Use the Access Request settings to enable (or disable) services and to define global reason codes that can be used when creating access request policies.
Navigate to 
| Setting | Description |
|---|---|
|
Enable or disable access request and services
|
Where you enable or disable the following Safeguard for Privileged Passwords services:
|
| Reasons |
Where you configure access request reason codes, which can then be used when creating access request policies. |
One Identity Safeguard for Privileged Passwords allows you to enable or disable access request and password and SSH key management services. These settings control session and password or SSH key release requests, manual account password or SSH key validation, and reset tasks, as well as the automatic profile check and change tasks in Partitions. You can also enable to disable discovery tasks, directory sync, and the Sessions Module (Safeguard for Privileged Sessions).
By default, services are disabled for service accounts and for accounts and assets found as part of a discovery job. Service accounts can be modified to adhere to these schedules and discovered accounts can be activated when managed.
It is the responsibility of the Appliance Administrator to manage these settings.
Navigate to Administrative Tools | Settings | Access Request | Enable or Disable Services.
All services are enabled by default, except for the Sessions Module: 
| Setting | Description |
|---|---|
|
Requests | |
|
Session Requests Enabled |
Session requests are enabled by default, indicating that authorized users can make session access requests. There is a limit of 1,000 sessions on a single access request. Click the Session Requests Enabled toggle to disable this service so sessions can not be requested. NOTE: When Session Requests is disabled, no new session access requests can be initiated. Depending on the access request policies that control the target asset/account, you will see a message informing you that the Session Request feature is not available. In addition, current session access requests cannot be launched. A message appears, informing you that Session Requests is not available. For example, you may see the following message: This feature is temporarily disabled. See your appliance administrator for details. |
|
Password Requests Enabled |
Password requests are enabled by default, indicating that authorized users can make password release requests Click the Password Requests Enabled toggle to disable this service so passwords can not be requested. NOTE: Disabling the password request service will place any open requests on hold until this service is reenabled. |
|
SSH Key Requests Enabled |
SSH key requests are enabled by default, indicating that authorized users can make SSH key release requests Click the SSH Key Requests Enabled toggle to disable this service so SSH keys can not be requested. NOTE: Disabling the password request service will place any open requests on hold until this service is reenabled. |
|
Password Management | |
|
Check Password Management Enabled |
Check password management is enabled by default, indicating that Safeguard for Privileged Passwords automatically performs the password check task if the profile is scheduled, and allows you to manually check an account's password. Click the Check Password Management Enabled toggle to disable the password validation service. NOTE: Safeguard for Privileged Passwords enables automatic password management services by default. Typically, you would only disable them during an organization-wide maintenance window. When disabling a password management service, Safeguard for Privileged Passwords allows all currently running tasks to complete; however, no new tasks will be allowed to start. |
|
Change Password Management Enabled |
Change password management is enabled by default, indicating that Safeguard for Privileged Passwords automatically performs the password change task if the profile is scheduled, and allows you to manually reset an account's password. Click the Change Password Management Enabled toggle to disable the password reset service. NOTE: Safeguard for Privileged Passwords enables automatic password management services by default. Typically, you would only disable them during an organization-wide maintenance window. When disabling a password management service, Safeguard for Privileged Passwords allows all currently running tasks to complete; however, no new tasks will be allowed to start. |
|
SSH Key Management | |
|
Check SSH Key Management Enabled |
SSH key check is enabled by default, indicating that SSH key check is managed per the profile governing the partition's assigned assets and the assets' accounts. |
|
Change SSH Key Management Enabled |
SSH key change is enabled by default, indicating that SSH key change is managed per the profile governing the partition's assigned assets and the assets' accounts. |
|
Discovery | |
|
Asset Discovery Enabled |
Asset discovery is enabled by default, indicating that available Asset Discovery jobs find assets by searching directory assets, such as Active Directory, or by scanning network IP ranges. For more information, see Discovery. |
|
Account Discovery Enabled |
Account discovery is enabled by default, indicating that available Account Discovery jobs find accounts by searching directory assets such as Active Directory or by scanning local account databases on Windows and Unix assets (/etc/passwd) that are associated with the account discovery job. For more information, see Discovery. |
|
Service Discovery Enabled |
Service discovery is enabled by default, indicating that available Service Discovery jobs find Windows services that run as accounts managed by Safeguard. For more information, see Discovery. |
|
SSH Key Discovery Enabled |
SSH key discovery is enabled by default. With the toggle on, SSH keys in managed accounts are discovered. For more information, see SSH Key Discovery. |
|
Directory | |
|
Directory Sync Enabled |
Directory sync is enabled by default, indicating that additions or deletions to directory assets are synchronized. You can set the number of minutes for synchronization. For more information, see Management tab (add asset desktop client). |
|
Session Module Password Access Enabled |
Session module password access is disabled by default. When the toggle is on, Safeguard for Privileged Passwords (SPP) can create an access request and check out a password from Safeguard for Privileged Sessions (SPS) on behalf of another user. When the toggle is switched off, this ability is revoked. This functionality supports Safeguard for Privileged Sessions (SPS) version 6.2.0 or later. For more information, see the One Identity Safeguard for Privileged Sessions Administration Guide: One Identity Safeguard for Privileged Sessions - Technical Documentation. |
In an access request policy, a Security Policy Administrator can require that a requester provide a reason for requesting access to a password, SSH key, or session. Then, when requesting access, the user can select a predefined reason from a list. For example, you might use these access request reasons:
To configure access request reasons
Add Reason to add a new reason.
Name: Enter a name for the reason. Limit: 50 characters
Description: Enter a description for the reason. Limit: 255 characters
To edit a reason, click 
The Reason dialog appears allowing you to modify the name or description.
To delete a reason, click 
In the confirmation dialog, click Yes.
Use the Appliance settings to view general information about the appliance, run diagnostic tools, and reset or update the One Identity Safeguard for Privileged Passwords hardware appliance.
Safeguard for Privileged Passwords can be set up to use a virtual appliance. For more information, see Using the virtual appliance and web management console.
One Identity Safeguard for Privileged Passwordsprovides the following information to help you resolve many common problems you may encounter as you deploy and use your appliance.
| Setting | Description | ||
|---|---|---|---|
|
Where you execute a trusted, secure diagnostics package to help solve a configuration issue, synchronization issue, clustering issue, or other internal issues. | |||
|
Where you view general information about the appliance, as well as its performance utilization and the memory usage. | |||
|
|
Where you enable or disable debug logging to a syslog server. | ||
|
Enable or disable A2A and audit log stream
|
Where you enable or disable the Application to Application functionality and the Audit Log Stream Service.
| ||
|
Where you add or update a Safeguard for Privileged Passwords license. | |||
|
Where you run diagnostic tests on your appliance. | |||
| Networking | Where you view and configure the primary network interface, and if applicable, the sessions network interface. | ||
| Operating System Licensing |
Available on virtual machine only. Not available on hardware. Where you configure the operating system for the virtual appliance. | ||
|
|
Where you upload and install a patch update file.
| ||
|
|
Where you shut down or restart your appliance in the web client.
| ||
|
Where you configure SSH Algorithms to manage account passwords and SSH keys. | |||
| Support bundle |
Where you create a support bundle containing system and configuration information to send to One Identity Support to analyze and diagnose issues with your appliance. | ||
| Time |
Where you enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. A replica in the cluster will always reference the primary appliance as its NTP server. You can also manually set the time on a primary but not a cluster.
| ||
|
Available on hardware only. Not available on a virtual machine. Where you perform a factory reset to revert your appliance to its original state when it first came from the factory. | |||
|
Available on hardware only. Not available on a virtual machine. Where you enable and disable lights out management, which allows you to remotely manage the power state and serial console to Safeguard for Privileged Passwords using the baseboard management controller (BMC). |
In addition to the appliance options, One Identity Safeguard for Privileged Passwords provides these troubleshooting tools:
| Tool | Description |
|---|---|
|
|
View the details of specific events or user activity. For more information, see Activity Center. |
| LCD status messages | Use the LCD screen on the appliance to view the status of the appliance as it is starting up or shutting down. For more information, see LCD status messages. |
| Recovery Kiosk (Serial Kiosk) | A terminal or laptop connected directly to the appliance to view basic appliance information, restart the appliance remotely, shut down the appliance, reset the bootstrap administrator’s password to its initial value, perform a factory rest, or to generate and send a support bundle to a Windows share. For more information, see Recovery Kiosk (Serial Kiosk). |
© ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center
