Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Step 5: Asset Administrator adds managed systems

  1. Log in to the desktop client using the Asset Administrator account.
  2. Add partitions and, optionally, delegate partition ownership to other users (Adding a partition).
  3. (Optional) Set the following Password Management settings (or edit the default rules and settings defined when the partition was added):
  4. (Optional) Set the following SSH Key Management settings:
  5. (Optional) Create profiles or edit the default profiles created (Creating a password profile).
  6. Add assets to the appropriate partitions and profiles (Adding an asset (desktop client) or Adding an asset (web client)).
  7. Add accounts to control access to the assets (Adding an account).

TIP: Create asset and account discovery jobs to discover and, optionally, automatically add assets and accounts to Safeguard for Privileged Passwords. For more information, see Discovery.

Step 6: Security Policy Administrator adds access request policies

  1. Log in to the desktop client using the Security Policy Administrator account.
  2. Set Reasons.
  3. Configure Approval Anywhere.
  4. Add user groups (Adding a user group).
  5. Add local or directory users to local user groups (Adding users to a user group).
  6. Add account groups (Adding an account group).
  7. Add accounts to account groups (Adding one or more accounts to an account group).
  8. Add entitlements (Adding an entitlement (desktop client) or Adding an entitlement (web client)).
  9. Add users or user groups to entitlements (Adding users or user groups to an entitlement).
  10. Create access request policies (Creating an access request policy (desktop client) or Adding an entitlement (web client)).

Using the web client

The web client uses a responsive user interface design to adapt to the user's device, from desktops to tablets or mobile phones. Only one user session will persist during a browser session. Any tabs opened after initial authentication will use the existing user session.

NOTE: In this documentation, you will see the following icons which denote the interface:

(web client)

(desktop client)

To log into the web client application

The following steps assume the One Identity Safeguard for Privileged Passwords Appliance has been configured and licensed. As a Safeguard for Privileged Passwords user, if you get an appliance is unlicensed notification, contact your Appliance Administrator.

  1. From your browser, enter the Safeguard for Privileged Passwords URL with the IP address, such as https://11.1.111.11.
  2. If a login notification displays, click OK to accept the notifications and restrictions stated.
  3. On the user log in screen, enter your credentials and click Log in.

Updating your avatar photo

To change your photo in the web client, expand the Username drop-down in the upper right and select My Settings. On the My Settings page, select My Account and click the circle icon with the username. Select the image file (under 64 KiB), then click Open. You can right-click the photo to save or perform other photo options.

Using the left navigation menu

NOTE: Use the button on mobile devices to expand and collapse the navigation menu.

The pages available to you display on the left. You will see Home and, based on your role, you may also see the following pages (depending on role, these pages may already be listed in the left navigation pane without having to expand the top level heading):

  • Access Requests

    • My Requests

    • Personal Password Vault

    • Approvals

    • Reviews

  • Appliance Management:

    • Appliance

    • Backup and Retention

    • Certificates

    • Cluster

    • Enable or Disable Services

    • External Integration

    • Real-Time Reports

    • Safeguard Access

    • Search

  • Asset Management

    • Accounts

    • Assets

    • Partitions

    • Discovery

    • Profiles

    • Tags

  • Security Policy Management

    • Account Groups

    • Application to Application

    • Approval Anywhere

    • Cloud Assistant

    • Asset Groups

    • Entitlements

    • Linked Accounts

    • User Groups

  • User Management

    • Users

    • User Groups

You can reduce the left menu using the button located at the bottom of the left navigation menu.

Home

Click Home to go to the home page. The Home page is tailored to your user rights and permissions. If you are authorized by an entitlement to request, approve, or review access requests, then your Home page gives you a quick view to the access request tasks that need your immediate attention.

Based on your role, the dashboard displays My Requests, Approvals, and Reviews, the number of tasks in each queue, and the status of each task (for example, Available, Denied, Revoked, Pending) as well as whether the task is Due Today.

Additional widgets may also be available. For example: Appliance Resources and Cluster Status.

In addition to tasks based on your role, you can perform the following from the Home page:

  • Customize the information that is displayed on the page. Click Settings.
  • Read the Message of the Day from the Appliance Administrator. For more information, see Message of the Day.
Requester's Home page view

Click the New Request button to open the New Access Request dialog, which lists the assets and accounts you are authorized to access. From this dialog you specify the assets, accounts and the type of access you are requesting, and additional details about the request.

For more information, see:

Click My Requests to view the requests awaiting action.

For more information, see:

The Favorites pane displays a list of requests you have marked as a favorite, providing a quick way to request access. For more information, see Desktop client favorite request.

Approver's Home page view

Your job is to approve or deny the access requests listed on your Home page. Click Approvals to view the requests awaiting your approval. As an approver, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

Reviewer's Home page view

Your job is to review completed access requests listed on your Home page. Click Reviews to view the completed requests requiring your review. As a reviewer, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating