サポートと今すぐチャット
サポートとのチャット

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Permissions tab (add user)

On the Permissions tab, select the user's Administrator permissions, if applicable. For details on the rights for the permissions, see Administrator permissions.

Users permissions across multiple user groups

Users have permissions based on the user groups to which they are assigned. If a user is removed from a user group, the permissions related to that group are removed but the permissions for all other groups the user is assigned to remain in place.

User permissions on import

When a directory user group is imported, newly created Safeguard users are assigned the selected permissions. If the user exists in Safeguard, the selected permissions are added to the existing user permissions.For more information, see Adding a directory user group.

To assign permissions

When assigning permissions to a user, select the appropriate access controls. You can Select all or Select none at the bottom of the dialog.

  • Authorizer: Allow the user to grant permissions to other users. This permission allows the user to change their own permissions.

  • User: Allow the user to create new users, unlock and reset passwords for non-administrative users.
  • Help Desk: Allow the user to unlock and set passwords for non-administrative users.
  • Appliance: Allow the user to edit and update the appliance and to configure external integration settings, such as email, SNMP, Syslog, and Ticketing.
  • Operations: Allow the user to reboot and monitor the appliance.
  • Auditor: Allow the user read-only access encompassing all auditor roles. You can limit the Auditor role access by deselecting one of the following check boxes:
    • Application Auditor: Allow the user read-only access to Asset Management and Security Policy Management.
    • System Auditor: Allow the user read-only access to Appliance Management and User Management.
  • Asset: Allow the user to add, edit, and delete partitions, assets, and accounts.
  • Security Policy: Allow the user to add, edit, and delete entitlements and polices that control access to accounts and assets.
  • Personal Passwords: Allow the user to add, edit, delete, share, and access the personal password vault. This check box is only available to the User Administrator and Security Policy Administrator. For more information, see Personal password vault.

Requiring secondary authentication log in

You can require a user to log in using two-factor authentication by enabling the Require Secondary Authentication option in the user record.

To require a user to log in using secondary authentication

  1. Setup a secondary authentication provider in Appliance Management | Safeguard Access | Identity and Authentication. For more information, see Adding identity and authentication providers.

  2. Configure the Safeguard for Privileged Passwords user to Require Secondary Authentication. For more information, see Authentication tab (add user).
    1. On the Authentication tab of a user's properties, select the Require Secondary Authentication check box.
    2. Choose the Authentication Provider.
    3. Depending on the type of authentication provider selected, specify the additional information this user must use when logging into Safeguard for Privileged Passwords with two-factor authentication.

  3. Log in with secondary authentication.

    When you log in to Safeguard for Privileged Passwords as a user which requires secondary authentication, you log in as usual, using the password that is set for the Safeguard for Privileged Passwords user account. Safeguard for Privileged Passwords then displays one or more additional login screens. Depending on how the system administrator has configured the secondary authentication provider, you must enter additional credentials for your secondary authentication service provider account, such as a secure password, security token code, or both.

    NOTE:The type and configuration of the secondary authentication provider (for example, RSA SecureID, FIDO2, and so on) determines what you must provide for secondary authentication. Check with your system administrator for more information about how to log in to Safeguard for Privileged Passwords with secondary authentication.

Adding a user to user groups

It is the responsibility of the Security Policy Administrator to add users to user groups to assign to password policies.

To add a user to a user group

  1. Navigate to User Management | Users.
  2. In Users, select a user from the object list and open the User Groups tab.
  3. Click Add from the details toolbar.
  4. Select one or more groups from the list in theUser Groups dialog and click OK.

If you do not see the user group you are looking for and are a Security Policy Administrator, you can click Create New in the User Groups dialog and add the user group. For more information about creating user groups, see Adding a user group.

Adding a user to entitlements

It is the responsibility of the Security Policy Administrator to add users to entitlements. When you add users to an entitlement, you are specifying which people can request access governed by the entitlement's policies.

To add a user to entitlements

  1. Navigate to User Management | Users.
  2. In Users, select a user from the object list and open the Entitlements tab.
  3. Click Add from the details toolbar.
  4. Select one or more entitlements from the list in the Entitlements dialog and click OK.

If you do not see the entitlement you are looking for and are a Security Policy Administrator, you can click Create New in the Entitlements dialog. For more information about creating entitlements, see Adding an entitlement.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択