Adding an account to a partition
On the web client, use the Accounts tab on the Partitions view to add an account to a partition.
You can manage tasks and services on a domain controller (DC) asset. For more information, see Using a domain controller (DC) asset.
To add an account to an asset
-
Navigate to Asset Management > Partitions.
-
Select a partition and click View Details.
-
Open the Accounts tab.
- Click New Account from the details toolbar.
-
In the Select the asset for the new account dialog, select an asset to associate with this account then click Select Asset.
-
In the New Account dialog, enter the following information:
-
On the General tab:
-
On the Management tab:
-
Enable Password Request: This check box is selected by default, indicating that password release requests are enabled for this account. Clear this option to prevent someone from requesting the password for this account. By default, a user can request the password for any account in the scope of the entitlements in which they are an authorized user.
-
Enable Session Request: This check box is selected by default, indicating that session access requests are enabled for this account. Clear this option to prevent someone from requesting session access using this account. By default, a user can make an access request for any account in the scope of the entitlements in which they are an authorized user.
-
Available for use across all partitions (Only available for some types of directory accounts): When selected, any partition can use this account and the password is given to other administrators. For example, this account can be used as a dependent account or a service account for other assets. Potentially, you may have assets that are running services as the account, and you can update those assets when the service account changes. If not selected, partition owners and other partitions will not know the account exists. Although archive servers are not bound by partitions, this option must be selected for the directory account for the archive server to be configured with the directory account.
-
Click OK.
Removing assets from a partition
You cannot remove assets from a partition.
You can reassign the asset to another partition either from the scope of the other partition or from an asset's General properties. For more information, see Assigning an asset to a partition.
When you associate an asset to a partition, all the accounts associated with that asset, are also added to the scope of that partition. For more information, see About profiles.
Adding users or user groups to a partition
When you add users to a partition, you are specifying the users or user groups that have ownership of a partition.
It is the responsibility of the Asset Administrator to add users and user groups to partitions. The Security Policy Administrator only has permission to add groups, not users. For more information, see Administrator permissions.
To add users to a partition
- Navigate to Asset Management > Partitions.
- In Partitions, select a partition from the object list and click View Details.
- Open the Owners tab.
- Click Add.
-
Select one or more users or user groups from the list in the Users/User Groups dialog.
- Click Select Owners to save your selection.
Creating a password profile
It is the responsibility of the Asset Administrator or the partition's delegated administrator to add password profiles to partitions.
To add a password profile to a partition
-
Navigate to Asset Management > Partitions.
-
In Partitions, select a partition from the object list and click View Details.
-
Open the Password Profiles tab.
-
Click New Profile from the details toolbar.
-
On the General tab, supply the following information:
-
Name: Enter a unique name for the profile. Limit: 50 characters
-
Description: Enter information about this profile. Limit: 255 characters
-
On the Check Password tab, select a previously defined check password setting from the drop-down menu or click Add to add a new check password setting. These are the rules used to verify account passwords. For more information, see Adding check password settings.
-
On the Change Password tab, select a previously defined change password setting from the drop-down menu or click Add to add a new change password setting. These are the rules used to reset account passwords. For more information, see Adding change password settings.
-
On the Account Password Rule tab, select a previously defined account password rule or click Add to add a new account password rule. An account password rule is a complexity rule that governs the construction of the new password created by Safeguard for Privileged Passwords during an automatic password change. For more information, see Adding an account password rule.
- Click OK to save your selections and create the profile.
-
When creating a new profile, the Password Sync Groups tab is not available. This tab is displayed while editing a profile. You can use the Password Sync Groups tab to add or update a password sync group governed by the profile change schedule. For more information, see Password sync groups.