Discovered SSH Keys
You can view the current SSH Key Discovery results for a selected partition. The number of discovered keys for an account will reflect the number of SSH keys discovered in the account's authorized keys file.
SSH keys currently in use by an account will have a check mark in the SSH Key Manager column in the Discovered SSH Keys properties grid (see below).
Navigate to Administrative Tools | Discovery | Discovered SSH Keys tile. Select the partition for which you want to see the SSH Key results.
Use these toolbar buttons to manage the discovered accounts.
Table 93: Discovery: Discovered SSH Keys toolbar
Partition |
Select the partition for the SSH key discovery. |
Refresh
|
Retrieve and display an updated list of discovered SSH keys. If SSH Keys are deleted from the account's authorized keys file, they will be removed from the discovered list when the discovery job runs. |
Search
|
Enter the character string to be used to search for a match. For more information, see Search box. |
The following information displays.
Table 94: Discovery: Discovered SSH Keys properties grid
Fingerprint |
The fingerprint of the SSH key used for authentication. |
Comment |
Free form comment included in the SSH key. |
Key Type |
The SSH authentication key type, such as RSA and DSA. For more information, see SSH Key Management settings. |
Key Length |
The supported RSA or DSA key length displays. For more information, see SSH Key Management settings. |
Asset Name |
The name of the asset where the SSH key was discovered. |
Account |
The name of the account where the SSH key was discovered. |
Account Status |
The status of the Safeguard account. If Safeguard manages the account, the value is Managed. If the account is disabled, the value is Disabled. Attempting to run discovery on a disabled account will return a result of 0 SSH keys found.
The Account Status column is controlled by the Manage and Ignore buttons on the Discovered Accounts grid. For more information, see Discovered Accounts. |
SSH Key Profile |
The name of the SSH key profile that governs the accounts assigned to a partition. |
SSH Key Managed |
This column will have a check mark indicating the SSH key currently in use on the account. |
Date/Time Discovered |
The date and time when the SSH key was discovered. |
Entitlements
A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically, you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help Desk Administrator, Unix Administrator, or Oracle Administrator. Password and SSH key release entitlements consist of users, user groups, and access request policies. Session access request entitlements consist of users, user groups, assets, asset groups, and access request policies.
The Auditor and the Security Policy Administrator have permission to access Entitlements. An administrator creates an entitlement, then creates one or more access request policies associated with the entitlement, and finally adds users or user groups.
Go to
Administrative Tools and click Entitlements. The Entitlements view displays.
If there are one or more invalid or expired policies, a
Warning and message (for example, Entitlement contains at least one invalid policy) displays. Go to the Access Request Policy tab to identify the invalid policy. For more information, see Access Request Policies tab.
The following information displays about the selected entitlement:
- General tab: Displays the general and time restriction settings information for the selected entitlement.
- Users tab: Displays the user groups or users who are authorized to request access to the accounts or assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.
- Access Request Policies tab: Displays the access request policies that govern the accounts or assets in the selected entitlement, including session access policies.
- History tab: Displays the details of each operation that has affected the selected entitlement.
Use these toolbar buttons to manage entitlements.
General tab
The Administrative Tools | Entitlements | General tab lists information about the selected entitlement.
Large tiles at the top of the tab display the number of Users, Accounts, and Assets associated with the selected entitlement. Clicking a tile heading opens the corresponding tab.
Description: Information about the selected entitlement.
Related Topics
Modifying an entitlement
Users tab
The Administrative Tools | Entitlements | Users tab displays the users and user groups who are authorized to request access for the accounts and assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.
Click
Add User or User Group from the details toolbar to add one or more requester users or user groups to the selected entitlement.
Table 97: Entitlements: User tab properties
Type |
Type of member:
|
Name |
Name of the user or user group included in the selected entitlement. |
Provider |
The name of the authentication provider:
- Local
- Certificate
- The name of an external provider such as a Microsoft Active Directory domain name.
|
Domain Name |
If applicable, the name of the domain of the user group or user |
Use these buttons on the details toolbar to manage the requester users associated with the selected entitlement.
Table 98: Entitlements: Users tab toolbar
Add User or User Group
|
Add a requester user group or requester user to the entitlement. For more information, see Adding users or user groups to an entitlement. |
Remove Selected
|
Remove the selected user or user group from the entitlement. |
Refresh
|
Update the list of requester users or user groups. |
Details
|
View additional details about the selected user or user group. |
Search (case sensitive)
|
To locate a specific user (or user group) or set of users (or user groups) in this list, enter the character string to be used to search for a match. For more information, see Search box. |
Related Topics
Adding users or user groups to an entitlement