Modifying SSH key sync groups
Security Policy Settings
In the 
web client, Security Policy Management has a settings page used to manage Sessions Password Access and the Audit Log Stream Service.
Navigate to Security Policy Management | Settings to manage the settings listed below.
Table 251: Security Policy Settings
|
Session Password Access Enabled |
Use this toggle to enable or disable session password access. This feature is disabled by default. |
|
Audit Log Stream Service |
Use this toggle to send Safeguard for Privileged Passwords data to Safeguard for Privileged Sessions (SPS) to audit the Safeguard privileged management software suite. The feature is disabled by default.
To accept SPP data, the SPS Appliance Administrator must turn on audit log syncing. For information, see the Safeguard for Privileged Sessions Administration Guide.
SPP and SPS must be linked to use this feature. For more information, see SPP and SPS sessions appliance link guidance.
While the synchronization of SPP and SPS is ongoing, SPS is not guaranteed to have all of the audit data at any given point due to some latency.
|
Users
A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups. in Overview of the Entities.
Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.
- Authorizer Administrator: General, History
- User Administrator: General, User Groups (directory users only), History
- Help Desk Administrator: General, History
- Auditor: General, Owned Objects, User Groups, Entitlements, Linked Accounts, History
- Asset Administrator: General, Owned Objects
- Security Policy Administrator: General, User Groups, Entitlements, Linked Accounts, History
The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Activating or deactivating a user account.
Go to Users:
- web client: Navigate to Security Policy Management | Users
desktop client: Navigate to Administrative Tools | Users
Users view
The Users view displays the following information about a selected user:
Toolbar
Use these toolbar buttons to manage users:
Add User/New User: Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.
Delete Selected /Delete: Remove the selected user. For more information, see Deleting a user.
- ( web client only)
View details: View and edit the details for a selected user.
Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
- ( desktop client only)
Import Users: Add users to Safeguard for Privileged Passwords. For more information, see Importing objects.
- ( desktop client only)
User Security: Menu options include: Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a local user's account.
- ( web client only) Set Password: Use this option to set a password for a local user.
- ( web client only)
Unlock: Use this option to unlock the account of a local user.
- ( web client only)
Activate User: Use this option activate the account of a selected user.
- ( web client only)
Deactivate User: Use this option to deactivate the account of a selected user.
Refresh: Update the list of users.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
General/Properties tab (user)
The General/Properties tab lists information about the selected user.
In the desktop client, large tiles at the top of the tab display the number of Owned Objects, User Groups, Entitlements, and Linked Accounts associated with the selected user, based on the user's permissions. Clicking a tile heading opens the corresponding tab.
The tiles visible in the desktop client depend on your administrator permissions:
- All tiles are visible to the Auditor.
- Owned Objects tile is visible to Asset Administrator.
- User Groups, Entitlements, and Linked Accounts tiles are visible to Security Policy Administrator.
To access General/Properties:
- desktop client: Navigate to Administrative Tools | Users | General.
- web client: Navigate to User Management | Users | (Edit) | Properties.
Table 252: Users General/Properties tab: Authentication properties
|
Identity |
|
|
Identity Provider |
The source from which the user’s personal information comes from and is synchronized with. |
| Username |
A user's display name. |
|
First Name |
The user's first name. |
|
Last Name |
The user's last name. |
|
Work Phone |
The user's work telephone number. |
| Mobile Phone |
The user's mobile telephone number. |
| Email |
The user's email address. |
|
( web client only) Description |
The description text entered the user information was added or updated. This may be entered on the User dialog, Identity tab in the Description text box. |
|
( web client only) Location |
User can change their time zone, by default. Or, the User Administrator can prohibit a user from changing the time zone, possibly to ensure adherence to policy. For more information, see Time Zone. |
|
Authentication |
|
| Authentication Provider |
How the user authenticates with Safeguard for Privileged Passwords:
- Certificate: with a certificate
- Local: with a user name and password
- Directory name: with directory credentials
|
|
Login name |
The identifier the user logs in with. |
| Domain Name |
If the primary Authentication Provider is a directory, this indicates the directory's domain name. |
|
Distinguished Name |
The distinguished name for authentication. |
| Secondary Authentication |
If you set up a user to require secondary authentication, this indicates the name of this user's secondary authentication service provider. |
| Secondary Authentication Username |
The name of the user account on the secondary authentication service provider required at log in. |
|
web client only: Password Never Expires |
When enabled, this field indicates the password associated with the user does not expire. |
|
web client only: User Must Change Password at Next Login |
When enabled, this field indicates the user will be prompted to change their password the next time they login. |
|
( desktop client only) Location |
|
| Time Zone |
User can change their time zone, by default. Or, the User Administrator can prohibit a user from changing the time zone, possibly to ensure adherence to policy. For more information, see Time Zone. |
|
Permissions |
|
| Permissions |
Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions. |
|
( desktop client only) Description |
|
|
Description |
The description text entered the user information was added or updated. This may be entered on the User dialog, Identity tab in the Description text box. |
Add to add an account to the SSH key sync group.
Remove Selected to remove the selected account from the SSH key sync group. This does not delete the account from Safeguard for Privileged Passwords.
Sync Now to sync the selected SSH key to match the SSH key sync group. The Status follow:
Displays when the SSH key is in sync with the SSH key sync group.
Displays if the SSH key is not in sync with the SSH key sync group.