지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 6.7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

User information and log out

On the desktop client, click the user avatar (or the Welcome link with your user name) then click My Account to modify your personal information, time zone (if allowed), manage email notifications, view current notifications, or log out of Safeguard for Privileged Passwords.

NOTE: Safeguard for Privileged Passwords Active Directory users cannot use My Account to modify their email address, phone number, or change their password. They must do these actions in Active Directory

To update your personal information or time zone

  1. From the toolbar, select your user avatar (or the Welcome link with your user name) and choose My Account. Perform any of the following:

    • To change your image, select  Change Photo.

    • To change your email address, Work Phone, or Mobile Phone, type into the appropriate box.
    • Under Location, you can select a new Time Zone. Changing your time zone may be prohibited based on your organization's security procedures. If available, choose to:
      • Display times in local computer time: This is the default. It is the time zone set on your local computer.
      • Display times in my configured time zone: This is the time zone that is set on this page.
  2. Click Done to close the My Account pane.

To manage the notifications you receive

  1. From the toolbar, select your user avatar (or the Welcome link with your user name) and choose My Account.

  2. Click Manage Email Notifications.

    The Manage Email Notifications dialog displays the type of events for which you are receiving email notifications. You can define the types of events for which you want to receive notifications.

    NOTE: When there are no delegated owners assigned to a partition, email notifications related to partitions are sent to the Asset Administrator. However, when a delegated owner is specified to manage the assets and accounts in a partition, email notifications related to partitions are sent to the delegated owner, not to the Asset Administrator.

  3. By default, all events are selected. Clear the check box for any events for which you do not want to receive an email notification. You can clear or check all check boxes by selecting or deselecting the check box next to Events.

  4. Click OK to save your selections and close the dialog.
  5. Click Done to close the My Accounts pane.

To manage your FIDO2 keys

At least one key must be registered. When a key is added, the placeholder name is Unnamed Key. You can enter a meaningful name or later edit the name. It is recommended that all users have more than one key registered in case a key is lost or damaged.

  1. From the toolbar, select your user avatar (or the Welcome link with your user name) and choose My Account.
  2. Click Manage FIDO2 Keys. The name and date each key was registered and last used displays.
    • Click Edit to change the name then click Save. Click Cancel to leave the editing operation.
    • Click Delete to delete a key. One key must remain registered. If a physical security key is lost, always delete the associated key from Safeguard for Privileged Passwords.
    • Click Register New FIDO2 Key to add a key.
      1. You will be asked to insert or connect to the new key.

      2. You will be prompted to reenter your primary credentials for verification.

      3. Tap or activate your new FIDO2 key that is being registered.

      4. You may then go back to the Manage FIDO2 Key page and give your newly registered key a name.

  3. Click Done to close the My Account pane.

For more information, see Requiring secondary authentication log in.

To change your user password

  1. From the toolbar, select your user avatar (or the Welcome link with your user name) and choose My Account.
  2. To change your user password, click Change Password and complete the information.
  3. Click Done to close the My Account pane.
Log Out

Click the user avatar (or the Welcome link with your user name) then click Log Out to log out of the Safeguard for Privileged Passwords desktop client.

Desktop client favorite request

If you are designated as a requester, the desktop client allows you to add an access request as a Favorite to your Home page. Favorites are unique for the user; they are available when you log in to the desktop client or the web client.

You can create a favorite request from your Favorites pane on your Home page or from the New Access Request dialog when creating or editing an access request.

To create a favorite request from your Home page

  1. Click Home.
  2. In the Favorites pane on the right, click New Favorite.

  3. In the New Favorite dialog, specify the following.

    1. On the Asset Selection tab, select the assets to be included in the access request.

    2. On the Account & Access Type tab, highlight the accounts to be included in the access request and the type of access being requested for each selected account. The accounts include linked accounts, if any. For more information, see Linked Accounts tab (user).

