A SPP account is a unique identifier that SPP uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, SPP permanently deletes all the accounts associated with it.

The Auditor and the Asset Administrator have permission to access Accounts.

On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.

Service accounts are designated with a Service Account icon. For more information, see About service accounts.

To access Accounts, in the web client, navigate to Asset Management > Accounts. If needed, you can use the partition drop-down to select the parent partition of the account. Select an account, then click to display additional information and options.

Selecting one of the accounts displays the following information:

  • Properties (account): Displays general information about the selected account. It also allows you to manage Passwords, SSH keys, API keys, and TOTP authenticators for the account.

  • Owners tab (account): Displays information about the owners of the account.

  • Dependent Assets (account): (Directory assets) Displays the assets that have dependency on the selected directory account. This tab only displays for a directory asset and displays the assets that have dependency on the selected directory account.

  • Check and Change Log tab (account): Displays the password and SSH key validation and reset history for the selected account.

  • Discovered Services tab (account): (Windows and Active Directory accounts) Displays information on the services dependent to a selected account.

  • Discovered SSH Keys (account): Displays the SSH keys discovered on the account.

  • History tab (account): Displays the details of each operation that has affected the selected account.

For information about configuring Account Discovery in SPP, see Account Discovery job workflow.

Use these toolbar buttons to manage accounts.

  • New Account: Add accounts to SPP. Adding an account.

  • Delete: Remove the selected account. Deleting an account.

  • View Details: Select an account then click this button to open additional information and options for the account.

  • Account Secrets: Possible menu options include:

    • Check Password

    • Change Password

    • Check SSH Key

    • Change SSH Key

  • Access Request: Allows you to enable or disable access request services for the selected account. Menu options include:

    • Enable Password Request

    • Disable Password Request

    • Enable Session Request

    • Disable Session Request

    • Enable SSH Key Request

    • Disable SSH Key Request

    • Enable API Key Request

    • Disable API Key Request

  • Discover SSH Keys: Run the SSH Key Discovery job.

  • Show Disabled: Display the accounts that are not managed and are disabled and have no associated assets.

    • Click Disable to prevent SPP from managing the selected account.

    • Click Enable to manage the selected account and assign it to the scope of the default profile.

  • Hide Disabled: Hide the accounts that are not managed and are disabled and have no associated assets.

    • Click Disable to prevent SPP from managing the selected account.

    • Click Enable to manage the selected account and assign it to the scope of the default profile.

  • Import: Click this to open a drop-down menu from which you can select to add accounts, passwords, or SSH keys to One Identity Safeguard for Privileged Passwords using a CSV file. For more information, see Importing objects.

  • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

  • Refresh: Update the list of accounts.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box..