Chat now with support
Chat mit Support

Safeguard Remote Access Hosted - Administration Guide

Introduction Prerequisites Limitations Getting started Administrator-side use cases User-side use cases Appendix Glossary

Enabling role-based access control

Role-based access control (RBAC) is used to define which user groups have access to which resources and workflows in One Identity Safeguard Remote Access (SRA). RBAC is not enabled automatically when you group roles and connections in SRA. You must enable it manually.

For the RBAC functionality to work, at least one Azure Active Directory must be registered and consented under Starling Settings > Manage Directories in One Identity Starling.

Figure 21: Starling Settings > Directory Services > Manage Directories

Figure 22: Manage Directories > Register Directory — Registering active directories to your One Identity Starling organization.

To register or remove active directories, the user must be a One Identity Starling organization admin.

If no active directory is registered in One Identity Starling, the role assignment functionality will be unavailable for both administrators and users. You can check this by opening the (Options) menu of a connection card. If RBAC in unavailable, the Role assignments menu item will be grayed out.

NOTE: As RBAC is a central feature, when enabled, it applies to all groups created later. When you disable RBAC, all groups governed by this feature lose access to SRA. If you want to remove access rights from certain groups, that must be done one by one.

To enable role-based access control in SRA

  1. Click (Settings) and select Safeguard Remote Access Settings.

  2. Find Features > Role-based access control (RBAC).

  3. Slide the toggle to enable RBAC.

NOTE: Disabling the RBAC functionality with the toggle affects only regular users. Administrators can still access RBAC functionalities when the Role-based access control (RBAC) toggle is disabled.

Enabling semi-managed network

Improve your network performance and latency with the semi-managed network functionality of One Identity Safeguard Remote Access (SRA). Depending on your network configuration, you may have one or multiple SPS nodes available. With semi-managed network, you can select which SPS node to use in your network when you initiate a connection.

To initiate a connection with a specific SPS node

  1. Navigate to the SRA Connections page and find the connection tile you want to work with.

  2. Open the dropdown menu of that connection tile's Network field and search for the name of the SPS node you want to use for initiating this connection.

    Figure 23: Connections > The connection tile of your choice > Network — Selecting a SPS node for your session

    NOTE: Your selection will not be saved for future reference. You must set your preferences every time you initiate a new connection.

  3. Click Connect.

By default, SRA will select a SPS node randomly from the available pool of SPSs in your network. To enable the semi-managed network functionality, go to Safeguard Remote Access Settings > Features > Semi-managed network. If you have only one SPS node configured in your network, then the name of that SPS node in the Network field will be grayed out and the dropdown menu will not be available.

Cloning connections

Cloning a connection means that you can connect to a different account with the same permissions.

To clone a connection

  1. Go to the Connections page and select the connection you would like to clone.

  2. Click (Options) on the connection card.

  3. Select Clone & Customize. The Add new user to target server side sheet will open.

    Asset, access protocol and policy information are prefilled, as this is an existing connection.

  4. Specify the Account and Domain names for the new connection.

  5. In the Permissions field, select an existing account to copy permissions from (for example, root or Administrator).

  6. Click Create.

Figure 24: Connections > Connection card > > Clone & Customize > Permissions — Cloning a connection

To clone a connection multiple times, use the Create another option.

To clone a connection multiple times

  1. Follow steps 1-4 of the To clone a connection procedure.

    Permissions are cloned from the connection that was last created.

  2. Select Create another.

    Figure 25: Connections > Connection card > > Clone & Customize > Add new user to target server > Create another — Cloning a connection multiple times

  3. Click Create.

Expected result: The connections that you have created are listed on the Connections page.

As long as Create another is selected, the side sheet will remain visible and you can create as many clones of the connection as you require, by clicking Create repeatedly.

Deleting a connection

When you no longer want to access a connection, delete it from One Identity Safeguard Remote Access (SRA).

To delete a connection

  1. Navigate to the Connections page and select the connection you want to delete.

  2. Click (Options) on the connection card.

  3. Select Delete.

    Figure 26: Connections > > Delete — Deleting a connection

  4. Click Delete.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen