One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Click Select Account. Choose the service account name used for management tasks. The accounts available for selection are domain user accounts that are linked to a directory that was previously added to Safeguard for Privileged Passwords.

If required, enter the password used to authenticate.

If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change SSH keys and to discover accounts.

Sudo commands follow.

• AuthorizedKeyCommand

• cat
• chmod
• chown
• chuser
• cp
• dscacheutil
• dscl
• echo
• egrep
• find
• grep
• host
• ls
• mkdir
• modprpw (hpux only)
• mv
• psswd
• pwdadm
• rm
• sed
• sshd
• ssh-keygen
• tee
• test
• touch
• usermod

When adding an asset, this command is used to perform Test Connection. For more information, see About Test Connection.

The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Preparing Unix-based systems.

The limit is 255 characters.

Click this button to verify that Safeguard for Privileged Passwords can log in to this asset using the service account credentials you have provided. For more information, see About Test Connection.

Select to use the Named Pipe when connecting to the asset. Clear this check box to use TCP/IP when connecting to the asset.

Selected by default, this option is used to enable Safeguard to encrypt communication with this asset.

To support SSL on Active Directory, you must upload the SSL certificate being used by the Active Directory forest. The SSL binds will need to be on port 636. For information on this process within Active Directory, see Enable LDAP over SSL with a third-party certificate authority.

If you do not select this option for a MicrosoftSQL Server that is configured to force encryption, Test Connection will use untrusted encryption and succeed with valid credentials. For more information about how Safeguard database servers use SSL, see How do Safeguard for Privileged Passwords database servers use SSL.

Use this option to enable or disable SSL Certificate verification on the asset. When enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the Trusted CA Certificates store every time Safeguard for Privileged Passwords connects to the asset. Trust must be established for Safeguard for Privileged Passwords to manage the asset. For Safeguard for Privileged Passwords to verify an SSL certificate, you must add the asset's signing authority certificate to the Trusted CA Certificates store. Only clear the Verify SSL Certificate option if you do not want to establish trust with the asset.

Select this option to have Safeguard for Privileged Passwords automatically accept an SSH host key. When an asset requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures.

Specify the Instance name if you have configured multiple instances of a SQL Server on this asset. If you have configured a default (unnamed) instance of the SQL Server on the host, you need to provide the IP address and port number.

Enter the port number to log in to the asset. This option is not available for all operating systems.