Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 6.7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Converting time stamps

When you export .csv or .json files, the time stamp will be in the user's time zone. If the time is in UTC/GMT time, you can convert the time to your local time.

.csv opened in Excel

  1. Identify how many hours different your local time is from the UTC or GMT exported by googling "UTC to my time." The value will be within the -12 to 12 range.

  2. In the column to the right of the time stamp, enter one of the following formulas. These examples assume the exported time is in cell J1 and the exported time is -7 hours after the current local time.

    • =J1-TIME(7,0,0)
    • =J1+(-7 / 24)

    Below, the exported time stamp is 17:55:59 GMT (5:55:59 p.m.).

    The formula converts the time to the local time stamp of 10:55:59 p.m.

.json

You can find code to convert JSON UTC time to local time. One

possible source:

https://stackoverflow.com/questions/42376914/json-utc-time-to-local-time

Administrative Tools

The  Administrative Tools allow you to add all the objects you need to write access request policies, such as users, accounts, and assets. From this view, you can also configure all of the Safeguard for Privileged Passwords settings.

Note: You must have administrator permissions to use the  Administrative Tools and the administrator permissions you have determine what you can view and modify.

The navigation pane along the left side of the console gives you access to these administrative tools.

Table 16: Administrative Tools
Administrative Tools Description Administrator permissions
Toolbox Where you can gain quick access to all the tasks you can perform from a single portal Users with any Safeguard administrator privileges
Accounts Where you associate account identities with managed systems Asset Administrator or Auditor
Account Groups Where you define sets of accounts that you can add to the scope of an access request policy Auditor or Security Policy Administrator
Assets Where you add computers, servers, network devices, or applications to be managed by a Safeguard for Privileged Passwords Appliance Asset Administrator or Auditor
Asset Groups Where you define sets of assets that you can add to the scope of an access request policy Auditor or Security Policy Administrator
Discovery Where you configure asset and account discovery jobs which apply a set of rules to discover and automatically add assets and accounts to Safeguard for Privileged Passwords Auditor or Asset Administrator
Entitlements Where you specify the access request policies that restrict system access to authorized users Auditor or Security Policy Administrator
Partitions Where you define collections of assets that can be used to segregate assets for delegation Asset Administrator, Auditor, or delegated partition owner
Settings

Where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, configure external integration, define profile configurations settings, define user password rules, define discovery rules, and run troubleshooting tools.

Users with any Safeguard administrator privileges; however, the settings available depend on the administrative permissions assigned.

Users Where you set up users who can log in to Safeguard for Privileged Passwords.

Bootstrap, Asset Administrator, Auditor, Authorizer Administrator, Help Desk Administrator, Security Policy Administrator, or User Administrator

User Groups Where you define sets of Safeguard for Privileged Passwords users that you can add to an entitlement.

Bootstrap, Auditor, Authorizer Administrator, Security Policy Administrator, or User Administrator

All of the Administrative Tools views have the following components, except for the Toolbox and Settings:

  • Toolbar options across the top of the view.
  • Object list (left pane)
  • Search box at the top of the object list.
  • Details pane (right pane)

Toolbar options

The toolbar at the top of the views (except for the Toolbox and Settings), contain these options, depending on your Administrator permissions and the administrative tool you are using.

These buttons are available:

  • Apply to apply the changes and keep the dialog open
  • OK to apply the changes and close the dialog.
  • Cancel to ignore any changes made, if any, and close the dialog.

Toolbar options include the following.

  • Add: Add objects to the Safeguard for Privileged Passwords appliance.
  • Delete: Remove objects from the appliance.

  • Refresh the screen.

    NOTE: Whenever you add, modify, or delete an object in Administrative Tools, the changes you make cannot be seen by other administrators running Safeguard for Privileged Passwords on other clients unless they click Refresh.

  • Import : Only available for Accounts, Assets, and Users. Add a set of objects from a .csv file. For more information, see Importing objects.
  • User Security: Only available for Users. Menu options include Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a user's account.
  • Account Security: Only available for Accounts. Menu options include the following.
  • Permissions: Only available for Users. Set administrator permissions for users. For more information, see Administrator permissions.
  • Set as Default: Only available for Partitions. Set a partition as the default. For more information, see Setting a default partition and Setting a default profile.
  • Download SSH Key: Only available for Assets. Add the SSH key to the selected asset. For more information, see Downloading a public SSH key.
  • Password Archive: Only available for Accounts. Display the password history for the selected account. For more information, see Viewing password archive.
  • SSH Key Archive: Display the SSH key history for the selected account. For more information, see Viewing SSH key archive.
  • Access Requests: Only available for Accounts and Assets. Enable or disable access request services for the selected account or asset.
  • Show Disabled: Display the accounts or assets marked as disabled.
  • Hide Disabled: Hide the accounts or assets marked as disabled.
  • Syncronize Now: Only available for Assets from the Toolbar.

    Run the directory addition (incremental) synchronization process by asset and account. The sync is queued by asset by provider and runs one directory sync on that asset at a time. You can run multiple syncs in parallel on different assets. This is the faster type of directory sync because deletions are not synced. A Tasks window displays the progress and outcome of the task. You can click Details to see more information or click Stop to cancel the task. In addition, this process runs through the discovery, if there are discovery rules and configurations set up.

    The API (Assets/Synchronize) can be used to run the deletion (full) sync which includes all deletions, additions, and changes. This sync takes longer (perhaps hours), especially the first time it is run based on your directory setup.

    The Assets, General tab displays the frequency of sync additions and deletions.

Search box

Whether you are using the desktop client or web client, the search box can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that contains the text that was entered. This same basic search functionality is also available for many of the detail panes and dialogs, allowing you to filter the data displayed in the associated pane or dialog.

When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute contains the text. To perform an attribute search, click the icon to select the attribute to be searched.

Rules for using the search functionality:

  • Search strings are not case-sensitive. Exception: in the web client, the Approvals and Reviews searches are case sensitive.
  • Wild cards are not allowed.

  • Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:

    • On the Settings pane, search strings must be an exact match because a literal search is performed. Do not add quotes or underlines. For example, from the Settings pane, enter password rules to return Safeguard Access | Password Rule. If you enter "password rules" or password_rules, the following message is returned: No matches found.

    • On the Users pane search box:

      • A general search does not return anything if you use quotes because it uses a literal search (searches for the quotes). For example: searching for "ab_misc2" returns the message: There is nothing to show here.
      • You can use quotes in an attribute search if there are spaces in the search name. For example, entering the following in the search box Username: "ab_misc2" returns: AB_misc2.
  • When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list.
  • When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches.
  • In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.

To search for objects or object details

  1. Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.

    Examples:

    • Enter T in the search box to search for items that contain the letter "T".
    • Enter sse to list all items that contain the string "sse," (such as "Asset")

    Note:The status bar along the bottom of the console shows the number of items returned.

  2. To clear the search criteria, click  Clear.

    When you clear the search criteria, the original list of objects are displayed.

You can also Search by attribute and Select a drop-down to sort .

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen