Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Adding users or user groups to an account

When you add users to an account, you are specifying the users or user groups that have ownership of an account.

It is the responsibility of the Asset Administrator (or delegated partition owner) to add users and user groups to accounts. The Security Policy Administrator only has permission to add groups, not users. For more information, see Administrator permissions.

To add users to an account

  1. Navigate to Asset Management | Accounts.
  2. In Accounts, select an account from the object list and click View Details.
  3. Open the Owners tab.
  4. Click  Add on the Account Owners, Asset Owners, and/or Partition Owners tabs.
  5. Select one or more users or user groups from the list in the Users/User Groups dialog.
  6. Click Select Owners to save your selection.

Checking, changing, or setting an account password

The Asset Administrator can manually check, change, or set an account password from the Account Security menu.

To manually check, change, or set an account password

  1. Navigate to Asset Management | Accounts.

  2. In Accounts, select an account from the object list.
  3. Click  Account Security from the toolbar.

    Select one of these options.

    • Check Password to verify the account password is in sync with the Safeguard for Privileged Passwords database. If the password verification fails, you can change it.
    • Change Password to reset and synchronize the account password with the Safeguard for Privileged Passwords database.
    • Set Password to set the account password in the Safeguard for Privileged Passwords database. The Set option does not change the account password on the asset. The Set Password option provides the following options.
      • Manual Password: Use this option to manually set the account password in the Safeguard for Privileged Passwords database.
        1. In the Set Password dialog, enter and confirm the password. Click Set Password to update the Safeguard for Privileged Passwords database.
        2. Set the account password on the physical device to synchronize it with the Safeguard for Privileged Passwords database.
      • Generate Password: Use this option to have Safeguard for Privileged Passwords generate a new random password, that complies with the password rule that is set in the account's profile.
        1. In the Set Password dialog, click Generate Password.
        2. Click  Copy Password to put it into your copy buffer.
        3. Log in to your device (using the old password), and change it to the password in your copy buffer.
        4. Click Set Password to change the password in the Safeguard for Privileged Passwords database.

Viewing password archive

The Asset Administrator can access a previous password for an account for a specific date.

The Password Archive dialog only displays previously assigned passwords for the selected asset based on the date specified. This dialog does not display the current password for the asset. The password archive is never purged.

You view an account's password validation and reset history on the Check and Change Log tab.

To access an account's previous password

  1. Navigate to Asset Management | Accounts.
  2. Select an account and click Password Archive.

  3. In the Password Archive dialog, select a date. If you select today's date (or a previous date) and no entries are returned, this indicates that the asset is still using the current password.

  4. In the View column, click to display the password that was assigned to the asset at that given date and time.
  5. In the details dialog, click Copy to copy the password to your copy buffer.

Checking, changing, or setting an SSH key

The Asset Administrator can manually check, change, or set an SSH key from the Account Security menu.

To manually check, change, or set an SSH key

  1. Navigate to Asset Management | Accounts.
  2. In Accounts, select an account from the object list.
  3. Click  Account Security from the toolbar.

    Select one of these option.

    • Check SSH Key to verify the account SSH key is in sync with the Safeguard for Privileged Passwords database. If the SSH key verification fails, you can change it.
    • Change SSH Key to reset and synchronize the SSH key with the Safeguard for Privileged Passwords database. For service accounts, use this selection and do not use Generate SSH Key to change the SSH key.
    • Set SSH Key to set the SSH key in the Safeguard for Privileged Passwords database. The Set SSH Key option does not change the account SSH key on the asset. The Set SSH Key option provides the following options.
      • Generate an SSH Key: Generate a new SSH key and assign it to the account. The SSH key complies with the SSH key rule that is set in the account's profile.

        CAUTION: Do not generate a new SSH key for a service account because the connection to the asset will be lost. Instead, use Account Security : Change SSH Key.

        After you select Generate, the key is generated and saved in the Safeguard for Privileged Passwords database. The following fields display.

        • Account: The account name
        • Fingerprint: The fingerprint of the SSH key used for authentication
        • Key Comment: Information about the SSH key
        • Type: The SSH authentication key type, such as RSA or DSA. For more information, see SSH Key Profiles.
        • Length: The length of the SSH authentication key. For more information, see SSH Key Profiles.
        • Public Key: The generated key; click  Copy to put it into your copy buffer. You can then log in to your device, using the old SSH key, and change it to the SSH key in your copy buffer.

      • Import an SSH Key: Import a private key file for an SSH key that has been generated outside of Safeguard for Privileged Passwords and assign it to the account. Click Browse to import the key file, enter a Password, then click OK.

        When importing an SSH key that has already been manually configured for an account on an asset, it is recommended that you first verify that the key has been correctly configured before importing the key. For example, you can run an SSH client program to check that the private key can be used to login to the asset: ssh -i <privatekeyfile> -l <accountname> <assetIp>. Refer to the OpenSSH server documentation for the target platform for more details on how to configure an authorized key.

        NOTE:Safeguard for Privileged Passwords does not currently manage the options for an authorized key. If an imported key has any options configured in the authorized keys file on the asset, these options will not be preserved when the key is rotated by Safeguard for Privileged Passwords.

      • Deploy SSH Key: If not already configured, install the account's current SSH key on the asset in the correct file for the account.
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation