However, access will be managed locally in the USA.) The UK office cannot have access into the US network at all. Can someone explain if this can be done? If so, how do we do it? The question becomes, "Can the UK office manage accounts and be locked out of the US network if they still control the creation of accounts from the UK?"