Accounts tab (asset)
An asset's Accounts tab displays the accounts associated with this asset.
Click 
New Account from the details toolbar to associate an account with the selected asset.
To access Accounts:
web client: Navigate to Asset Management > Assets > 
(View Details) > Accounts.
Table 91: Assets: Accounts tab properties
|
Name |
Name of an account associated with the selected asset.
While you can associate an account with only one asset, you can log in to an asset with more than one account. |
|
Domain Name |
The domain name for the account and helps to determine the uniqueness of accounts. |
|
Password Profile |
The name of the profile that manages the account. |
|
SSH Key Profile |
The name of the SSH key profile. |
|
Service Account |
A  check in this column indicates that the account is a service account. |
|
Password Request |
A check in this column indicates that password release requests are enabled for the account.
Click  Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account. |
|
Session Request |
A check in this column indicates that session access requests are enabled for the account.
Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account. |
|
SSH Key Request |
A check in this column indicates that SSH key release requests are enabled for the account.
Click Access Requests from the details toolbar to enable or disable a user's ability to request access to the selected account. |
|
Disabled |
A check in this column indicates that the asset is not managed, is disabled, and has no associated accounts. |
|
Password |
A check in this column indicates a password is set for the account. For more information, see Checking, changing, or setting an account password. |
|
TOTP Authenticator |
A check in this column indicates a TOTP Authenticator is set for the account. For more information, see Setting a TOTP authenticator. |
|
SSH Key |
A check in this column indicates an SSH key is set for the account. For more information, see Checking, changing, or setting an SSH key. |
|
API Keys |
A check in this column indicates an API key is set for the account. For more information, see Checking, changing, or setting an SSH key. |
|
JIT Privilege Group Membership |
The name of one or more groups that have been configured to be assigned to the account at the time of checkout, then correspondingly removed from the account at the time of check-in. The assigned group membership acts as just-in-time (JIT) privilege elevation and demotion for the account. |
|
Description |
Descriptive information entered when the account was added. |
|
Tags |
The tags associated with the account |
|
File request |
A check in this column indicates that file release requests are enabled for the account. |
|
File |
A check in this column indicates a file is set for the account. |
Use these buttons on the details toolbar to manage your asset accounts.
Table 92: Assets: Accounts tab toolbar
|
New Account |
Add accounts to the selected asset. For more information, see Adding an account to an asset. |
|
 Delete
|
Remove the selected account from the asset. |
|
View Details |
Edit the selected account. |
|
 Account Secrets
|
Menu options include:
-
Check Password
-
Change Password
-
Check SSH Key
-
Change SSH Key |
|
 Discover SSH Keys
|
Run the SSH Key Discovery job associated with the account. For more information, see SSH Key Discovery. |
| Access Requests |
Select an option to enable or disable access request services for the selected account. Values are derived from whether the platform of the asset indicates it supports any of the following: Password Request, SSH Key Request, Session Request. You can enable or disable Password Request, Session Request, and SSH Key Request, as needed.
Service Accounts are created when the Asset is created and by default are not enabled for session or password access.
Discovered Accounts are controlled by the Account Discovery template that is used in discovering the accounts. They are a property of the rule template of the Account Discovery job. For more information, see Adding an Account Discovery rule. |
|
 Enable-Disable
|
Select  Enable to have Safeguard for Privileged Passwords manage a disabled asset. Account Discovery jobs find all accounts that match the discovery rule's criteria regardless of whether it has been marked Enabled or Disabled in the past.
Select  Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts. |
|
 Export
|
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data. |
 Refresh |
Update the list of asset accounts. |
 Search |
To locate a specific asset account or set of accounts in this list, enter the character string to be used to search for a match. For more information, see Search box.. |
Account Dependencies tab (asset)
The Account Dependencies tab displays the directory accounts that the selected Windows server depends on to perform services and tasks. The Account Dependencies tab is only applicable for a Windows platform when one or more directories have been added to Safeguard for Privileged Passwords.
Click Add Account from the details toolbar above the grid to associate account dependencies with the selected asset. For more information, see Adding account dependencies..
To access Account Dependencies:
- web client: Navigate to Asset Management > Assets > (View Details) > Account Dependencies.
Table 93: Assets: Account Dependencies tab properties
|
Name |
Name of a directory account. |
|
Dependent Account Type |
Available types are:
-
Password
-
SSH key
-
API key
-
File |
|
Directory |
The directory in which the account resides. |
|
Domain Name |
The forest root domain name for the directory. |
|
Distinguished Name |
The distinguished name for a directory account. |
|
Description |
Description of the dependent account. |
The toolbar includes the following:
Table 94: Assets: Account Dependencies tab toolbar
|
Add Account |
Add an account dependency to the selected asset. |
|
 Remove Account
|
Remove the account dependency from the asset. |
|
Refresh |
Update the list of account dependencies. |
|
Search |
To locate a specific account dependency in this list, enter the character string to be used to search for a match. For more information, see Search box.. |
Access Request Policies (asset)
The Access Request Policies tab displays the entitlements and access request policies, including password and SSH key release policies and session request policies, associated with the selected asset. This information is available to users that have both Asset Administrator and Policy Administrator permissions.
To access Access Request Policies:
- web client: Navigate to Asset Management > Assets > (View Details) > Access Request Policies.
Table 95: Assets: Access Request Policies tab properties
|
Entitlement |
The name of the access request policy's entitlement. |
|
Access Request Policy |
The name of the access request policy that governs the selected account. |
|
Accounts |
The number of unique accounts in the account groups that are associated with the access request policy. |
|
# Account Groups |
The number of unique account groups in the access request policy. |
|
Account Groups |
The names of the account groups that associate the selected account with the policy. |
|
Assets |
The number of unique assets in the asset groups that are associated with the access request policy. |
|
# Asset Groups |
The number of unique assets groups in the access request policy. |
|
Asset Groups |
The names of the asset groups that associate the selected account with the policy. |
Use these buttons on the details toolbar to manage the dependent assets.
Table 96: Assets: Access Request Policies tab toolbar
|
Add to Policy |
Add the selected asset to the scope of an access request policy. |
|
Remove Selected |
Remove the selected policy. |
|
Refresh |
Update the list of access request policies. |
|
Search |
To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box.. |
Owners tab (asset)
The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.
To access Owners:
- web client: Navigate to Asset Management > Assets > (View Details) > Owners.
The Owners tab has two views: Asset Owners and Partition Owners.
Table 97: Assets: Owners tab properties
|
Asset Owners |
| Type |
The type of owner. |
|
Name |
The name of the owner. |
|
Provider |
The name of the authentication provider. |
|
Direct |
This column indicates the ownership of the object was assigned directly rather than through the use of a tag. |
|
Via Tag |
This column indicates the ownership of the object was assigned through the use of a tag. |
|
Partition Owners |
| Type |
The type of user or group. |
|
Name |
The name of the user or group. |
|
Provider |
The name of the authentication provider. |
Use the following buttons on the details toolbar to manage the objects owned by the selected asset.
Table 98: Assets: Owners toolbar
|
Add |
Add one or more users or user groups to the selected asset. For more information, see Adding users or user groups to an asset. |
|
Remove |
Remove the selected object from being a manager of the selected asset. You can only remove objects directly assigned to an asset (as opposed to those assigned via the use of a tag). |
|
Export |
Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data. |
|
Refresh |
Update the list of owners/managers. |
|
Search |
To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box.. |
