지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 7.2 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Managing account groups

Use the controls and tabbed pages in the Account Groups view to perform the following tasks to manage Safeguard for Privileged Passwords account groups:

Adding an account group

It is the responsibility of the Security Policy Administrator to add account groups to Safeguard for Privileged Passwords.

To add an account group

  1. Navigate to Security Policy Management > Account Groups.
  2. Click  Add > Account Group from the toolbar.
  3. In the New Account Group dialog, enter the following information:

    • Name: Enter a unique name for the account group.

      Limit: 50 characters

    • Description: (Optional) Enter information about this account group.

      Limit: 255 characters

  4. Click OK.

Adding a dynamic account group

It is the responsibility of the Security Policy Administrator to add dynamic account groups to Safeguard for Privileged Passwords.

Dynamic account groups are associated with rules engines that run when pertinent objects are created or changed. For example:

  • Whenever you add or change an asset account, all applicable rules are reevaluated against that asset account.
  • Whenever you change an asset account rule, the rule is reevaluated against all asset accounts within the scope of that rule. In other words, the rule is reevaluated against all asset accounts for grouping and the asset accounts within the designated partitions for tagging.

You can create a dynamic account group without any rules; however, no accounts will be added to this dynamic account group until you have added a rule.

In large environments, there is a possibility that the user interface may return before all of the rules have been reevaluated and you may not see the results you were expecting. If this happens, wait a few minutes and Refresh the screen to view the results.

To add a dynamic account group

  1. Navigate to Security Policy Management > Account Groups.
  2. Click  Add > Account Dynamic Group from the toolbar.
  3. In the New Account Group dialog, provide information in each of the tabs:

    General tab (add dynamic account group)

    Where you add general information about the dynamic account group

    Account Rules tab (add dynamic account group)

    Where you define the rules to be used to identify the accounts to be included in a dynamic account group

General tab (add dynamic account group)

On the General tab of the Dynamic Account Group dialog, supply general information about the dynamic account group.

Table 178: Dynamic Account Group: General tab
Property Description
Name

Enter a unique name for the dynamic account group.

Limit: 50 characters

Description

Enter information about this dynamic account group.

Limit: 255 characters

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택