지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 6.13.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Add Condition (asset discovery)

An Asset Discovery rule can have more than one condition, and each condition can have one or more constraints. When Safeguard for Privileged Passwords runs the discovery job, it finds all assets that meet all of the search conditions.

Navigate to:

  • desktop client: Navigate to Administrative Tools | Discovery | Asset Discovery | (add or edit Asset Discovery job) | Asset Discovery dialog | Rules tab | Asset Discovery Rule dialog | Add Condition.
  • web client: Asset Management | Discovery | Assets | (add or edit Asset Discovery job) | New Asset Discovery Job dialog | Asset Discovery Rules tab | (add asset discovery rule) | New Asset Discovery Rule dialog | Conditions tab| (add condition).

Add Find All condition

  1. In the Condition dialog, in Find By, choose Find All.
  2. If you are setting up an Asset Discovery job for a directory, Browse the Filter Search Location to select a container within the directory to search for assets. Select Include objects from sub containers to include objects from sub containers or clear the check box to exclude child objects from discovery.

  3. Click Preview to test the conditions you have configured and display a list of assets Safeguard for Privileged Passwords will find in the directory or network you specified based on the conditions entered.

  4. Click OK.

Add LDAP Filter (for LDAP or Active Directory) condition

Search base limits the search to the defined branch of the specified directory, including sub containers if that option is selected. This condition is only available for a Directory discovery job (LDAP or Active Directory directories).

  1. In the Condition dialog,
    1. Find By: Choose LDAP Filter and enter the search criteria to be used. 
    2. Filter Search Location: Browse to select a container within the directory to search for assets.

      TIP: Do not select the Directory Root for Asset Discovery jobs.

    3. Include objects from sub containers: Optionally, select this check box to search for assets in sub-containers.
  2. Click Preview to test the conditions you have configured.
  3. Click OK to save your selections.

Add Group for a Directory condition

This condition is only available for a Directory discovery job.

  1. In the Condition dialog:
    1. Find By: Choose Group.
    2. Click Add to launch the Group dialog.
    3. Contains: Enter a full or partial group name and click Search. You can only enter a single string (full or partial group name) at a time.

    4. Filter Search Location: Browse to select a container to search within the directory.
    5. Include objects from sub containers: Select this check box to include child objects.
    6. Select the group to add: The results of the search displays in this grid. Select one or more groups to add to the discovery job.
  2. Click Preview to test the conditions you have configured and display a list of assets Safeguard for Privileged Passwords will find in the directory or network you specified based on the conditions entered.

  3. Click OK to save your selections.
Closed( web client) To add Constraints condition

Edit Connection Template (asset discovery)

You can change how you want Safeguard for Privileged Passwords to connect to and communicate with the discovered assets. The default Connection Template is None so assets are authenticated manually.

Navigate to:

  • desktop client: Navigate to Administrative Tools | Discovery | Asset Discovery | (add or edit Asset Discovery job) | Asset Discovery dialog | Rules tab | Asset Discovery Rule dialog | Connection Template.
  • web client: Asset Management | Discovery | Assets | (add or edit Asset Discovery job) | New Asset Discovery Job dialog | Asset Discovery Rules tab | (add asset discovery rule) | New Asset Discovery Rule dialog | Connection Template tab
Discovery details
  • Once Safeguard for Privileged Passwords creates an asset, it will not attempt to re-create it or modify the asset if the asset is rediscovered by a different job.
  • Any SSH host keys encountered in discovery will be automatically accepted.
  • You can configure multiple rules for an Asset Discovery job. When Safeguard for Privileged Passwords runs the Asset Discovery job, if it finds an asset with more than one rule, it applies the connection and profile settings of the first rule that discovers the asset.

Add Asset Profile (asset discovery)

During Asset Discovery, Safeguard for Privileged Passwords automatically adds the assets that it finds and begins to manage them according to the settings in the asset profile you set on the Rules tab.

Discovery details
  • Once Safeguard for Privileged Passwords creates an asset, it will not attempt to re-create it or modify the asset if the asset is rediscovered by a different job.
  • Any SSH host keys encountered in discovery will be automatically accepted.
  • You can configure multiple rules for an Asset Discovery job. When Safeguard for Privileged Passwords runs the Asset Discovery job, if it finds an asset with more than one rule, it applies the connection and profile settings of the first rule that discovers the asset.

Navigate to:

  • desktop client: Navigate to Administrative Tools | Discovery | Asset Discovery | (add or edit Asset Discovery job) | Asset Discovery dialog | Rules tab | Asset Discovery Rule dialog | Asset Profile.
  • web client: Asset Management | Discovery | Assets | (add or edit Asset Discovery job) | New Asset Discovery Job dialog | Asset Discovery Rules tab | (add asset discovery rule) | New Asset Discovery Rule dialog | Management tab

Schedule tab (asset discovery)

Navigate to:

  • desktop client: Navigate to Administrative Tools | Discovery | Asset Discovery | (add or edit a Asset Discovery job).
  • web client: Asset Management | Discovery | Assets | (add or edit a Asset Discovery job).

On the Schedule tab, configure when you want to run the Asset Discovery job.

Select Run Every to run the job along per the run details you enter. (If you clear Run Every, the schedule details are lost.)

  • Select a time frame:

    • Never: The job will not run according to a set schedule. You can still manually run the job.
    • Minutes: The job runs per the frequency of minutes you specify. For example, Run Every 30/Minutes runs the job every half hour over a 24-hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.
    • Hours: The job runs per the minute setting you specify. For example, if it is 9 a.m. and you want to run the job every two hours at 15 minutes past the hour starting at 9:15 a.m., select Run Every 2/Hours/@ minutes after the hour 15.

    • Days: The job runs on the frequency of days and the time you enter.

      For example, Run Every 2/Days/Starting @ 11:59:00 PM runs the job every other evening just before midnight.

    • Weeks The job runs per the frequency of weeks at the time and on the days you specify.

      For example, Run Every 2/Weeks/Starting @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 a.m. on Monday, Wednesday, and Friday.

    • Months: The job runs on the frequency of months at the time and on the day you specify.

      For example, If you select Run Every 2/Months/Starting @ 1:00:00 AM along with Day of Week of Month/First/Saturday, the job will run at 1 a.m. on the first Saturday of every other month.

  • Select Use Time Windows if you want to enter the Start and End time. You can click Add or Remove to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.

    For example, for a job to run every ten minutes every day from 10 p.m. to 2 a.m., enter these values:

    Enter Run Every 10/Minutes and set Use Time Windows:

    • Start 10:00:00 PM and End 11:59:00 PM
    • Start 12:00:00 AM and End 2:00:00 AM

      An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error as the end time must be after the start time.

    If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.

    For a job to run two times every other day at 10:30 am between the hours of 4 a.m. and 8 p.m., enter these values:

    For days, enter Run Every 2/Days and set Use Time Windows as Start 4:00:00 AM and End 8:00:00 PM and Repeat 2.

  • (UTC) Coordinated Universal Time is the default time zone. Select a new time zone, if desired.

If the scheduler is unable to complete a task within the scheduled interval, when it finishes execution of the task, it is rescheduled for the next immediate interval.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택