Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 7.2 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Adding an account to a partition

On the web client, use the Accounts tab on the Partitions view to add an account to a partition.

You can manage tasks and services on a domain controller (DC) asset. For more information, see Using a domain controller (DC) asset.

To add an account to an asset

  1. Navigate to Asset Management > Partitions.

  2. Select a partition and click View Details.

  3. Open the Accounts tab.

  4. Click New Account from the details toolbar.

  5. In the Select the asset for the new account dialog, select an asset to associate with this account then click Select Asset.

  6. In the New Account dialog, enter the following information:

    • On the General tab:

      • Name:

        • Local account: Enter the login user name for this account. Limit: 100 characters.
        • Directory Account: Browse to find the account.

      • Description: (Optional) Enter information about this managed account. Limit: 255 characters.

    • On the Management tab:

      • Enable Password Request: This check box is selected by default, indicating that password release requests are enabled for this account. Clear this option to prevent someone from requesting the password for this account. By default, a user can request the password for any account in the scope of the entitlements in which they are an authorized user.

      • Enable Session Request: This check box is selected by default, indicating that session access requests are enabled for this account. Clear this option to prevent someone from requesting session access using this account. By default, a user can make an access request for any account in the scope of the entitlements in which they are an authorized user.

      • Available for use across all partitions (Only available for some types of directory accounts): When selected, any partition can use this account and the password is given to other administrators. For example, this account can be used as a dependent account or a service account for other assets. Potentially, you may have assets that are running services as the account, and you can update those assets when the service account changes. If not selected, partition owners and other partitions will not know the account exists. Although archive servers are not bound by partitions, this option must be selected for the directory account for the archive server to be configured with the directory account.

  7. Click OK.

Removing assets from a partition

You cannot remove assets from a partition.

You can reassign the asset to another partition either from the scope of the other partition or from an asset's General properties. For more information, see Assigning an asset to a partition.

When you associate an asset to a partition, all the accounts associated with that asset, are also added to the scope of that partition. For more information, see About profiles.

Adding users or user groups to a partition

When you add users to a partition, you are specifying the users or user groups that have ownership of a partition.

It is the responsibility of the Asset Administrator to add users and user groups to partitions. The Security Policy Administrator only has permission to add groups, not users. For more information, see Administrator permissions.

To add users to a partition

  1. Navigate to Asset Management > Partitions.
  2. In Partitions, select a partition from the object list and click View Details.
  3. Open the Owners tab.
  4. Click  Add.

  5. Select one or more users or user groups from the list in the Users/User Groups dialog.

  6. Click Select Owners to save your selection.

Creating a password profile

It is the responsibility of the Asset Administrator or the partition's delegated administrator to add password profiles to partitions.

To add a password profile to a partition

  1. Navigate to Asset Management > Partitions.

  2. In Partitions, select a partition from the object list and click View Details.

  3. Open the Password Profiles tab.

  4. Click New Profile from the details toolbar.

  5. On the General tab, supply the following information:

    1. Name: Enter a unique name for the profile. Limit: 50 characters

    2. Description: Enter information about this profile. Limit: 255 characters

  6. On the Check Password tab, select a previously defined check password setting from the drop-down menu or click Add to add a new check password setting. These are the rules used to verify account passwords. For more information, see Adding check password settings.

  7. On the Change Password tab, select a previously defined change password setting from the drop-down menu or click Add to add a new change password setting. These are the rules used to reset account passwords. For more information, see Adding change password settings.

  8. On the Account Password Rule tab, select a previously defined account password rule or click Add to add a new account password rule. An account password rule is a complexity rule that governs the construction of the new password created by Safeguard for Privileged Passwords during an automatic password change. For more information, see Adding an account password rule.

  9. Click OK to save your selections and create the profile.

  10. When creating a new profile, the Password Sync Groups tab is not available. This tab is displayed while editing a profile. You can use the Password Sync Groups tab to add or update a password sync group governed by the profile change schedule. For more information, see Password sync groups.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen