Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 7.3 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Asset Discovery Results

You can view the results of running one or more Asset Discovery jobs.

To view asset discovery results

  1. Navigate to Asset Management > Discovery > Assets > (add or edit a Asset Discovery job).
  2. On the Asset Discovery Results tab:
    • Select the time frame of the completed jobs you want to display which ranges from the last 24 hours to the last 7, 30, 60, or 90 days. Or, click Custom to create a custom time frame.
    • Click Refresh to refresh the results.
  3. Click Search and enter the character string to be used to search for a match. For more information, see Search box.
  4. Click a column to sort the column information displayed for each job:
    • Date/Time: The most recent date and time the Asset Discovery job successfully ran.
    • User: The user who ran the job or Automated System, if the job is run on an automated schedule.
    • Event: The outcome of running the Asset Discovery job event, which may be Asset Discovery Succeeded, Asset Discovery Failed, or Asset Discovery Started.
    • Partition: The partition in which the discovered assets will be managed.
    • Appliance: The name of the Safeguard for Privileged Passwords Appliance.
    • Directory: If applicable, the name of the directory on which the Asset Discovery job ran.
    • # Assets: The number of asset found during the discovery job; click to view details.

Account Discovery

Account Discovery jobs include the rules Safeguard for Privileged Passwords uses to perform account discovery against assets. When you add an Account Discovery job, you can identify whether or not to automatically manage found accounts, whether to discover services, and whether to automatically configure dependent systems.

The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.

To configure and schedule Account Discovery jobs, perform one of the following:

  • You can create or edit an Account Discovery job, then associate assets to the Account Discovery job via the Occurrences button.

    IMPORTANT: You must click Occurrences to associate assets to the Account Discovery job. If you do not associate the assets to the Account Discovery job, the accounts will not be found.

  • You can create or edit an asset and, in the process, assign or create an Account Discovery job. For more information, see Adding an asset.
Supported platforms

Safeguard for Privileged Passwords supports account discovery on the following platforms:

  • AIX
  • HP-UX
  • Linux / Unix (based)
  • MAC OS X
  • Solaris
  • Starling Connect
  • Windows (services and tasks)
  • MySQL
  • Postgres
  • SQL Server
  • Oracle
  • iDrac
  • HP iLO
  • HP iLO MP
Properties and toolbar

Go to Account Discovery:

  • web client: Navigate to Asset Management > Discovery > Accounts.

Use these toolbar buttons to manage the Account Discovery jobs.

Table 136: Account Discovery: Toolbar
Option Description
New Account Discovery Job

Add an Account Discovery job. For more information, see Adding an Account Discovery job.

Delete

Delete the selected Account Discovery job.

View Details

Modify the selected Account Discovery job. You can also double-click a row to open the edit dialog.

Discover Accounts

Discover the accounts on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.

Discover Services

Discover the services on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.

Occurrences

Add, delete, or refresh the assets associated with the Account Discovery job.

IMPORTANT: You must associate the assets to the Account Discovery job for the accounts to be found.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of Account Discovery jobs.

Search

Enter the character string to be used to search for a match. For more information, see Search box.

Account Discovery jobs display in the grid.

Table 137: Account Discovery: Account Discovery job grid
Name Name of the discovery job.
Created By The creator of the job.
Discovery Type The type of discovery performed, for example, Windows, Unix, Starling Connect, or Directory.
Directory The directory on which the discovery job runs.
Partition

The partition in which to manage the discovered assets or accounts.

Schedule

Designates when the discovery job runs.

Discover Services

A check mark displays if the job will discover service accounts.

Auto Configure

A check mark displays if the accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset.

Assets

Total number of assets assigned to the Account Discovery job. A Caution displays if no accounts are assigned to the Account Discovery job therefore no data will be discovered.

Description

The description of the discovery job.

Account Discovery job workflow

Safeguard for Privileged Passwords's Account Discovery jobs discover accounts of the assets that are in the scope of a profile. For more information, see About profiles. Account Discovery jobs can include service discovery.

You can configure, schedule, test, and run Account Discovery jobs. After the job has run, you can select whether to manage the account, if it was not identified to be automatically managed.

  1. Create an Account Discovery job and associate assets or create an asset and associate the Account Discovery job.
  2. Account Discovery jobs can be scheduled to run automatically. In addition you can manually launch these jobs in any of the following ways:

    • From Asset Management > Discovery > Accounts click Discover Accounts or Discover Services.
    • From Asset Management > Assets > (View Details) click Discover Accounts.
  3. After the Account Discovery job runs, you can mark the managed accounts from Discovery > Discovered Items > Accounts:

    • Click  Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
    • Click  Enable to manage the selected account and assign it to the scope of the default profile.

    NOTE: The discovery job finds all accounts that match the discovery rule's criteria regardless of the state and reports only the accounts discovered that do not currently exist. Account Discovery does not update existing accounts.

Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.

Adding an Account Discovery job

It is the responsibility of the Asset Administrator or the partition's delegated administrator to configure the rules that govern how Safeguard for Privileged Passwords performs account discovery. For more information, see Account Discovery job workflow.

To add an Account Discovery job

  1. Navigate to Asset Management > Discovery > Accounts.
  2. Click  New Account Discovery Job to open the New Account Discovery Job dialog.
  3. On the General tab, enter the following information:
    • Name: Enter a name for the account discovery job.
    • Description: Enter a description of the account discovery job.
    • Partition: Use Browse to select the partition in which to manage the discovered accounts. You can also add a new partition from the Select a Partition dialog (accessed via the Browse button) by clicking New Partition.

      IMPORTANT: You cannot change the partition after you save this discovery job.

  4. On the Information tab, enter the following information:

    • Discovery Type: Select the platform (Directory, Role Based, SPS, Starling Connect, Unix, or Windows). Make sure the Discovery Type is valid for the assets associated with the partition selected on the General tab.

    • Discover Services: (For Windows accounts only and deselected by default) Select this check box so that when the discovery job is run, services are discovered.

      If Discover Services is selected, the Automatically Configure Dependent Systems check box is also available. Select this check box so that any directory accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset where the service or task was discovered. Once dependencies are found they can only be removed manually from Account Dependencies tab (asset).

  5. The Account Discovery Rules tab is only available after an account discovery job has been created. For more information, see Adding an Account Discovery rule.

  6. On the Schedule tab, enter the following information:
    • Select a time frame:

      • Never: The job will not run according to a set schedule. You can still manually run the job.
      • Minutes: The job runs per the frequency of minutes you specify. For example, Run Every 30/Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.
      • Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Run Every 2/Hours/@ minutes after the hour 15.

      • Days: The job runs on the frequency of days and the time you enter.

        For example, Run Every 2/Days/Starting @ 11:59:00 PM runs the job every other evening just before midnight.

      • Weeks The job runs per the frequency of weeks at the time and on the days you specify.

        For example, Run Every 2/Weeks/Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.

      • Months: The job runs on the frequency of months at the time and on the day you specify.

        For example, If you select Run Every 2/Months/Starting @ 1:00:00 AM along with Day of Week of Month/First/Saturday, the job will run at 1 a.m. on the first Saturday of every other month.

    • Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.

      For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:

      Enter Run Every 10/Minutes and set Use Time Windows:

      • Start 10:00:00 PM and End 11:59:00 PM
      • Start 12:00:00 AM and End 2:00:00 AM

        An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error as the end time must be after the start time.

      If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.

      For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:

      For days, enter Run Every 2/Days and set Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.

    If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.

  7. Click OK.

    NOTE: Once you have a saved the new account discovery job, the Account Discovery Rules tab will be available and you can add, delete, edit or copy rules. For more information, see Adding an Account Discovery rule.

  8. Select the assets to which the account discovery rule applies using one of these approaches:

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen