Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Security Policy Settings

In the web client, Security Policy Management has a settings page used to manage Sessions Password Access and the Audit Log Stream Service. You can also manage the reasons for requesting access to a password, SSH key, or session.

  • Navigate to Security Policy Management | Settings to manage the settings listed below.
    Table 203: Security Policy Settings
    Setting Description

    Session Password Access Enabled

    Use this toggle to enable or disable session password access. This feature is disabled by default.

    Audit Log Stream Service

    Use this toggle to send Safeguard for Privileged Passwords data to Safeguard for Privileged Sessions (SPS) to audit the Safeguard privileged management software suite. The feature is disabled by default.

    To accept SPP data, the SPS Appliance Administrator must turn on audit log syncing. For information, see the Safeguard for Privileged Sessions Administration Guide.

    SPP and SPS must be linked to use this feature. For more information, see SPP and SPS sessions appliance link guidance.

    While the synchronization of SPP and SPS is ongoing, SPS is not guaranteed to have all of the audit data at any given point due to some latency.

    NOTE: This setting is also available under Appliance Management | Enable or Disable Services. For more information, see Enable or Disable Services.


    From this pane you can manage the reasons for requesting access to a password, SSH key, or session. For more information, see Reasons.

  • Reasons

    In an access request policy, a Security Policy Administrator can require that a requester provide a reason for requesting access to a password, SSH key, or session. Then, when requesting access, the user can select a predefined reason from a list. For example, you might use these access request reasons:

    • Software Updates
    • System Maintenance
    • Hardware Issues
    • Problem Ticket

    To configure access request reasons

    1. Navigate to Security Policy Management | Settings | Reasons.
    2. Click Add to add a new reason.
    3. In the New Reason dialog, enter the following:
      1. Name: Enter a name for the reason. Limit: 50 characters

      2. Description: Enter a description for the reason. Limit: 255 characters

    4. Click Save.

    To edit a reason, select a previously configured reason and click Edit.

    To delete a reason, select a previously configured reason and click Delete.

    User Management

    In the web client, expand the User Management section in the left navigation pane.

    The following pages are available. See each section for a description of the functions available.



    A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups. in Overview of the Entities.

    Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.

    • Authorizer Administrator: General, History
    • User Administrator: General, User Groups (directory users only), History
    • Help Desk Administrator: General, History
    • Auditor: General, Owned Objects, User Groups, Entitlements, Linked Accounts, History
    • Asset Administrator: General, Owned Objects
    • Security Policy Administrator: General, User Groups, Entitlements, Linked Accounts, History

    The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Activating or deactivating a user account.

    Go to Users:

    • web client: Navigate to Security Policy Management | Users
    Users view

    The Users view displays the following information about a selected user:

    • Properties tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
    • User Groups tab (user): Displays the user groups in which the selected user is a member.
    • Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
    • History (user): Displays the details of each operation that has affected the selected user.

    Use these toolbar buttons to manage users:

    • New User: Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.
    • Delete : Remove the selected user. For more information, see Deleting a user.
    • View details: View and edit the details for a selected user.
    • Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
    • Set Password: Use this option to set a password for a local user.
    • Unlock: Use this option to unlock the account of a local user.
    • Activate User: Use this option activate the account of a selected user.
    • Deactivate User: Use this option to deactivate the account of a selected user.
    • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
    • Refresh: Update the list of users.
    • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
    Documents connexes

    The document was helpful.

    Sélectionner une évaluation

    I easily found the information I needed.

    Sélectionner une évaluation