Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 7.0.1 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Accounts tab (asset)

An asset's Accounts tab displays the accounts associated with this asset.

Click New Account from the details toolbar to associate an account with the selected asset.

To access Accounts:

  • web client: Navigate to Asset Management > Assets > (View Details) > Accounts.
Table 84: Assets: Accounts tab properties
Property Description

Name

Name of an account associated with the selected asset.

While you can associate an account with only one asset, you can log in to an asset with more than one account.

Domain Name

The domain name for the account and helps to determine the uniqueness of accounts.

Password Profile

The name of the profile that manages the account.

SSH Key Profile

The name of the SSH key profile.

Service Account

A check in this column indicates that the account is a service account.

Password Request

A check in this column indicates that password release requests are enabled for the account.
Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

Session Request

A check in this column indicates that session access requests are enabled for the account.
Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

SSH Key Request

A check in this column indicates that SSH key release requests are enabled for the account.
Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

Disabled

A check in this column indicates that the asset is not managed, is disabled, and has no associated accounts.

Password

A check in this column indicates a password is set for the account. For more information, see Checking, changing, or setting an account password.

SSH Key

A check in this column indicates an SSH key is set for the account. For more information, see Checking, changing, or setting an SSH key.

Description

Descriptive information entered when the account was added.

Tags

The tags associated with the account

Use these buttons on the details toolbar to manage your asset accounts.

Table 85: Assets: Accounts tab toolbar
Option Description
New Account

Add accounts to the selected asset. For more information, see Adding an account to an asset.

Delete

Remove the selected account from the asset.

View Details

Edit the selected account.

Account Security

Menu options include:

  • Discover SSH Keys
  • Run the SSH Key Discovery job associated with the account. For more information, see SSH Key Discovery.
  • Access Requests

    Select an option to enable or disable access request services for the selected account. Values are derived from whether the platform of the asset indicates it supports any of the following: Password Request, SSH Key Request, Session Request. You can enable or disable Password Request, Session Request, and SSH Key Request, as needed.

    Service Accounts are created when the Asset is created and by default are not enabled for session or password access.

    Discovered Accounts are controlled by the Account Discovery template that is used in discovering the accounts. They are a property of the rule template of the Account Discovery job. For more information, see Adding an Account Discovery rule.

    Enable-Disable

    Select Enable to have Safeguard for Privileged Passwords manage a disabled asset. Account Discovery jobs find all accounts that match the discovery rule's criteria regardless of whether it has been marked Enabled or Disabled in the past.

    Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of asset accounts.

    Search

    To locate a specific asset account or set of accounts in this list, enter the character string to be used to search for a match. For more information, see Search box.

    Account Dependencies tab (asset)

    The Account Dependencies tab displays the directory accounts that the selected Windows server depends on to perform services and tasks. The Account Dependencies tab is only applicable for a Windows platform when one or more directories have been added to Safeguard for Privileged Passwords.

    Click  Add Account from the details toolbar above the grid to associate account dependencies with the selected asset. For more information, see Adding account dependencies.

    To access Account Dependencies:

    • web client: Navigate to Asset Management > Assets > (View Details) > Account Dependencies.
    Table 86: Assets: Account Dependencies tab properties
    Property Description

    Name

    Name of a directory account.

    Directory

    The directory in which the account resides.

    Domain Name

    The forest root domain name for the directory.

    Distinguished Name

    The distinguished name for a directory account.

    Description

    Description of the dependent account.

    The toolbar includes the following:

    Table 87: Assets: Account Dependencies tab toolbar
    Option Description

    Add Account

    Add an account dependency to the selected asset.

    Remove Account

    Remove the account dependency from the asset.

    Refresh

    Update the list of account dependencies.

    Search

    To locate a specific account dependency in this list, enter the character string to be used to search for a match. For more information, see Search box.

    Owners tab (asset)

    The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.

    To access Owners:

    • web client: Navigate to Asset Management > Assets > (View Details) > Owners.

    The Owners tab has two views: Asset Owners and Partition Owners.

    Table 88: Assets: Owners tab properties
    Property Description

    Asset Owners

    Type

    The type of owner.

    Name

    The name of the owner.

    Provider

    The name of the authentication provider.

    Direct

    This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

    Via Tag

    This column indicates the ownership of the object was assigned through the use of a tag.

    Partition Owners

    Type

    The type of user or group.

    Name

    The name of the user or group.

    Provider

    The name of the authentication provider.

    Use the following buttons on the details toolbar to manage the objects owned by the selected asset.

    Table 89: Assets: Owners toolbar
    Option Description

    Add

    Add one or more users or user groups to the selected asset. For more information, see Adding users or user groups to an asset.

    Remove

    Remove the selected object from being a manager of the selected asset. You can only remove objects directly assigned to an asset (as opposed to those assigned via the use of a tag).

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of owners/managers.

    Search

    To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box.

    Discovered SSH Keys (asset)

    The Discovered SSH Keys tab displays the discovered SSH keys for all the accounts of this asset.

    To access Discovered SSH Keys:

    • web client: Navigate to Asset Management > Assets > (View Details) > Discovered SSH Keys.
    Table 90: Assets: Discovered SSH Keys tab properties
    Property Description

    Fingerprint

    The fingerprint of the SSH key used for authentication.

    Account Status

    The status of the Safeguard account.

    SSH Key Managed

    This column will have a check mark indicating the SSH key currently in use on the account.

    Comment

    Free form comment.

    Key Type

    SSH key identity type such as RSA or DSA. For more information, see SSH Key Profiles.

    Key Length

    The supported RSA or DSA key length displays.

    Asset Name

    Name of the asset associated with the account.

    Account

    The name of the account where the SSH key was discovered.

    Date/Time Discovered

    The date and time when the SSH key was discovered.

    Use these buttons on the details toolbar.

    Table 91: Assets: Discovered SSH Keys tab toolbar
    Option Description

    Revoke

    Use this button to revoke access for unmanaged SSH keys.

    Refresh

    Update the list of dependent assets assigned to the selected account.

    Search

    To locate a specific dependent asset in this list, enter the character string to be used to search for a match. For more information, see Search box.

    Documents connexes

    The document was helpful.

    Sélectionner une évaluation

    I easily found the information I needed.

    Sélectionner une évaluation