Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 6.7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Search by attribute

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

API attributes can be searched

The drop-down menu lists a limited number of attributes that can be searched; however, you can perform an attribute search using the English name of any attribute as it appears in the API. Nested attributes can be chained together using a period (.). To see a list of all the attributes, see the API documentation. For more information about the API, see Using the API.

Entering the search string

  1. Click the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name then LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons, to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    Note:The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click Clear.

    When you clear the search criteria, the original list of objects are displayed.

Attributes in each Search box

The following attributes are available when you click the icon. In addition, API attributes can be searched in the search box.

Accounts

  • Name
  • Description
  • Asset
  • Domain Name
  • Profile
  • Partition
  • Tag

Account Groups

  • Name
  • Description
  • Dynamic

Assets

  • Name
  • Description
  • Platform
  • Forest Root Domain
  • Network Address
  • Partition
  • Is Directory
  • Tag

Asset Groups

  • Name
  • Description
  • Dynamic

Entitlements

  • Priority
  • Name
  • Description
  • Users Display Name
  • Users Name

Partitions

  • Name
  • Description

Users

  • User Name
  • Description
  • First Name
  • Last Name
  • Email Address
  • Domain Name

User Groups

  • Name
  • Description

Select a drop-down to sort

By default, the desktop client lists the objects in alphabetical order; however, you can use the controls located above the list to sort the object list.

To sort the desktop client object lists

  1. Select Ascending or Descending under the Search box to sort the list in either alphabetical or reverse-alphabetical order.
  2. To sort the list of Accounts, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Asset
    • Domain Name
    • Profile
    • Partition

  3. To sort the list of Account Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic
  4. To sort the list of Assets, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Platform
    • Network Address
    • Partition

  5. To sort the list of Asset Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic
  6. To sort the list of Entitlements, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Priority (Default)
    • Name
    • Description

  7. To sort the list of Partitions, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
  8. To sort the list of Users, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • User Name (Default)
    • Description
    • First Name
    • Last Name
    • Email Address
    • Domain Name
  9. To sort the list of User Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Type (Sorts by local and directory groups.)

Privileged access requests

One Identity Safeguard for Privileged Passwords provides a workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and integrate directly with ticketing systems.

In order for a request to progress through the workflow process, authorized users perform assigned tasks. These tasks are performed from the user's Home page in the desktop client or web client.

As a Safeguard for Privileged Passwords user, your Home page provides a quick view to the access request tasks that need your immediate attention. In addition, an Administrator can set up alerts to be sent to users when there are pending tasks needing attention. For more information, see Configuring alerts.

The access request tasks you see on your Home page depend on the rights and permissions you have been assigned by an entitlement's access request policies. For example:

  • Requesters see tasks related to submitting new access requests, as well as actions to be taken once a request has been approved (for example, viewing passwords, copying passwords, launching sessions, and checking in completed requests).

    Requesters can also define favorite requests, which then appear on their Home page for subsequent use. This can be done from either the desktop client or web client:

  • Approvers see tasks related to approving (or denying) and revoking access requests.
  • Reviewers see tasks related to reviewing completed (checked in) access requests, including playing back a session if session recording is enabled.

The following three workflows are available:

Configuring alerts

All users are subscribed to the following email notifications; however, users will not receive email notifications unless they have been included in a policy as a requester (user), approver, or reviewer.

  • Access Request Approved
  • Access Request Denied
  • Access Request Expired
  • Access Request Pending Approval
  • Access Request Revoked
  • Password was Changed
  • SSH key was Changed
  • Review Needed

Toast notifications may also appear on your console when the desktop client application is not the active foreground application.

Using the desktop client, there are two ways to configure One Identity Safeguard for Privileged Passwords to send event alerts to Safeguard for Privileged Passwords users:

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen