Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Running an entitlement report

You can run an entitlement report.

To run an entitlement report

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Reports.
  2. In the first drop-down, choose a type of report: User, Asset, or Account.
  3. In the second drop-down, you can select All or you can select Browse to select one or more objects for the report. If you select multiple objects, the selected objects display in the center of the page. Click a selected object to display the object's information at the bottom of the page.
  4. The top of the report displays the following information.

    User:

    • Name: The name of the user.
    • Username: The user name used for authentication.
    • Domain name: The name of the domain of the user.
    • Accounts: Number of accounts each user is allowed to access.
      If an access request policy allows password access to linked accounts, an account may display twice: once based on the policy scope and a second time because it is a linked account. In the bottom grid, see the From Linked Account column. For more information, see Access Config tab (create access request policy desktop client).

    Asset:

    • Name: The name of the asset.
    • Accounts: Number of accounts on this asset that can be accessed.
    • Requesters: Number of users allowed to request access to the asset's accounts.
    • Partition: The name of the partition to which the asset belongs.
    • Users: The name of the requesters allowed to request access.

    Account:

    • Name: Name of the account.
    • Asset: Name of the asset associated with the account.
    • Domain Name: If applicable, the domain of the account.
    • Requesters: Number of requesters allowed to access an account.
  5. Select an item from the top pane to view additional detail in the lower pane.
    For entitlements by assets, you can continue to drill down into the details of an item. For example, you can view both the Total Accounts tab and the People tab to see more details about the users that can request the accounts on an asset. Select an item from the results to drill down further into the details about the users and the accounts.
  6. To filter the results, use the filter control in the column heading. For more information, see Filtering report results.

To export the report

  1. To export, select Export and then select Export as CSV or Export as JSON. Save the file to the location desired. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.

  2. The time is set according to the user time zone. You can convert timestamps another time, if necessary. Once the report is exported, you can convert time stamps to local time, if necessary. For more information, see Converting time stamps.

To run the report

Click the Run button to generate the report.

Running an ownership report

Asset Administrators and Auditors can run an ownership report.

To run an ownership report

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Reports.
  2. Open the Ownership tab.
  3. In the first drop-down, choose a type of report: User, Partition, Asset, Account, or Tag.
  4. In the second drop-down, you can select All or you can select Browse to select one or more objects for the report. If you select multiple objects, the selected objects display in the center of the page. Click a selected object to display the object's information at the bottom of the page.
  5. The top of the report displays the following information.

    User:

    • Name: The name of the user.
    • Username: The user name used for authentication.
    • Domain name: The name of the domain of the user.
    • Owned Objects: The number of objects owned by the listed user.

    Partition:

    • Name: The name of the partition.
    • Partition Owners: The number of owners for the partition.

    Asset:

    • Name: The name of the asset.
    • Network Address: The network address for the asset.
    • Asset Owners: The number of owners for the asset.
    • Partition Owners: The number of owners for the partition to which the asset belongs.
    • Partition: The name of the partition to which the asset belongs.

    Account:

    • Name: The name of the account.
    • Asset: Name of the asset associated with the account.
    • Network Address: The network address for the account.
    • Domain Name: If applicable, the domain of the account.
    • Partition: The name of the partition to which the account belongs.
    • Account Owners: The number of owners for the account.
    • Asset Owners: The number of owners for the asset associated with the account.
    • Partition Owners: The number of owners for the partition associated with the account.

    Tag:

    • Name: The name of the tag.
    • Partition: Name of the partition the tag belongs to.
    • Tagged Objects: If applicable, the number of objects that have the tag assigned to them.
    • Assigned Owners: Number of owners assigned to the tag.
  6. Select an item from the top pane to view additional detail in the lower pane.

    For ownership by tags, you can continue to drill down into the details of an item. For example, you can view both the Tagged Objects tab and the Assigned Owners On This Tag tab to see more details on the tag and the owners. From the Tagged Objects tab, you can also select an item from the results to drill down further into the details about the tag.

  7. To filter the results, use the filter control in the column heading. For more information, see Filtering report results.

To export the report

  1. To export, select Export and then select Export as CSV or Export as JSON. Save the file to the location desired. Different information may be returned based on whether you select CSV or JSON.

  2. The time is set according to the user time zone. You can convert timestamps another time, if necessary. Once the report is exported, you can convert time stamps to local time, if necessary. For more information, see Converting time stamps.

To run the report

Click the Run button to generate the report.

Converting time stamps

When you export .csv or .json files, the time stamp will be in the user's time zone. If the time is in UTC/GMT time, you can convert the time to your local time.

.csv opened in Excel

  1. Identify how many hours different your local time is from the UTC or GMT exported by googling "UTC to my time." The value will be within the -12 to 12 range.

  2. In the column to the right of the time stamp, enter one of the following formulas. These examples assume the exported time is in cell J1 and the exported time is -7 hours after the current local time.

    • =J1-TIME(7,0,0)
    • =J1+(-7 / 24)

    Below, the exported time stamp is 17:55:59 GMT (5:55:59 p.m.).

    The formula converts the time to the local time stamp of 10:55:59 p.m.

.json

You can find code to convert JSON UTC time to local time. One possible source:

https://stackoverflow.com/questions/42376914/json-utc-time-to-local-time

Administrative Tools

The  Administrative Tools allow you to add all the objects you need to write access request policies, such as users, accounts, and assets. From this view, you can also configure all of the Safeguard for Privileged Passwords settings.

NOTE: You must have administrator permissions to use the  Administrative Tools and the administrator permissions you have determine what you can view and modify.

The navigation pane along the left side of the console gives you access to these administrative tools.

Table 15: Administrative Tools
Administrative Tools Description Administrator permissions
Toolbox Where you can gain quick access to all the tasks you can perform from a single portal. Users with any Safeguard administrator privileges
Accounts Where you associate account identities with managed systems. Asset Administrator or Auditor
Account Groups Where you define sets of accounts that you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Assets Where you add computers, servers, network devices, or applications to be managed by a Safeguard for Privileged Passwords Appliance. Asset Administrator or Auditor
Asset Groups Where you define sets of assets that you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Discovery Where you configure asset and account discovery jobs which apply a set of rules to discover and automatically add assets and accounts to Safeguard for Privileged Passwords. Auditor or Asset Administrator
Entitlements Where you specify the access request policies that restrict system access to authorized users. Auditor or Security Policy Administrator
Partitions Where you define collections of assets that can be used to segregate assets for delegation Asset Administrator, Auditor, or delegated partition owner
Settings

Where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, configure external integration, define profile configurations settings, define user password rules, define discovery rules, and run troubleshooting tools.

Users with any Safeguard administrator privileges; however, the settings available depend on the administrative permissions assigned.

Users Where you set up users who can log in to Safeguard for Privileged Passwords.

Bootstrap, Asset Administrator, Auditor, Authorizer Administrator, Help Desk Administrator, Security Policy Administrator, or User Administrator

User Groups Where you define sets of Safeguard for Privileged Passwords users that you can add to an entitlement.

Bootstrap, Auditor, Authorizer Administrator, Security Policy Administrator, or User Administrator

All of the Administrative Tools views have the following components, except for the Toolbox and Settings:

  • Toolbar options across the top of the view.
  • Object list (left pane).
  • Search box at the top of the object list.
  • Details pane (right pane).
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating