Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 6.0.10 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

General tab (account)

The General tab lists information about the selected account.

Large tiles at the top of the tab display the number of Access Request Policies, Account Groups, and Dependent Assets associated with the selected account. Clicking a tile heading opens the corresponding tab. The time stamps for the password and SSH key check and change transactions are based on the user's local time.

Navigate to Administrative Tools | Accounts | General. Information for the account displays. Not all the information listed below is applicable for every account.

Table 16: Accounts General tab: General properties
Property Description
Name The name of the selected account.

Distinguished Name

For LDAP platforms, the fully qualified distinguished name (FQDN) for the service account

Domain Name (for directories)

The name of the domain where the account was discovered

SID (for directories)

Security IDentifer for a Windows account.

Asset

The display name of the managed system associated with this account. Accounts are only associated with one asset.

Partition The name of the partition where the selected account resides.
Profile

The name of the profile that governs the accounts assigned to a partition.

Password Sync Group

If assigned, the password sync group to control password validation and reset across all associated accounts.

Account Discovery Job

The account discovery job with rule-based settings to discover all accounts that are assigned to the assets in a selected partition, that are made available globally, or that meet the rules criteria.

Date/Time Discovered

The date and time when the account was discovered.

Discovered User ID

The User ID of the discovered account.

Discovered Groups (for directories)

The groups in which the account is a member. Click the link to go to the Discovered groups dialog to view the groups.

Enable Password Request True or False, indicating whether password release requests are enabled for this account.
Enable Session Request True or False, indicating whether session access requests are enabled for this account.

Available for use across all partitions (Global Access for directories)

When selected, any partition is able to use this account and the password is given to other administrators. For more information, see Adding an Account Discovery rule.

Last Successful Password Check

The date and time of the last successful password validation.

Password Check Failures

Displays the number of password check tasks that failed.

Next Password Check

The date and time of the next automated password check as set in the Check Password schedule of the partition profile. For more information, see Adding check password settings.

Last Successful Password Change

The date and time of the last successful password change.

Next Password Change

The date and time of the next automated password change as set in the Change Password schedule of the partition profile. For more information, see Adding change password settings.

Password Change Failures

Displays the number of password change tasks that failed.

Last Successful SSH Key Change

The date and time of the last successful SSH key change.

SSH Key Change Failures

Displays the number of SSH key change tasks that failed.

Next SSH Key Change

The date and time of the next SSH key change.

Tags: Tag assignments for the selected account.

The tiles displayed in the Tags pane include both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.

NOTE: Dynamically assigned tags contain a lightening bolt icon and cannot be deleted. Static tags which can be removed contain an X icon.

Description: Information about selected account.

Related Topics

Modifying an account

Access Request Policies tab (account)

The Access Request Policies tab displays the entitlements and access request policies, including password release policies and session request policies, associated with the selected account.

Navigate to Administrative Tools | Accounts | Access Request Policies.

Table 17: Accounts: Access Request Policies tab properties
Property Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the access request policy that governs the selected account.

Accounts

The number of unique accounts in the account groups that are associated with the access request policy.

# Account Groups

The number of unique account groups in the access request policy.

Account Groups

The names of the account groups that associate the selected account with the policy.

Use these buttons on the details toolbar to manage your access request policies associated with the selected account.

Table 18: Accounts: Access Request Policies tab toolbar
Option Description

Add to Policy

Add the selected account to the scope of an access request policy.

Remove Selected

Remove the selected policy.

Refresh

Update the list of access request policies.

Details

View and edit details about the selected access request policy. For more information, see Creating an access request policy.

Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box.

Account Groups tab (account)

The Account Groups tab displays the account groups that contain the selected account. The Account Groups tab is only available to a user with Auditor permissions.

Navigate to Administrative Tools | Accounts | Access Request Policies.

Click  Add Account Group from the details toolbar to add the selected account to one or more account groups.

Table 19: Accounts: Account Groups tab properties
Property Description

Name

The account group name.

Dynamic

A check mark in this column indicates that the group is a dynamic account group.

Description

Information about the account group.

Use these buttons on the details toolbar to manage the account groups.

Table 20: Accounts: Access Request Policies tab toolbar
Option Description

Add Account Group

Add the selected account an account group.

Remove Selected

Remove the selected account group from the account.

Refresh

Update the list of account groups assigned to the selected account.

Search

To locate a specific account group in this list, enter the character string to be used to search for a match. For more information, see Search box.

Related Topics

Adding an account to one or more account groups

Dependent Assets (account)

The Dependent Assets tab only displays for a directory asset and displays the assets that have dependency on the selected directory account. Dependencies are created via Administrative Tools | Assets, Account Dependencies tab, then Add Account. For more information, see Adding account dependencies.

Navigate to Administrative Tools | Accounts | Dependent Assets.

Table 21: Accounts: Dependent Assets tab properties
Property Description

Name

The Windows asset name

Network Address

The network DNS name or IP address of the managed system

Platform

The platform of the selected managed system

Asset Partition

The partition where the Windows asset is assigned

Use these buttons on the details toolbar to manage the dependent assets.

Table 22: Accounts: Access Request Policies tab toolbar
Option Description

Refresh

Update the list of dependent assets assigned to the selected account.

Search

To locate a specific dependent asset in this list, enter the character string to be used to search for a match. For more information, see Search box.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation