サポートと今すぐチャット
サポートとのチャット

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Unlocking a local user's account

If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Local Login Control..

Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts, and the User Administrator and Help Desk Administrator to unlock non-administrator local users.

To unlock a local user's account

  1. Navigate to User Management > Users.
  2. Select a "locked" user from the list.
  3. From the toolbar options, select  Unlock.

User Groups

NOTE: The User Groups page is accessible from the following locations:

  • Security Policy Management > User Groups

  • User Management > User Groups

Safeguard for Privileged Passwords allows you to either create a local group that exists and is managed within Safeguard for Privileged Passwords only, or add a directory group that is synchronized from an external Active Directory or LDAP server. Then a Security Policy Administrator can add one or more user groups to an entitlement, which will authorize members of the group(s) to request access to the accounts and assets governed by the entitlement's access request policies.

User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, Help Desk Administrator, Auditor, and Asset Administrator. Not all functionalities will be available to all user types.

The User Groups view displays the following information about the selected user or directory group.

  • Properties tab (user groups): Displays general information about the selected user group.
  • Users tab (user groups): Displays the members of the selected group.
  • Entitlements tab (user groups): Displays the entitlements for which the group has been assigned to. All members of the group then inherit access to the request policies of the entitlement.

    NOTE: The Entitlements tile is only visible to the Auditor and Security Policy Administrator.

  • History (user): Displays the details of each operation that has affected the selected group.

Use these toolbar buttons to manage users.

  • User Group: Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group..

  • Directory User Group: Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group..

  • SCIM User Group: Add SCIM user groups to Safeguard for Privileged Passwords. For more information, see Adding a SCIM user group.

  • Delete: Remove the selected user group. For more information, see Deleting a user group..

  • Edit: Edit the selected user group.

  • Synchronize Now: After selecting a user group from the table, use this button to manually prompt the synchronization process.

  • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

  • Refresh: Update the list of user groups.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.

Properties tab (user groups)

The Properties tab lists information about the selected user group.

To access Properties:

  • web client: Navigate to Security Policy Management > User Groups > (New) or (Edit) > Properties or User Management > User Groups > Properties.
Table 210: User Groups: Properties tab properties
Property Description

Name

The entitlement name.

Description

Information about the selected entitlement.

Delete

Click this button to delete the user group.

The Properties > Permissions tab lists the user's administrator permissions or "Standard User" if the user does not have administrative permissions.

Users tab (user groups)

The Users tab displays the members of the selected group.

Click  Add User from the details toolbar to add one or more users to the selected local user group.

NOTE: For directory groups, group membership is read-only. That is, you cannot add or remove users from a directory group using the Users tab.

To access Users:

  • web client: Navigate to Security Policy Management > User Groups > (Edit) > Users or User Management > User Groups > (Edit) > Users.
Table 211: User Groups: Users tab properties
Property Description

Username

The user's display name.

Name

The user's first and last name, if the information exists in the user's properties; otherwise, the user's display name.

Description

Description of the user.

Provider

The name of the authentication provider: Local, Certificate, or the name of an external provider such as a Microsoft Active Directory domain name.

Distinguished Name

The distinguished name of the user.

Last Name

The user's last name.

First Name

The user's first name.

Email

The user's email address.

Work Phone

The user's work phone.

Mobile Phone

The user's mobile phone.

Time Zone

The user's time zone.

Identity Provider

The user's identity provider.

Domain Name

The domain name for the user.

Login Name

The user's login name.

Deactivated

This column indicates if a user is currently deactivated.

Permissions

The user's permissions.

Use these buttons on the details toolbar to manage the users in your user groups.

Table 212: User Groups: Users tab toolbar
Option Description

Add User

Add one or more users to the selected user group. For more information, see Adding users to a user group..

Remove

Remove the selected user from the user group.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of users in the user groups.

Search

To locate a specific user or set of users in this list, enter the character string to be used to search for a match. For more information, see Search box..

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択