Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

FIDO2 keys (web client)

If the FIDO2 feature is enabled, at least one FIDO2 key must be registered. When a key is added, the placeholder name is Unnamed Key. You can enter a meaningful name or later edit the name. It is recommended that all users have more than one key registered in case a key is lost or damaged.

  1. In the upper right corner, next to your user name, click .
  2. Click Manage FIDO2 Keys. The name and date each existing key was registered and last used displays.
  3. Perform an action:
    • To change a name, enter the new name, then click Save.
    • To remove a key, click Remove by the key. One key must remain registered. If a physical security key is lost, always delete the associated key from Safeguard for Privileged Passwords.
    • To add a key, click Register New FIDO2 Key.
      1. You will be asked to insert or connect to the new key.
      2. You will be prompted to reenter your primary credentials for verification.

      3. Tap or activate your new FIDO2 key that is being registered.

      4. You may then go back to the Manage FIDO2 Key page and give your newly registered key a name, then click Save.

  • For more information, see Requiring secondary authentication log in.

  • Log out (web client)

    Always securely log out of the web client.

    To log out

    1. In the upper right corner, next to your user name, click .
    2. Click Log out to securely exit the Safeguard for Privileged Passwords web client.

    Installing the desktop client

    To define and enforce security policy for your enterprise, you must first install the desktop client application which gives you access to the Administrative Tools.

    Or, you can use the web client instead of the desktop client, if you Administrator has provided the url location. For more information, see Using the web client.

    These topics explain how to install, start, and uninstall the Safeguard for Privileged Passwords desktop client application:

    Installing the desktop client

    NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

    • Any reference to putty in the PATH environment variable
    • c:/Program Files/Putty
    • c:/Program Files(x86)/Putty
    • c:/Putty

    If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

    <user-home-dir>/AppData/Local/Safeguard/putty.

    If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

    Installing the Safeguard for Privileged Passwords desktop client application

    1. To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:

      https://<Appliance IP>/Safeguard.msi

      Save the Safeguard.msi file in a location of your choice.

    2. Run the MSI package.
    3. Select Next in the Welcome dialog.
    4. Accept the End-User License Agreement and select Next.
    5. Select Install to begin the installation.
    6. Select Finish to exit the desktop client setup wizard.

    Installing the Desktop Player

    CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.

    1. Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
    2. Follow the Install Safeguard Desktop Player section of the player user guide found here:

      1. Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
      2. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
    3. For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.

    New Desktop Player versions

    When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.

    Documents connexes