Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Accounts tab (asset)

An asset's Accounts tab displays the accounts associated with this asset.

Click New Account from the details toolbar to associate an account with the selected asset.

To access Accounts:

  • web client: Navigate to Asset Management > Assets > (View Details) > Accounts.
Table 91: Assets: Accounts tab properties
Property Description

Name

Name of an account associated with the selected asset.

While you can associate an account with only one asset, you can log in to an asset with more than one account.

Domain Name

The domain name for the account and helps to determine the uniqueness of accounts.

Password Profile

The name of the profile that manages the account.

SSH Key Profile

The name of the SSH key profile.

Service Account

A check in this column indicates that the account is a service account.

Password Request

A check in this column indicates that password release requests are enabled for the account.

Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

Session Request

A check in this column indicates that session access requests are enabled for the account.

Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

SSH Key Request

A check in this column indicates that SSH key release requests are enabled for the account.

Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account.

Disabled

A check in this column indicates that the asset is not managed, is disabled, and has no associated accounts.

Password

A check in this column indicates a password is set for the account. For more information, see Checking, changing, or setting an account password.

TOTP Authenticator

A check in this column indicates a TOTP Authenticator is set for the account. For more information, see Setting a TOTP authenticator.

SSH Key

A check in this column indicates an SSH key is set for the account. For more information, see Checking, changing, or setting an SSH key.

API Keys

A check in this column indicates an API key is set for the account. For more information, see Checking, changing, or setting an SSH key.

JIT Privilege Group Membership

The name of one or more groups that have been configured to be assigned to the account at the time of checkout, then correspondingly removed from the account at the time of check-in. The assigned group membership acts as just-in-time (JIT) privilege elevation and demotion for the account.

Description

Descriptive information entered when the account was added.

Tags

The tags associated with the account

File request

A check in this column indicates that file release requests are enabled for the account.

File

A check in this column indicates a file is set for the account.

Use these buttons on the details toolbar to manage your asset accounts.

Table 92: Assets: Accounts tab toolbar
Option Description

New Account

Add accounts to the selected asset. For more information, see Adding an account to an asset.

Delete

Remove the selected account from the asset.

View Details

Edit the selected account.

Account Secrets

Menu options include:

  • Check Password

  • Change Password

  • Check SSH Key

  • Change SSH Key

Discover SSH Keys

Run the SSH Key Discovery job associated with the account. For more information, see SSH Key Discovery.

Access Requests

Select an option to enable or disable access request services for the selected account. Values are derived from whether the platform of the asset indicates it supports any of the following: Password Request, SSH Key Request, Session Request. You can enable or disable Password Request, Session Request, and SSH Key Request, as needed.

Service Accounts are created when the Asset is created and by default are not enabled for session or password access.

Discovered Accounts are controlled by the Account Discovery template that is used in discovering the accounts. They are a property of the rule template of the Account Discovery job. For more information, see Adding an Account Discovery rule.

Enable-Disable

Select Enable to have Safeguard for Privileged Passwords manage a disabled asset. Account Discovery jobs find all accounts that match the discovery rule's criteria regardless of whether it has been marked Enabled or Disabled in the past.

Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of asset accounts.

Search

To locate a specific asset account or set of accounts in this list, enter the character string to be used to search for a match. For more information, see Search box..

Account Dependencies tab (asset)

The Account Dependencies tab displays the directory accounts that the selected Windows server depends on to perform services and tasks. The Account Dependencies tab is only applicable for a Windows platform when one or more directories have been added to Safeguard for Privileged Passwords.

Click  Add Account from the details toolbar above the grid to associate account dependencies with the selected asset. For more information, see Adding account dependencies..

To access Account Dependencies:

  • web client: Navigate to Asset Management > Assets > (View Details) > Account Dependencies.
Table 93: Assets: Account Dependencies tab properties
Property Description

Name

Name of a directory account.

Dependent Account Type

Available types are:

  • Password

  • SSH key

  • API key

  • File

Directory

The directory in which the account resides.

Domain Name

The forest root domain name for the directory.

Distinguished Name

The distinguished name for a directory account.

Description

Description of the dependent account.

The toolbar includes the following:

Table 94: Assets: Account Dependencies tab toolbar
Option Description

Add Account

Add an account dependency to the selected asset.

Remove Account

Remove the account dependency from the asset.

Refresh

Update the list of account dependencies.

Search

To locate a specific account dependency in this list, enter the character string to be used to search for a match. For more information, see Search box..

Access Request Policies (asset)

The Access Request Policies tab displays the entitlements and access request policies, including password and SSH key release policies and session request policies, associated with the selected asset. This information is available to users that have both Asset Administrator and Policy Administrator permissions.

To access Access Request Policies:

  • web client: Navigate to Asset Management > Assets > (View Details) > Access Request Policies.
Table 95: Assets: Access Request Policies tab properties
Property Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the access request policy that governs the selected account.

Accounts

The number of unique accounts in the account groups that are associated with the access request policy.

# Account Groups

The number of unique account groups in the access request policy.

Account Groups

The names of the account groups that associate the selected account with the policy.

Assets

The number of unique assets in the asset groups that are associated with the access request policy.

# Asset Groups

The number of unique assets groups in the access request policy.

Asset Groups

The names of the asset groups that associate the selected account with the policy.

Use these buttons on the details toolbar to manage the dependent assets.

Table 96: Assets: Access Request Policies tab toolbar
Option Description

Add to Policy

Add the selected asset to the scope of an access request policy.

Remove Selected

Remove the selected policy.

Refresh

Update the list of access request policies.

Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box..

Owners tab (asset)

The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.

To access Owners:

  • web client: Navigate to Asset Management > Assets > (View Details) > Owners.

The Owners tab has two views: Asset Owners and Partition Owners.

Table 97: Assets: Owners tab properties
Property Description

Asset Owners

Type

The type of owner.

Name

The name of the owner.

Provider

The name of the authentication provider.

Direct

This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

Via Tag

This column indicates the ownership of the object was assigned through the use of a tag.

Partition Owners

Type

The type of user or group.

Name

The name of the user or group.

Provider

The name of the authentication provider.

Use the following buttons on the details toolbar to manage the objects owned by the selected asset.

Table 98: Assets: Owners toolbar
Option Description

Add

Add one or more users or user groups to the selected asset. For more information, see Adding users or user groups to an asset.

Remove

Remove the selected object from being a manager of the selected asset. You can only remove objects directly assigned to an asset (as opposed to those assigned via the use of a tag).

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of owners/managers.

Search

To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box..

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation