Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Access Request Activity

The Access Request Activity page allows Security Policy Administrators to review and manage access requests from a single location. Clicking one of the access request tiles on the page displays additional information about the access requests belonging to that category. In addition, you can review the request workflow, launch a live session, end a session, or revoke a specific request.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Auditor: Read-only view.
  • Security Policy: Full control.
Access requests: Tiles

Clicking any of the following tiles will open a dialog showing additional information. Click the button to customize the tiles that are displayed.

  • Open Requests: Displays a list of all currently opened access requests, including session requests and password release requests.
  • Pending Approval: Displays a list of access requests to be approved.
  • Pending Review: Displays a list of access requests to be reviewed.
  • Open Sessions: Displays a list of all currently opened sessions.
  • Passwords Out: Displays a list of all password release requests that are currently checked out.
  • SSH Keys Out: Displays a list of all SSH key release requests that are currently checked out.
Access requests: Toolbars

After opening one of the tiles, use the toolbar at the top of the details grid to perform the following tasks.

  • View Details: Select to view additional information regarding the request.
  • Request Workflow Details: Select to review the transactions that took place in the selected request. Clicking this button displays the Request Workflow dialog allowing you to audit the transactions that occurred during the request's workflow from request to approval to review.
  • Session Audit Log in SPS: Click this button to open the session audit log in Safeguard for Privileged Sessions.
  • View Live Session: Select to view a live session for the selected session request. Clicking this button launches the Desktop Player (minimum version supported is 1.11.15) allowing you to follow an active session.

    For details on using the Desktop Player, go to One Identity Safeguard for Privileged Sessions - Technical Documentation. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.

  • Terminate Live Session: Select to close the live session for the selected session request.
  • Close Request: Select to retract the selected access request.
  • Export: Select to create a .csv or .json file of the currently displayed access request grid and save it to a location of your choice. The time is set according to the user time zone.

  • Columns: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

Account Groups

A Safeguard for Privileged Passwords account group is a set of accounts which you can add to the scope of an access request policy. For more information, see Creating an access request policy.

The Auditor and the Security Policy Administrator have permission to access Account Groups.

To access Account Groups:

  • web client: Navigate to Security Policy Management | Account Groups.

The Account Groups view displays the following information about the selected account group.

Use these toolbar buttons to manage account groups.

Properties tab (account group)

The Properties tab lists information about the selected Account Group.

To access Properties:

  • web client: Navigate to Security Policy Management | Account Groups | (View Details) | Properties.
Table 168: Account Groups Properties tab: General properties
Property Description

Name

The selected account group's name

Description

Information about the selected account group

Account Rules

For dynamic account groups, a summary of the asset account rules defined

Accounts tab (account group)

The Accounts tab displays the accounts associated with the selected account group.

To access Accounts:

  • web client: Navigate to Security Policy Management | Account Groups | (View Details) | Accounts.
Table 169: Account Groups: Accounts tab properties
Property Description

Name

Name of the account belonging to the selected account group.

Parent

The asset to which the account belongs.

Domain Name

For directory accounts, the name of the domain the account is associated with.

Disabled

A check in this column indicates that the account is not managed.

Service Account

A check in this column indicates that the account is a service account.

Password Request

A check in this column indicates that password release requests are enabled for this account.

Session Request

A check in this column indicates that session access requests are enabled for this account.

SSH Key Request

A check in this column indicates that SSH key access requests are enabled for this account.

Password

A check in this column indicates that a password is set for the selected account. For more information, see Checking, changing, or setting an account password.

SSH Key

A check in this column indicates that an SSH key is set for the selected account. For more information, see Checking, changing, or setting an SSH key.

Description

Information about the account.

Use these buttons on the details toolbar.

Table 170: Account Groups: Access Request Policies tab toolbar
Option Description
Add Account

To add one or more accounts to the account group you selected.

Remove

Remove the selected account.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh Update the list of accounts.
Search

To locate a specific account in this list, enter the character string to be used to search for a match. For more information, see Search box.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation