One Identity Safeguard for Privileged Passwords can manage cloud platform accounts such as Amazon Web Services (AWS).
Before you add cloud platform accounts to Safeguard for Privileged Passwords, you must first add an asset with which to associate the accounts. For more information, see Preparing Amazon Web Services platforms.
( desktop client) To add a cloud platform account
- Log in to Safeguard for Privileged Passwords and navigate to Administrative Tools.
- In Assets, click Add Asset from the toolbar.
-
In the General tab:
- Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts.
- (Optional) Description: Enter a description for the asset.
- Partition: Select the partition you want Safeguard for Privileged Passwords to use to manage the cloud platform account passwords or SSH keys.
- Password Profile: Click Browse then select the profile you want to use to manage the cloud platform account passwords.
- SSH Key Profile: Click Browse then select the profile you want to use to manage the cloud platform SSH keys.
-
In the Management tab:
- Product: Select the appropriate product, such as Amazon Web Services.
- Version: For Amazon Web Services, select the version.
- Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.
-
For Amazon Web Services, in the Connection tab, select one of the following:
-
Access Key to authenticate to the asset using an access key. Enter the following information:
- Service Account Name: Enter the configured IAM service account.
- Access Key ID: Enter the Access Key ID created for the IAM service account.
- Secret Key: Enter the Secret Key created for the IAM service account.
- None to not authenticate to the asset and manually manage the asset.
-
- Click Add Asset to save.
Once you add the cloud platform asset, you can associate accounts with it.
( desktop client) To add an account to the cloud platform
- In Assets, select the cloud platform asset and switch to the Accounts tab.
- Click Add Account from the details toolbar.
- In the Name field, enter the cloud platform account username, email address, or phone number.
- (Optional) Enter a Description.
- Browse to select a profile to govern this account.
- Ensure the Enable Password Request option is checked.
- Click Add Account.
- Click Add Account to save.
Now you can manually check, change, or set the cloud platform account password; and, Safeguard for Privileged Passwords can automatically manage the password according to the Check and Change settings in the profile governing the account.
( desktop client) To check out the cloud platform account
- Add a cloud platform Account Group and add the accounts to the group.
- Add an entitlement for the cloud platform accounts.
- Add users to the entitlements.
- Add a password release policy to the entitlement.
- Add the cloud platform Account Group to the scope of the policy.
( web client) To add a cloud platform account
- Navigate to Asset Management | Assets.
- Click New Asset from the toolbar.
-
In the General tab:
- Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts.
- (Optional) Description: Enter a description for the asset.
-
In the Connection tab:
- Platform: Select the appropriate product, such as Amazon Web Services.
- Version: For Amazon Web Services, select the version.
- Architecture: Enter the product's system architecture.
- Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.
- Authentication type: Select one of the following:
-
Access Key to authenticate to the asset using an access key. Enter the following information:
- Service Account Name: Enter the configured IAM service account.
- Access Key ID: Enter the Access Key ID created for the IAM service account.
- Secret Key: Enter the Secret Key created for the IAM service account.
- None to not authenticate to the asset and manually manage the asset.
-
- Click OK to save.
Once you add the cloud platform asset, you can associate accounts with it.
( web client) To add an account to the cloud platform
- In Assets, select the cloud platform asset and switch to the Accounts tab.
- Click New Account from the details toolbar.
- In the Name field on the General tab, enter the cloud platform account username, email address, or phone number.
- (Optional) Enter a Description.
- On the Management tab, ensure the Enable Password Request option is checked.
- Click Browse to select a profile to govern this account.
- Click Add Account.
- Click OK to save.
Now you can manually check, change, or set the cloud platform account password; and, Safeguard for Privileged Passwords can automatically manage the password according to the Check and Change settings in the profile governing the account.
( web client) To check out the cloud platform account
- Add a cloud platform Account Group and add the accounts to the group.
- Add an entitlement for the cloud platform accounts.
- Add users to the entitlements.
- Add a password release policy to the entitlement.
- Add the cloud platform Account Group to the scope of the policy.