Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.2.1 - Administration Guide for Privileged Account Governance

About this guide Managing a Privileged Account Management system in One Identity Manager Synchronizing a Privileged Account Management system
Setting up the initial synchronization of a One Identity Safeguard Customizing the synchronization configuration for One Identity Safeguard Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing PAM user accounts and identities Managing assignments of PAM user groups Login credentials for PAM user accounts Mapping PAM objects in One Identity Manager
PAM appliances PAM user accounts PAM user groups PAM assets PAM asset groups PAM asset accounts PAM directory accounts PAM account groups PAM directories PAM partitions PAM entitlements PAM access request policies Reports about PAM objects
PAM access requests Handling of PAM objects in the Web Portal Basic data for managing a Privileged Account Management system Configuration parameters for managing a Privileged Account Management system Default project template for One Identity Safeguard Editing One Identity Safeguard system objects One Identity Safeguard connector settings Known issues about connecting One Identity Safeguard appliances

One Identity Safeguard connector settings

The following settings are configured for the system connection with the One Identity Safeguard connector.

Table 36: One Identity Safeguard connector settings

Setting

Description

Appliance display name

Display name of the appliance.

Variable: CP_ApplianceDisplay

System identifier

Unique identifier for identifying the appliance.

Variable: CP_ApplianceID

CAUTION: The system identifier must describe the appliance uniquely. Appliances are differentiated on the basis of the system identifier. If you use an identifier more than once for different appliances, it can cause errors and loss of data.

Always connect to the primary cluster node

This option is automatically set if a One Identity Safeguard cluster is detected when the connection is tested. If you use a cluster of multiple One Identity Safeguard appliances, this option should be enabled.

Variable: CP_ConnectPrimaryNode

Appliance host name or IP

Host name or IP address of the appliance. If you use a cluster of multiple One Identity Safeguard appliances, enter the primary appliance here.

Variable: CP_ApplianceHost

Trusted certificate thumbprint

Thumbprint of the trusted certificate that is used by the synchronization user and the user account of the One Identity Manager Service.

Variable: CP_CertificateThumbprint

Ignore SSL connection errors

You should only activate this option for test purposes, because this may lead to potential trusting of insecure connections.

Variable: CP_IgnoreSSLErrors

Default: False

Cluster IPv4 addresses

Semicolon delimited list of IPv4 addresses of an environment consisting of several appliances (clusters).

Variable: CP_ClusterIPv4Addresses

Cluster IPv6 addresses

Semicolon delimited list of IPv6 addresses of an environment consisting of several appliances (clusters).

Variable: CP_ClusterIPv6Addresses

Customize connector definition

You can use this setting to adjust the definition used by the connector.

IMPORTANT: You should only make changes to the connector definition with the help of support desk staff. Changes to this setting will have wide ranging effects on synchronization and must be made carefully.

NOTE: A customized connection definition is not overwritten by default and must be made with careful consideration.

Known issues about connecting One Identity Safeguard appliances

Issue

The following error message is displayed while setting up a synchronization project for One Identity Safeguard:

404: Not Found -- 0:

Cause

An older version of One Identity Safeguard is in use that is not supported by One Identity Manager.

Solution

Ensure you are using One Identity Safeguard version 6.0 or later. For more information, see Synchronizing a Privileged Account Management system.

Issue

The following error occurs in One Identity Safeguard if you request access to an asset from the access request policy section and it is configured for asset-based session access of type User Supplied:

400: Bad Request -- 60639: A valid account must be identified in the request.

The request is denied in One Identity Manager and the error in the request is displayed as the reason.

Solution

The problem is resolved with One Identity Safeguard version 2.6.

Issue

The One Identity Safeguard connector connection to a One Identity Safeguard appliance quits with following errors:

The version <Appliance version> of the connected One Identity Safeguard appliance is not supported by this version of the One Identity Manager Safeguard connector. Error-free operation cannot be guaranteed. The connection is terminated.

The version <safeguard-ps version> of the PowerShell module 'safeguard-ps' does not match the version <Appliance version> of the One Identity Safeguard appliance. The connection is terminated

Cause

The implemented version of this One Identity Safeguard Appliance does not match the version of the safeguard-ps PowerShell module in use.

Solution

Ensure that you use the matching version. Ensure that the major and the minor version of the PowerShell module match the major and the minor version of your One Identity Safeguard appliance.

For more information, see Installing the safeguard-ps PowerShell module.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación