지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 6.13.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Adding users or user groups to an account

When you add users to an account, you are specifying the users or user groups that have ownership of an account.

It is the responsibility of the Asset Administrator (or delegated partition owner) to add users and user groups to accounts. The Security Policy Administrator only has permission to add groups, not users. For more information, see Administrator permissions.

NOTE: You are only able to create new users or user groups in the Users or User Groups dialog using the desktop client.

Importing objects

On the desktop client, Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users. A .csv template for import can be downloaded when you click  Import from the toolbar then click CSV Template Assistant for the dialog. For more information, see Creating an import file.

Once an import is completed, you can navigate to the Tasks pane in the Toolbox for details about the import process and invalid data messages. For more information, see Viewing task status.

To import objects

  1. In Administrative Tools, click Assets, Accounts, or Users based on what data you are importing.
  2. Click  Import from the toolbar.
  3. In the Import dialog, Browse to select an existing .csv file containing a list of objects to import.
  4. When importing assets, the Discover SSH Host Keys option is selected by default indicating that Safeguard will retrieve the required SSH host key for the assets specified in the .csv file.

  5. Click OK. Safeguard for Privileged Passwords imports the objects into its database.

Considerations for valid and invalid data

Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file, with the following exceptions:

  • Assets PlatformDisplayName property:
    • If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match, it supplies the <platform> Other platform.
    • If it does not find a partial match, it supplies the Other platform type.
  • Users TimeZoneId property: If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no time zone was provided), it uses the local workstation's current time zone. Do not enter numbers or abbreviations for the TimeZoneId.
  • Users Password property: Safeguard for Privileged Passwords adds a user without validating the password you provide.

Details for importing directory assets, service accounts, users, and user groups

You can use the steps like those above to import your existing directory infrastructure (such as Microsoft Active Directory). Managed account users cannot be members of the Protected Users AD Security Group.

Additional information specific to directory import follows.

  1. Import the directory (and service account) via Administrative Tools | Assets | Import Asset and browse to select the .csv file. Safeguard for Privileged Passwords imports the directory as an asset.

    The directory's service account is automatically added to the list of accounts you can viewed via the Assets | Accounts tab.

  2. Import users and user groups.
    1. Import directory users via Administrative Tools | Users | Import Users and browse to select the .csv file.
    2. Assign to user groups via Administrative Tools | Users Groups | Users (select one or multiple users).
    3. Automatic synchronization: Once you import directory users and directory groups, Safeguard for Privileged Passwords automatically synchronizes the objects in its database with the directory schema attributes. User and group membership changes in the directory are reflected in Safeguard for Privileged Passwords. Directory users authenticate to Safeguard for Privileged Passwords with their directory credentials.

Active Directory and LDAP synchronization

Active Directory and LDAP data is automatically synchronized by asset or identity and authentication providers schema as shown in the following lists.

Asset schema list

  • Users
    • Username
    • Password (modifiable in LDAP and not modifiable in Active Directory)
    • Description
  • Groups
    • Name
    • Member
  • Computer
    • Name
    • Network Address
    • Operating System
    • Operating System Version
    • Description

Identity and Authentication Providers schema list

  • Users
    • Username
    • First Name
    • Last Name
    • Work Phone
    • Mobile Phone
    • Email
    • Description
    • External Federation Authentication
    • Radius Authentication
    • Managed Objects
  • Groups
    • Name
    • Members
    • Description

Creating an import file

On the desktop client, when importing objects, such as accounts, assets, or users, Safeguard for Privileged Passwords expects the import file to be a Comma Separated Values (CSV) file.

A CSV file is a text file used to store database entries where each line is a unique record and each record consists of fields of data separated by commas. You must not add any trailing spaces in the properties you define in the CSV file. The easiest way to create a CSV file is by using a spreadsheet program such as Microsoft Excel; however, you can use any text editor, such as Notepad, to create a comma-delineated file, as long as you save the file with a .csv file type extension.

The order of the columns is not important, but the title of the column must match the property name.

To create a customized .csv file template

  1. In the Import dialog, click CSV Template Assistant.
  2. Select specific template properties from the template properties table, or select the select all check box in the heading. Safeguard for Privileged Passwords preselects the required properties; you can select any additional properties you desire.

  3. Select Download Template to save a copy of the template properties table to a location of your choice.

    • Click the View icon in the Values column to display a list of allowable values. Click Copy to copy the selected value to your copy buffer which can then be pasted into your CSV file.
    • Click Export Full Table, in upper the right corner above the properties table, to save a copy of the properties table.
  4. Locate the downloaded template and add your specific information to the template.

    • Users AdminRoles property: The value for the Authorizer Administrator is "GlobalAdmin".
  5. Use the customized .csv file to import the objects.

Considerations for valid and invalid data

Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file, with the following exceptions:

  • Assets PlatformDisplayName property:
    • If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match, it supplies the <platform> Other platform.
    • If it does not find a partial match, it supplies the Other platform type.
  • Users TimeZoneId property: If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no time zone was provided), it uses the local workstation's current time zone. Do not enter numbers or abbreviations for the TimeZoneId.
  • Users Password property: Safeguard for Privileged Passwords adds a user without validating the password you provide.

Checking, changing, or setting an account password

The Asset Administrator can manually check, change, or set an account password from the Account Security menu.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택