Adding a cloud platform account
Safeguard for Privileged Passwords can manage cloud platform accounts such as Amazon Web Services (AWS).
Before you add cloud platform accounts to Safeguard for Privileged Passwords, you must first add an asset with which to associate the accounts. For more information, see Preparing Amazon Web Services platforms.
To add a cloud platform account
- Navigate to Asset Management > Assets.
- Click New Asset from the toolbar.
-
In the General tab:
- Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts.
- (Optional) Description: Enter a description for the asset.
-
In the Connection tab:
- Platform: Select the appropriate product, such as Amazon Web Services.
- Version: For Amazon Web Services, select the version.
- Architecture: Enter the product's system architecture.
- Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.
- Authentication type: Select one of the following:
-
Access Key to authenticate to the asset using an access key. Enter the following information:
- Service Account Name: Enter the configured IAM service account.
- Access Key ID: Enter the Access Key ID created for the IAM service account.
- Secret Key: Enter the Secret Key created for the IAM service account.
- None to not authenticate to the asset and manually manage the asset.
- Click OK to save.
Once you add the cloud platform asset, you can associate accounts with it.
To add an account to the cloud platform
- In Assets, select the cloud platform asset and switch to the Accounts tab.
- Click New Account from the details toolbar.
- In the Name field on the General tab, enter the cloud platform account username, email address, or phone number.
- (Optional) Enter a Description.
- On the Management tab, ensure the Enable Password Request option is checked.
- Click Browse to select a profile to govern this account.
- Click Add Account.
- Click OK to save.
Now you can manually check, change, or set the cloud platform account password; and, Safeguard for Privileged Passwords can automatically manage the password according to the Check and Change settings in the profile governing the account.
To check out the cloud platform account
- Add a cloud platform Account Group and add the accounts to the group.
- Add an entitlement for the cloud platform accounts.
- Add users to the entitlements.
- Add a password release policy to the entitlement.
- Add the cloud platform Account Group to the scope of the policy.
Manually adding a tag to an account
Asset Administrators can manually add and remove static tags to an account. You cannot manually remove dynamically assigned tags which are defined by rules and indicated by a lightening bolt icon. You must modify the rule associated with the dynamic tag if you want to remove it. For more information, see Modifying an asset or asset account tag.
To manually add a tag to an account
- Navigate to Asset Management > Accounts.
- Select an account and click View Details.
- Under Tags, click Edit. Existing tags are displayed.
- Click Edit.
-
Use one of the following methods to assign tags to the account:
- To assign a previously created tag:
- Click Add Tag.
- Select the tag(s) to add to the account.
- Click Select Tags to save your selection.
- To create a new tag:
- Click Add Tag.
- From the Select Tags dialog, click New Tag.
- Enter the requested information for the tag and click OK.
- Once finished adding any new tags, select the tag(s) to add to the account on the Select Tags dialog.
- Click Select Tags to save your selection.
-
Click OK.
Deleting an account
When you delete an account, Safeguard for Privileged Passwords does not delete it from its associated asset; it simply removes it from Safeguard for Privileged Passwords.
If you delete a service account, Safeguard for Privileged Passwords changes the asset's authentication type to None, which disables automatic password and SSH key management for all accounts that are associated with this asset. All assets must have a service account in order to check and change the passwords or SSH keys for the accounts associated with it. For more information, see About service accounts.
To delete an account
- Navigate to Asset Management > Accounts.
- Select the account to be deleted.
- Click Delete.
- Confirm your request.
Adding users or user groups to an account
When you add users to an account, you are specifying the users or user groups that have ownership of an account.
It is the responsibility of the Asset Administrator (or delegated partition owner) to add users and user groups to accounts. The Security Policy Administrator only has permission to add groups, not users. For more information, see Administrator permissions.
To add users to an account
- Navigate to Asset Management > Accounts.
- In Accounts, select an account from the object list and click View Details.
- Open the Owners tab.
- Click Add on the Account Owners, Asset Owners, and/or Partition Owners tabs.
- Select one or more users or user groups from the list in the Users/User Groups dialog.
- Click Select Owners to save your selection.