Security Policy Settings
In the web client, Security Policy Management has a settings page used to manage Sessions Password Access and the Audit Log Stream Service. You can also manage the reasons for requesting access to a password, SSH key, or session.
Navigate to Security Policy Management | Settings to manage the settings listed below.
Table 203: Security Policy Settings
Session Password Access Enabled |
Use this toggle to enable or disable session password access. This feature is disabled by default. |
Audit Log Stream Service |
Use this toggle to send Safeguard for Privileged Passwords data to Safeguard for Privileged Sessions (SPS) to audit the Safeguard privileged management software suite. The feature is disabled by default.
To accept SPP data, the SPS Appliance Administrator must turn on audit log syncing. For information, see the Safeguard for Privileged Sessions Administration Guide.
SPP and SPS must be linked to use this feature. For more information, see SPP and SPS sessions appliance link guidance.
While the synchronization of SPP and SPS is ongoing, SPS is not guaranteed to have all of the audit data at any given point due to some latency.
NOTE: This setting is also available under Appliance Management | Enable or Disable Services. For more information, see Enable or Disable Services. |
Reasons |
From this pane you can manage the reasons for requesting access to a password, SSH key, or session. For more information, see Reasons. |
Reasons
In an access request policy, a Security Policy Administrator can require that a requester provide a reason for requesting access to a password, SSH key, or session. Then, when requesting access, the user can select a predefined reason from a list. For example, you might use these access request reasons:
- Software Updates
- System Maintenance
- Hardware Issues
- Problem Ticket
To configure access request reasons
- Navigate to Security Policy Management | Settings | Reasons.
- Click Add to add a new reason.
- In the New Reason dialog, enter the following:
-
Name: Enter a name for the reason. Limit: 50 characters
-
Description: Enter a description for the reason. Limit: 255 characters
- Click Save.
To edit a reason, select a previously configured reason and click Edit.
To delete a reason, select a previously configured reason and click Delete.
User Management
In the web client, expand the User Management section in the left navigation pane.
The following pages are available. See each section for a description of the functions available.
Topics:
Users
A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups. in Overview of the Entities.
Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.
- Authorizer Administrator: General, History
- User Administrator: General, User Groups (directory users only), History
- Help Desk Administrator: General, History
- Auditor: General, Owned Objects, User Groups, Entitlements, Linked Accounts, History
- Asset Administrator: General, Owned Objects
- Security Policy Administrator: General, User Groups, Entitlements, Linked Accounts, History
The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Activating or deactivating a user account.
Go to Users:
- web client: Navigate to Security Policy Management | Users
Users view
The Users view displays the following information about a selected user:
- Properties tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
- User Groups tab (user): Displays the user groups in which the selected user is a member.
- Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
- History (user): Displays the details of each operation that has affected the selected user.
Toolbar
Use these toolbar buttons to manage users:
- New User: Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.
- Delete : Remove the selected user. For more information, see Deleting a user.
- View details: View and edit the details for a selected user.
- Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
- Set Password: Use this option to set a password for a local user.
- Unlock: Use this option to unlock the account of a local user.
- Activate User: Use this option activate the account of a selected user.
- Deactivate User: Use this option to deactivate the account of a selected user.
- Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
- Refresh: Update the list of users.
- Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.