Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Access Request Policies (asset)

The Access Request Policies tab displays the entitlements and access request policies, including password and SSH key release policies and session request policies, associated with the selected asset. This information is available to users that have both Asset Administrator and Policy Administrator permissions.

To access Access Request Policies:

  • web client: Navigate to Asset Management > Assets > (View Details) > Access Request Policies.
Table 97: Assets: Access Request Policies tab properties
Property Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the access request policy that governs the selected account.

Accounts

The number of unique accounts in the account groups that are associated with the access request policy.

# Account Groups

The number of unique account groups in the access request policy.

Account Groups

The names of the account groups that associate the selected account with the policy.

Assets

The number of unique assets in the asset groups that are associated with the access request policy.

# Asset Groups

The number of unique assets groups in the access request policy.

Asset Groups

The names of the asset groups that associate the selected account with the policy.

Use these buttons on the details toolbar to manage the dependent assets.

Table 98: Assets: Access Request Policies tab toolbar
Option Description

Add to Policy

Add the selected asset to the scope of an access request policy.

Remove Selected

Remove the selected policy.

Refresh

Update the list of access request policies.

Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box.

Owners tab (asset)

The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.

To access Owners:

  • web client: Navigate to Asset Management > Assets > (View Details) > Owners.

The Owners tab has two views: Asset Owners and Partition Owners.

Table 99: Assets: Owners tab properties
Property Description

Asset Owners

Type

The type of owner.

Name

The name of the owner.

Provider

The name of the authentication provider.

Direct

This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

Via Tag

This column indicates the ownership of the object was assigned through the use of a tag.

Partition Owners

Type

The type of user or group.

Name

The name of the user or group.

Provider

The name of the authentication provider.

Use the following buttons on the details toolbar to manage the objects owned by the selected asset.

Table 100: Assets: Owners toolbar
Option Description

Add

Add one or more users or user groups to the selected asset. For more information, see Adding users or user groups to an asset.

Remove

Remove the selected object from being a manager of the selected asset. You can only remove objects directly assigned to an asset (as opposed to those assigned via the use of a tag).

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of owners/managers.

Search

To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box.

Discovered SSH Keys (asset)

The Discovered SSH Keys tab displays the discovered SSH keys for all the accounts of this asset.

To access Discovered SSH Keys:

  • web client: Navigate to Asset Management > Assets > (View Details) > Discovered SSH Keys.
Table 101: Assets: Discovered SSH Keys tab properties
Property Description

Fingerprint

The fingerprint of the SSH key used for authentication.

Account Status

The status of the Safeguard account.

SSH Key Managed

This column will have a check mark indicating the SSH key currently in use on the account.

Comment

Free form comment.

Key Type

SSH key identity type such as RSA or DSA. For more information, see SSH Key Profiles.

Key Length

The supported RSA or DSA key length displays.

Asset Name

Name of the asset associated with the account.

Account

The name of the account where the SSH key was discovered.

Date/Time Discovered

The date and time when the SSH key was discovered.

Use these buttons on the details toolbar.

Table 102: Assets: Discovered SSH Keys tab toolbar
Option Description

Revoke

Use this button to revoke access for unmanaged SSH keys.

Refresh

Update the list of dependent assets assigned to the selected account.

Search

To locate a specific dependent asset in this list, enter the character string to be used to search for a match. For more information, see Search box.

Discovered Services tab (asset)

The Discovered Services tab displays information specific to the selected asset and is applicable only to Windows assets.

To access Discovered Services:

  • web client: Navigate to Asset Management > Assets > (View Details) > Discovered Services.

Use these buttons to manage the discovered services.

Table 103: Discovered Services: Toolbar
Option Description
Discover Services

Run the selected service discovery job.

IMPORTANT: Before running a service discovery job, ensure you have used unique names for the services. Services with identical names but different service types may not be accurately discovered. For example, an account/asset using the name test1 that appears under both Windows and Windows SSH will only return one discovery result despite there being 2 assets/accounts.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of service discovery jobs.

Search

To locate one or more assets, enter the character string to be used to search for a match. For more information, see Search box.

The following displays for each discovered service.

Table 104: Assets: Discovered Services tab properties
Property Description

Account

The account in Safeguard that maps to the discovered account associated with the discovered service or task on the asset. This can be a local account or an Active Directory account.

Domain Name

The domain name of the account if the account is an Active Directory account.

System Name

The asset to which the account is associated.

Account Status

The status of the Safeguard account.

Dependent Account

A check displays if the account is associated as an account dependency on the asset. The value is blank if the account is not associated as an account dependency of the asset.

Service Type

Type of service discovered. Values may be Service or Task.

Service Name

The name of the discovered service or task.

Service Enabled

A check displays if the service or task on the asset is enabled. If there is no check mark, the service or task is disabled.

Discovered Account

The discovered service account name configured.

Date/Time Discovered

The date and time when the service or task was discovered.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation