Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Accounts tab (partitions)

The Accounts tab displays the accounts assigned to the selected partition.

NOTE: By default, all accounts associated with an asset are assigned to the same profile, but you can reassign them. For more information, see Creating a password profile..

To access Accounts:

  • web client: Navigate to Asset Management > Partitions > (View Details) > Accounts.
Table 119: Partitions: Accounts tab properties
Property Description
Name

The account name.

Domain Name

The domain name of the account if the account is an Active Directory account. Used to help determine uniqueness.

Parent The partition in which the asset where the account resides.
Password Profile The name of the profile that manages the account.

SSH Key Profile

The name of the SSH key profile that governs the accounts assigned to a partition.

Service Account A check in this column indicates that the account is a service account.
Password Request A check in this column indicates that password release requests are enabled for the account.
Session Request A check in this column indicates that session access requests are enabled for the account.

SSH Key Request

A check in this column indicates that SSH key release requests are enabled for the account.

Disabled

A check in this column indicates the account is disabled.

Password A check in this column indicates a password is set for the account. For more information, see Checking, changing, or setting an account password..

TOTP Authenticator

A check in this column indicates a TOTP Authenticator is set for the account. For more information, see Setting a TOTP authenticator.

SSH Key

A check in this column indicates an SSH key is set for the account. For more information, see Checking, changing, or setting an SSH key..

API Keys

A check in this column indicates an API key is set for the account. For more information, see For more information, see Checking, changing, or setting an SSH key..

Description

Descriptive information entered when the account was added.

Tags

The tags associated with the account.

Use these buttons on the details toolbar to manage the accounts assigned to the selected partition.

Table 120: Partitions: Accounts tab toolbar
Option Description
New Account

Add accounts to the selected partition. For more information, see Adding an account to a partition.

Delete

Remove the selected account from the partition.

View Details

View additional information on the selected account.

Account Secrets

Menu options include:

  • Check Password
  • Change Password
  • Check SSH Key
  • Change SSH Key
Access Request

Select an option to enable or disable access request services for the selected partition. Values are derived from whether the platform of the asset indicates it supports any of the following: Password Request, SSH Key Request, Session Request. You can enable or disable Password Request, Session Request, and SSH Key Request, as needed.

Service Accounts are created when the Asset is created and by default are not enabled for session or password access.

Discovered Accounts are controlled by the Account Discovery template that is used in discovering the accounts. They are a property of the rule template of the Account Discovery job. For more information, see Adding an Account Discovery rule..

  • Discover SSH Keys
  • Run the SSH Key Discovery job associated with the account.
  • Enable-Disable

    Select Enable to have Safeguard for Privileged Passwords manage a disabled partition.

    Select Disable to prevent Safeguard for Privileged Passwords from managing the selected partition.

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of asset accounts.

    Search

    To locate a specific asset account or set of accounts in this list, enter the character string to be used to search for a match. For more information, see Search box..

    Owners tab (partitions)

    The Owners tab displays information about the directly managed objects associated with the partition.

    To access Owners:

    • web client: Navigate to Asset Management > Partitions > (View Details) > Owners.
    Table 121: Partitions: Owners tab properties
    Property Description
    Type

    The type of object.

    Name

    The name of the user or user groups.

    Provider

    The name of the authentication provider.

    Use the following buttons on the details toolbar to manage the objects owned by the selected partition.

    Table 122: Partitions: Owners toolbar
    Option Description

    Add User/User Groups

    Add one or more users or user groups to the selected partition. For more information, see Adding users or user groups to a partition.

    Remove Selected

    Remove the selected object from being managed by the selected partition.

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of managed objects.

    Search

    To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box..

    Asset Administrators and Auditors can also generate reports showing more detailed information on the ownership of specific objects (including effective ownership). For more information, see Ownership in Audit reports.

    Password Profiles tab (partitions)

    The Password Profiles tab lists the password profiles associated with this partition. for more information, see About profiles. You can create a password profile then add assets and accounts to the password profile. For more information, see Assigning assets or accounts to a password profile and SSH key profile.

    Click  New Profile from the details toolbar to add a password profile to the selected partition. For more information, see Creating a password profile..

    To access Password Profile:

    • web client: Navigate to Asset Management > Partitions > (View Details) > Password Profile.
    Table 123: Partitions: Password Profiles tab properties
    Property Description
    Default "Default" displays in this column for the default password profile. For more information, see Setting a default profile..
    Name

    Password management password profile name.

    Check Password

    The check password setting used to verify account passwords. For more information, see Check Password..

    Change Password

    The change password setting used to to verify account passwords. For more information, see Change Password..

    Password Rule

    The account password rule that governs the construction of

    the new password created by Safeguard for Privileged Passwords during automatic password change. For more information, see Account Password Rules..

    Description Information about the selected password profile.

    Use these buttons on the details toolbar to manage the partition's password profiles.

    Table 124: Partitions: Password Profiles tab toolbar
    Option Description

    New Profile

    Add a password profile to the selected partition. For more information, see Creating a password profile..

    Delete

    Remove the selected password profile.

    If you delete a password profile, Safeguard for Privileged Passwords reassigns all assets and accounts to the default password profile.

    View Details

    View additional details for the selected password profile.

    Set as Default

    Set the selected password profile as the default password profile. For more information, see Setting a default profile..

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of password profiles.

    Search

    To locate a specific password profile or set of password profiles in this list, enter the character string to be used to search for a match. For more information, see Search box..

    SSH Key Profiles tab (partitions)

    Each managed account can have a single SSH identity key. An SSH key can be requested and configured for A2A (account level scoping) and used for sessions.

    The SSH Key Profiles tab lists the SSH key profiles associated with the selected partition. For more information, see For more information, see About profiles.. You can create an SSH key profile then add assets and accounts to the profile. For more information, see For more information, see Assigning assets or accounts to a password profile and SSH key profile..

    To access SSH Key Profiles:

    • web client: Navigate to Asset Management > Partitions > (View Details) > SSH Key Profiles.
    Table 125: Partitions: SSH Key Profiles tab properties
    Property Description
    Default Default displays in this column to identify the default profile. For more information, see Setting a default profile..
    Name

    SSH key profile name.

    Check SSH Key

    The Check SSH Key setting used to verify SSH keys. For more information, see Check SSH Key settings..

    Change SSH Key

    The Change SSH Key setting used to verify SSH keys. For more information, see Change SSH Key settings..

    Discover SSH Key

    The SSH Key Discovery job used to discover the SSH keys. For more information, see Discover SSH Key settings..

    Description Information about the selected SSH key profile.

    Use these buttons on the details toolbar to manage your partitions profiles.

    Table 126: Partitions: SSH Key Profiles tab toolbar
    Option Description

    New Profile

    Add an SSH key profile to the selected partition. For more information, see Creating an SSH key profile..

    Delete

    Remove the selected SSH key profile.

    If you delete an SSH key profile, Safeguard for Privileged Passwords reassigns all assets and accounts to the default profile. If no default profile is set, Safeguard for Privileged Passwords will remove the assets and accounts along with the profile.

    View Details

    Modify the selected SSH key profile.

    Set as Default

    (Optional) Set the selected profile as the default profile. Once a default profile has been selected, there will always be a default profile (which profile is the default can be changed at any time, but a default profile will always be needed for the partition). The only way to stop requiring a default profile be selected is to remove all SSH profiles from the partition. For more information, see Setting a default profile..

    Export

    Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    Refresh

    Update the list of SSH key profiles.

    Search

    Locate a specific SSH key profile or set of profiles in this list by entering the character string to be used to search for a match. For more information, see Search box..

    Documents connexes

    The document was helpful.

    Sélectionner une évaluation

    I easily found the information I needed.

    Sélectionner une évaluation