To stop a task
- Navigate to Administrative Tools l Toolbox.
- Open the Tasks pane.
- Click Popout in the upper right corner to float the Tasks pane.
- Click Cancel next to a running task.
To stop a task
A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.
The Auditor and the Asset Administrator have permission to access Accounts.
On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.
Service accounts are designated with a Service Account icon. For more information, see About service accounts.
To access Accounts:
Selecting one of the accounts displays the following information:
For information about configuring Account Discovery in Safeguard for Privileged Passwords, see Account Discovery job workflow.
Use these toolbar buttons to manage accounts.
The
To access
Information for the account displays. Not all the information listed below is applicable for every account.
Property | Description |
---|---|
Name | The name of the selected account. |
Distinguished Name |
For LDAP platforms, the fully qualified distinguished name (FQDN) for the service account |
Domain Name (for directories) |
The name of the domain where the account was discovered |
SID (for directories) |
Security IDentifer for a Windows account. |
Asset |
The display name of the managed system associated with this account. Accounts are only associated with one asset. |
Asset Type |
The type of the asset (for example, Windows, Linux, LDAP, or Active Directory). |
Partition | The name of the partition where the selected account resides. |
Password Profile |
The name of the password profile that governs the accounts assigned to a partition. |
Password Sync Group |
If assigned, the password sync group to control password validation and reset across all associated accounts. |
SSH Key Profile |
The name of the SSH key profile that governs the accounts assigned to a partition. |
SSH Key Sync Group |
If assigned, the SSH key sync group to control SSH key validation and reset across all associated accounts. |
Account Discovery Job |
The account discovery job with rule-based settings to discover all accounts that are assigned to the assets in a selected partition, that are made available globally, or that meet the rules criteria. |
Date/Time Discovered |
The date and time when the account was discovered. |
Discovered User ID |
The User ID of the discovered account. |
Discovered Groups (for directories) |
The groups in which the account is a member. Click the link to go to the Discovered groups dialog to view the groups. |
Enable Password Request | True or False, indicating whether password release requests are enabled for this account. |
Enable Session Request | True or False, indicating whether session access requests are enabled for this account. |
Enable SSH Key Request | True or False, indicating whether SSH key release requests are enabled for this account. |
Available for use across all partitions (Global Access for directories) |
When selected, any partition is able to use this account and the password is given to other administrators. For more information, see Adding an Account Discovery rule. |
Last Successful Password Check |
The date and time of the last successful password validation. |
Last Failed Password Check |
The date and time of the last password validation failure. |
Password Check Failures |
Displays the number of password check tasks that failed. |
Next Password Check |
The date and time of the next automated password check as set in the Check Password schedule of the profile. For more information, see Adding check password settings. |
Last Successful Password Change |
The date and time of the last successful password change. |
Last Failed Password Change |
The date and time of the last password change failure. |
Password Change Failures |
Displays the number of password change tasks that failed. |
Next Password Change |
The date and time of the next automated password change as set in the Change Password schedule of the profile. For more information, see Adding change password settings. |
Last Successful SSH Key Check |
The date and time of the last successful SSH key validation. |
Last Failed SSH Key Check |
The date and time of the last SSH key validation failure. |
SSH Key Check Failures |
Displays the number of SSH key check tasks that failed. |
Next SSH Key Check |
The date and time of the next automated SSH key check as set in the Check SSH Key schedule of the profile. For more information, see Adding SSH key check settings . |
Last Successful SSH Key Change |
The date and time of the last successful SSH key change. |
Last Failed SSH Key Change |
The date and time of the last SSH key change failure. |
SSH Key Change Failures |
Displays the number of SSH key change tasks that failed. |
Next SSH Key Change |
The date and time of the next automated SSH key change as set in the Change SSH Key schedule of the profile. For more information, see Adding SSH key change settings. |
Last Successful SSH Key Discovery |
The date and time of the last successful SSH key discovery. For more information, see SSH Key Discovery job workflow. |
Last Failed SSH Key Discovery Attempt |
The date and time of the last failed SSH key discovery attempt. |
SSH Key Discovery Failures |
The number of SSH key discovery failures. You can view a list of the accounts. |
Next SSH Key Discovery |
The date and time for the next SSH key discovery attempt. On the Dashboard, Account Automation tab, you can view a list of accounts where SSH key discovery tasks failed. For more information, see Account Automation. |
There are two buttons available on the top of the Properties tab:
Select Enable to have Safeguard for Privileged Passwords manage a disabled asset. Account Discovery jobs find all accounts that match the discovery rule's criteria regardless of whether it has been marked Enabled or Disabled in the past.
Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.
The following fields display on the secondary tabs on the Properties tab based on the type of asset (for example, Windows, Linux, LDAP, or Active Directory). Clicking the Edit button on one of the secondary tabs allows you to edit the account.
Property | Description |
---|---|
Name | The name of the selected account. |
Description |
Description of the selected account. |
Asset |
The display name of the managed system associated with this account. Accounts are only associated with one asset. |
Property | Description |
---|---|
Access Requests | Indicates which type(s) of access requests are enabled for this account. |
Password Profile |
The name of the password profile that governs the accounts assigned to a partition. |
SSH Key Profile |
The name of the SSH key profile. |
Tags: Tag assignments for the selected account.
The information displayed in the Tags pane includes both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.
Delete: Click this button to delete the selected account.
The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.
To access Owners:
The Owners tab has three views: Account Owners, Asset Owners, and Partition Owners.
Property | Description |
---|---|
Account Owners | |
Type |
The type of owner. |
Name |
The name of the owner. |
Provider |
The name of the authentication provider. |
Direct |
This column indicates the ownership of the object was assigned directly rather than through the use of a tag. |
Via Tag |
This column indicates the ownership of the object was assigned through the use of a tag. |
Asset Owners | |
Type |
The type of owner. |
Name |
The name of the owner. |
Provider |
The name of the authentication provider. |
Direct |
This column indicates the ownership of the object was assigned directly rather than through the use of a tag. |
Via Tag |
This column indicates the ownership of the object was assigned through the use of a tag. |
Partition Owners | |
Type |
The type of user or group. |
Name |
The name of the user or group. |
Provider |
The name of the authentication provider. |
Use the following buttons on the details toolbar to manage the objects owned by the selected account.
Option | Description |
---|---|
|
Add one or more users or user groups to the selected account. For more information, see Adding users or user groups to an account. |
|
Remove the selected object from being a manager of the selected account. You can only remove objects directly assigned to an account (as opposed to those assigned via the use of a tag). |
Refresh |
Update the list of owners/managers. |
|
View additional details about the owner/user or group. |
Search |
To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box. |
Asset Administrators and Auditors can also generate reports showing more detailed information on the ownership of specific objects (including effective ownership). For more information, see Running an ownership report.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center