지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 6.13.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Account Discovery job workflow

Safeguard for Privileged Passwords's Account Discovery jobs discover accounts of the assets that are in the scope of a profile. For more information, see About profiles. Account Discovery jobs can include service discovery.

You can configure, schedule, test, and run Account Discovery jobs. After the job has run, you can select whether to manage the account, if it was not identified to be automatically managed.

  1. Create an Account Discovery job and associate assets or create an asset and associate the Account Discovery job.
  2. Account Discovery jobs can be scheduled to run automatically. In addition you can manually launch these jobs in any of the following ways:

    desktop client:

    • From Assets, right-click the asset and choose to run the account or service discovery.
    • From Discovery | Accounts | Account Discovery click Discover Accounts or Discover Services.
    • From Assets | Discovered Services click Discover Services. For more information, see Discovered Services tab (asset).

    web client:

  3. After the Account Discovery job runs, you can mark the managed accounts from Discovery | Accounts | Discovered Accounts ( desktop client) or Discovery | Discovered Items | Accounts ( web client):

    • Click  Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
    • Click  Enable to manage the selected account and assign it to the scope of the default profile.

    NOTE: The discovery job finds all accounts that match the discovery rule's criteria regardless of the state and reports only the accounts discovered that do not currently exist. Account Discovery does not update existing accounts.

Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.

Adding an Account Discovery job

It is the responsibility of the Asset Administrator or the partition's delegated administrator to configure the rules that govern how Safeguard for Privileged Passwords performs account discovery. For more information, see Account Discovery job workflow.

Adding an Account Discovery rule

Use the Account Discovery Rule dialog to define the search criteria to be used to discover directory accounts.

You can dynamically tag an account from Active Directory. In addition, you can add a dynamic account group based on membership in an Active Directory group or if the account is in a organizational unit (OU) in Active Directory.

NOTE: For Unix, all search terms return exact matches. A user name search for ADM only returns ADM, not AADMM or 1ADM2. To find all names that contain ADM, you must include ".*" in the search term; like this: .*ADM.*.

For Windows and Directory, the search terms is contained in the result. A user name search for ADM returns ADM, AADMM, and 1ADM2.

All search terms are case sensitive. On Windows platforms (which are case insensitive), to find all accounts that start with adm, regardless of case, you must enter [Aa][Dd][Mm].*.

Deleting an Account Discovery job

You can delete an Asset Discovery job.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택