      • Account: The available account appears in the Account column. When an asset has multiple accounts available, click Select Account(s) to select an account from the displayed list.
      • Access Type: The type of access request appears in the Access Type column. When multiple access request types are available, this value appears as a hyperlink. Click this hyperlink to select the access type.
  4. Click the Add to Favorites button.

  5. In the Add to Favorites dialog, perform the following:

    1. Name: Enter a name for the request.

    2. Description: Enter descriptive text about the request.
    3. Color: Select the icon color to be used to display the request in your Favorites pane.
    4. Click Add. The dialogs closes and the new favorite are added to the Favorites pane on your Home page.

To request a favorite

  1. At the top of the Favorites pane, click the button to display the Request Selected button.

  2. Select the check box to the left of the favorite to be requested.

  3. On the New Access Request page, edit your selections or enter a required reason or comment before submitting it.

  4. Click Submit Request.

To create a new favorite request from an existing favorite

  1. At the top of the Favorites pane, click the button to display the Request Selected button.

  2. Select the check box to the left of the favorite to used to create a new favorite. This saves you time entering information.

  3. On the New Access Request page, edit your selections or enter a required reason or comment before submitting it.
  4. At the bottom of the New Access Request dialog, click the Add to Favorites button. The Add to Favorites button is enabled when you select the minimum required information (that is, at least one asset, account, and an Access Type) for the access request.

  5. In the Add to Favorites dialog, specify the following:

    1. Name: Enter a name for the request.

    2. Description: Enter descriptive text about the request.
    3. Color: Select the icon color to be used to display the request in your Favorites list.
  6. Click Add.

To change a favorite request's icon color

  1. At the top of the Favorites pane, click the button to display the Color Selected button.

  2. Select the check box to the left of the favorite request to be changed.

  3. Click Color Selected.

  4. In the Settings dialog, choose a color and select OK. The icon for the favorite now appears in the color you selected.

To remove a favorite request

  1. At the top of the Favorites pane, click the button to display the Remove Selected button.

  2. Select the check box to the left of the favorite request to be removed.

  3. Click the Remove Selected button.
  4. Select Yes to confirm.

Desktop client navigation pane

In the desktop client, the Home page left navigation pane has these links.

  •  Home: Where you view and take action on the access request tasks that need your immediate attention. As a requester, it also provides access to your list of Favorite access request queries.
  • Dashboard: Where Security Policy Administrators can audit access requests. Where Asset Administrators can view information regarding accounts that are failing different types of tasks.
  •  Activity Center: Where you can search for and review activity for a specific time frame.
  • Reports: Where you can view and export entitlement reports that show you which assets and accounts a selected user is authorized to access.
  • Administrative Tools: Where you add all the objects you need to write access request policies, such as users, accounts, and assets. Where you define and management all of the administrative Safeguard for Privileged Passwords settings.

Home

Click Home to go to the home page. The Home page is tailored to your user rights and permissions. If you are authorized by an entitlement to request, approve, or review access requests, then your Home page gives you a quick view to the access request tasks that need your immediate attention.

Click Home to go to the home page. Based on your role, the dashboard displays My Requests, Approvals, and Reviews, the number of tasks in each queue, and the status of each task (for example, Available, Denied, Revoked, Pending) as well as whether the task is Due Today.

In addition to tasks based on your role, you can perform the following from the Home page:

Typically:

  • Delete: The record is deleted from the database
  • Remove: The selected item is removed from the grid but not deleted from the database
Requester's Home page view

Click the New Request tile to open the New Access Request dialog, which lists the assets and accounts you are authorized to access. From this dialog you specify the assets, accounts and the type of access you are requesting, and additional details about the request.

For more information, see:

Click Requests to view the requests awaiting action.

For more information, see:

The Favorites pane (right pane) displays a list of requests you have marked as a favorite, providing a quick way to request access. For more information, see Desktop client favorite request.

Approver's Home page view

Your job is to approve or deny the access requests listed on your Home page. Click Approvals to view the requests awaiting your approval. As an approver, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

Reviewer's Home page view

Your job is to review completed access requests listed on your Home page. Click Reviews to view the completed requests requiring your review. As a reviewer, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택