None
When the asset's Authentication Type on the Connection tab is set to None, Safeguard for Privileged Passwords does not manage any accounts associated with the asset and does not store asset related credentials.
All assets must have a service account in order to check and change the passwords for the accounts associated with the asset.
Select the Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server. For more information, see Adding an archive server.
Attributes tab (add asset desktop client)
The Attributes tab is used to add attributes to directory assets, including Active Directory and LDAP. For more information, see Adding identity and authentication providers.
IMPORTANT: Some Active Directory attributes are fixed and cannot be changed.
Table 75: Active Directory and LDAP: Attributes tab
Users |
Object Class |
Default: user for Active Directory, inetOrgPerson for LDAP
Click Browse to select a class definition that defines the valid attributes for the user object class. |
User Name |
sAMAccountName for Active Directory, cn for LDAP |
Password |
userPassword for LDAP |
Description |
description |
MemberOf |
Blank by default, this attribute can be set to a directory schema attribute that contains the list of directory groups of which the user is a member. |
Alternate Login Name |
userPrincipalName
NOTE:
By default the Alternate Login Name attribute for directories is set to userPrincipalName, however another directory attribute containing a UPN type account name can be used.
This attribute can be used in conjunction with the API's UseAltLoginName setting (disabled by default) which will instead use the Alternate Login Name as the account name. The API is PUT https://<host>/service/core/v3/AccessPolicies/{id} where the {id} is the id of the accessPolicy where you'll set the UseAltLoginName to true. UseAltLoginName is a boolean field on the asset data object. |
Groups |
Object Class |
Default: group for Active Directory, groupOfNames for LDAP
Click Browse to select a class definition that defines the valid attributes for the computer object class. |
Name |
sAMAccountName for Active Directory, cn for LDAP |
Member |
member |
Computer Attributes |
|
Object Class |
Default: computer for Active Directory, ipHost for LDAP
Click Browse to select a class definition that defines the valid attributes for the computer object class. |
Name |
cn |
Network Address |
dNSHostName for Active Directory, ipHostNumber for LDAP |
Operating System |
operatingSystem for Active Directory |
Operating System Version |
operatingSystemVersion for Active Directory |
Description |
description |
Adding an asset (web client)
It is the responsibility of the Asset Administrator to add assets and accounts to Safeguard for Privileged Passwords.
Safeguard for Privileged Passwords allows you to set up Asset Discovery jobs that run automatically. For more information, see Asset Discovery job workflow.
Before you add systems to Safeguard for Privileged Passwords, make sure they are properly configured. For more information, see Preparing systems for management.
NOTE: There are special considerations for adding an MS SQL asset to Safeguard. See KB 261806 for details.
( web client) To add an asset
- Navigate to Asset Management | Assets.
- Click New Asset from the toolbar.
-
In the dialog, provide information in each of the tabs:
General tab (add asset web client)
Use the General tab to specify general information about the asset.
Table 76: Asset: General properties
Name |
(Required) Enter a unique display name for the asset.
Limit: 100 characters |
Description |
(Optional) Enter information about this managed system.
Limit: 255 characters |