Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Time

Time displays the current appliance time and allows you to enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. In addition, when enabled, the NTP client status can be displayed.

It is the responsibility of the Appliance Administrator to manage the appliance time.

Note: A warning appears if your local time is not within five minutes of the appliance time. One Identity recommends that you set an NTP server to eliminate possible time-related issues.

NOTE:Clustered environments: NTP setting changes are made on the primary appliance in a cluster. When a replica appliance is enrolled into the cluster, it points to the primary appliance's VPN IP address as the Primary NTP Server and the NTP client service is enabled on the replica appliance. When performing a failover operation to promote a replica to be the new primary, the Primary NTP Server is preserved and applied from the 'old' primary appliance.

To enable Network Time Protocol (NTP) and set the primary and secondary NTP servers

  1. Go to Time:
    • In the web client, click  Settings on the left. The Settings: Appliance page displays. Click Time.
    • In the desktop client, navigate to Administrative Tools | Settings | Appliance | Time.
  2. Select the Enable Network Time Protocol (NTP) check box to enable NTP.
  3. Provide the following information:

    • Primary NTP Server: Enter the IP address or DNS name of the primary NTP server.
    • Secondary NTP Server: (Optional) Enter the IP address or DNS name of the secondary NTP server.
  4. Click OK or Save to save your selections.

    When NTP is enabled, the following information about the NTP client status is displayed:

    • Last Sync Time
    • Leap Indicator
    • Poll Interval
    • Precision
    • Reference ID
    • Root Delay
    • Root Dispersion
    • Source
    • Stratum

    NOTE: Select Show Last Sync Details and Hide Details to display more or less information.

Related Topics

How do I set the appliance system time

Updates

It is the responsibility of the Appliance Administrator to update or upgrade One Identity Safeguard for Privileged Passwords by installing an update file to modify the software or configuration of the running appliance.

Download the latest update from:

https://support.oneidentity.com/one-identity-safeguard-for-privileged-passwords/download-new-releases

Embedded sessions

If you are using the embedded sessions module and have never joined Safeguard for Privileged Passwords (SPP) with an external Safeguard for Privileged Sessions (SPS) appliance, after upgrading to SPP 2.9, check the network settings for the X1 interface. Manually restore the settings, if needed.

Clustered environment

Apply the patch so all appliances in the cluster are on the same version. The procedure for patching cluster members depends on the Safeguard for Privileged Passwords version you are currently running.

  • If you are running Safeguard for Privileged Passwords 2.0.1.x or earlier, you must unjoin replica appliances, install the patch on each appliance, and then enroll the replica appliances to rebuild your cluster. For more information, see Patching cluster members in the One Identity Safeguard for Privileged Passwords 2.0 Administration Guide.
  • If you are running Safeguard for Privileged Passwords 2.1.x or 2.2.x, you can use the enhanced cluster patching feature where unjoining replica appliances is no longer required. For more information, see Patching cluster members.

To install an update file

  1. Back up your system before you install an update file. For more information, see Backup and restore.

  2. Navigate to Administrative Tools | Settings | Appliance | Updates. The current appliance and client versions are displayed.
  3. Click Upload a File and browse to select an update file.

    Note: When you select a file, Safeguard for Privileged Passwords uploads it to the server, but does not install it.

  4. Once the file has successfully uploaded, click one of the following:
    • Install Now to install the update file.

      Note: Once you install an update file, you cannot uninstall it.

    • Remove to delete the file from the server without installing it.

    The Updates pane shows the upgrade progress and when the appliance has been successfully upgraded.

Asset Management settings

Use the Asset Management settings to define and manage dynamic tags for assets and asset accounts which include directory accounts. Asset Management settings allow you to add a custom platform.

Navigate to Administrative Tools | Settings| Asset Management.

Table 113: Asset Management settings
Setting Description

Custom platforms

Where you add a custom platform

Tags

Where you view and manage dynamic tags for assets and asset accounts

Custom platforms

The Asset Administrator adds a custom platform that includes uploading the custom platform script with the platform's commands and details. Auditors and Partition Administrators have read only rights. Custom platforms are global across all partitions. The custom platform can be selected when adding or updating an asset.

Create and manage custom platforms in Administrative Tools | Settings | Asset Management | Custom Platforms.

The Custom Platform pane displays the following.

Table 114: Custom platform: Properties
Property Description
Name

The name of the platform type which may be a product name.

Version

The version of the target platform to use as an identifier.

Architecture

The CPU architecture to use as an identifier. If not applicable, use Any.

Platform Script

The name of the custom platform script file displays once selected.

Allow Sessions Requests

If selected, session access requests are allowed.

Use the following toolbar buttons to manage the custom platform settings.

Table 115: Custom Platform: Toolbar
Option Description
Add

Add a custom platform. For more information, see Adding a custom platform.

Delete Selected

Remove the selected custom platform.

CAUTION: If the custom platform is associated with an asset, deleting the custom platform may halt password validation and reset. A warning displays, indicating that the asset will be assigned to the Product platform type Other. Enter Force Delete to confirm the deletion.

Refresh

Update the list of custom platforms.

View

View the custom platform script parameters including:

  • Supported operations, for example Suspend and Restore Accounts, Check System, Check Password, Change Password
  • Details including Name, Task, Type, Default, and Description
Download Selected Script

Download the selected custom platform JSON script.

Related Topics

Creating a custom platform script

Adding a custom platform

Documents connexes