Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Stopping a task

To stop a task

  1. Navigate to  Administrative Tools l Toolbox.
  2. Open the Tasks pane.
  3. Click  Popout in the upper right corner to float the Tasks pane.
  4. Click  Cancel next to a running task.

Accounts

A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.

The Auditor and the Asset Administrator have permission to access Accounts.

On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.

Service accounts are designated with a Service Account icon. For more information, see About service accounts.

To access Accounts:

  • desktop client: Navigate to Administrative Tools | Accounts and select an account to display additional information and options.
  • web client: Navigate to Asset Management | Accounts. If needed, you can use the partition drop-down to select the parent partition of the account. Select an account, then click to display additional information and options.

Selecting one of the accounts displays the following information:

For information about configuring Account Discovery in Safeguard for Privileged Passwords, see Account Discovery job workflow.

Use these toolbar buttons to manage accounts.

General tab/Properties (account)

The General/Properties tab lists information about the selected account.

To access General/Properties:

  • desktop client: Navigate to Administrative Tools | Accounts | General.
  • web client: Navigate to Asset Management | Accounts | (Edit) | Properties.

Information for the account displays. Not all the information listed below is applicable for every account.

Owners tab (account)

The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.

To access Owners:

  • desktop client: Navigate to Administrative Tools | Accounts | Owners.
  • web client: Navigate to Asset Management | Accounts | (Edit) | Owners.

The Owners tab has three views: Account Owners, Asset Owners, and Partition Owners.

Table 20: Accounts: Owners tab properties
Property Description

Account Owners

Type

The type of owner.

Name

The name of the owner.

Provider

The name of the authentication provider.

Direct

This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

Via Tag

This column indicates the ownership of the object was assigned through the use of a tag.

Asset Owners

Type

The type of owner.

Name

The name of the owner.

Provider

The name of the authentication provider.

Direct

This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

Via Tag

This column indicates the ownership of the object was assigned through the use of a tag.

Partition Owners

Type

The type of user or group.

Name

The name of the user or group.

Provider

The name of the authentication provider.

Use the following buttons on the details toolbar to manage the objects owned by the selected account.

Table 21: Accounts: Owners toolbar
Option Description

Add User/Add User Groups/Add

Add one or more users or user groups to the selected account. For more information, see Adding users or user groups to an account.

Remove Selected/Remove

Remove the selected object from being a manager of the selected account. You can only remove objects directly assigned to an account (as opposed to those assigned via the use of a tag).

Refresh

Update the list of owners/managers.

( desktop client only) Details

View additional details about the owner/user or group.

Search

To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box.

Asset Administrators and Auditors can also generate reports showing more detailed information on the ownership of specific objects (including effective ownership). For more information, see Running an ownership report.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating