Use the Accounts tab on the Assets view to add an account to an asset.
You can manage tasks and services on a domain controller (DC) asset. For more information, see Using a domain controller (DC) asset.
You can add an account to an asset or add a directory account to a directory asset. Steps for both follow.
(
desktop client) To add an account to an asset- Navigate to Administrative Tools | Assets.
- In Assets, select an asset from the object list and open the Accounts tab.
- Click
Add Account from the details toolbar.
- Enter the account information and click Add Account.
-
In the Account dialog, enter the following information:
-
Name:
- Local account: Enter the login user name for this account. Limit: 100 characters.
- Directory Account: Browse to find the account.
-
Description: (Optional) Enter information about this managed account. Limit: 255 characters.
-
Profile: Browse to select a profile to govern this account.
By default an account inherits the profile of its associated asset, but you can assign it to a different profile for this partition. For more information, see Assigning assets or accounts to a password profile and SSH key profile.
-
Enable Password Request: This check box is selected by default, indicating that password release requests are enabled for this account. Clear this option to prevent someone from requesting the password for this account. By default, a user can request the password for any account in the scope of the entitlements in which they are an authorized user.
-
Enable Session Request: This check box is selected by default, indicating that session access requests are enabled for this account. Clear this option to prevent someone from requesting session access using this account. By default, a user can make an access request for any account in the scope of the entitlements in which they are an authorized user.
- Enable SSH Key Request: This check box is selected by default, indicating that SSH key release requests are enabled for this account. Clear this option to prevent someone from requesting the SSH key for this account. By default, a user can request the SSH key for any account in the scope of the entitlements in which they are an authorized user.
-
Available for use across all partitions (For directory accounts only): When selected, any partition can use this account and the password is given to other administrators. For example, this account can be used as a dependent account or a service account for other assets. Potentially, you may have assets that are running services as the account, and you can update those assets when the service account changes. If not selected, partition owners and other partitions will not know the account exists. Although archive servers are not bound by partitions, this option must be selected for the directory account for the archive server to be configured with the directory account.
-
web client) To add an account to an asset-
Navigate to Asset Management | Assets.
-
Select an asset and click
Edit.
-
Open the Accounts tab.
- Click
- On the General tab, enter the following information:
-
Name:
- Local account: Enter the login user name for this account. Limit: 100 characters.
- Directory Account: Browse to find the account.
-
Description: (Optional) Enter information about this managed account. Limit: 255 characters.
-
-
On the Management tab, enter the following information:
-
Enable Password Request: This check box is selected by default, indicating that password release requests are enabled for this account. Clear this option to prevent someone from requesting the password for this account. By default, a user can request the password for any account in the scope of the entitlements in which they are an authorized user.
-
Enable Session Request: This check box is selected by default, indicating that session access requests are enabled for this account. Clear this option to prevent someone from requesting session access using this account. By default, a user can make an access request for any account in the scope of the entitlements in which they are an authorized user.
-
Password Profile: Browse to select a profile to govern this account.
By default an account inherits the profile of its associated asset, but you can assign it to a different profile for this partition. For more information, see Assigning assets or accounts to a password profile and SSH key profile.
-
Available for use across all partitions (For directory accounts only): When selected, any partition can use this account and the password is given to other administrators. For example, this account can be used as a dependent account or a service account for other assets. Potentially, you may have assets that are running services as the account, and you can update those assets when the service account changes. If not selected, partition owners and other partitions will not know the account exists. Although archive servers are not bound by partitions, this option must be selected for the directory account for the archive server to be configured with the directory account.
-
-
Click OK to save the account to the asset..
Directory assets
If you add directory user accounts to a directory asset, Safeguard for Privileged Passwords will automatically change the user passwords according to the profile schedule you set, which could prevent a directory user from logging into Safeguard for Privileged Passwords. For information about how to set up directory users as Safeguard for Privileged Passwords users, see Adding a user.
For Active Directory, the standard global catalog port, 3268 (LDAP), must be open on the firewall for every Windows global catalog server in the environment and SPP Appliance to communicate for directory management tasks (for example, adding a directory account, a directory user account, or a directory user group). LDAP uses port 389 for unencrypted connections. For more information, see the Microsoft publication How the Global Catalog Works.
- Navigate to Administrative Tools | Assets.
- In Assets, select a directory asset from the object list and open the Accounts tab.
- Click
- In the Find Accounts dialog, click Browse to select a container within the directory as the Filter Search Location.
- The Include objects from sub containers check box is selected by default, indicating that child objects will be included in your search. Clear this check box to exclude child objects from your search.
- In the Name field, enter a full or partial account name and click Search.
To search for a directory account, you must enter text into the search box. Safeguard for Privileged Passwords searches each domain of a forest. You can search on partial strings. For example, if you enter "ad," it will find any user Name or Distinguished Name that contains "ad." The text search is not case-sensitive and does not allow wild cards.
- The results of the search displays in the Select the Account(s) to Add grid. Select one or more accounts to add to Safeguard for Privileged Passwords.
-
Navigate to Asset Management | Assets.
-
Select a directory asset and click
-
Open the Accounts tab.
- Click
- In the New Account dialog, click Select Account.
- In the Account Search Options dialog:
- Starts With (Active Directory ANR Search): Use this field to enter a full or partial account name.
- Search Location: Use the Browse button to select a container within the directory as the Search Location.
- The Include objects from sub containers check box is selected by default, indicating that child objects will be included in your search. Clear this check box to exclude child objects from your search.
- Click Find Account to search for the account.
- The results of the search displays in the Select Account grid. Select an account to add to Safeguard for Privileged Passwords.
- To save the selected accounts, click Select Account.
- Click OK to save the directory account to the directory asset.
