|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
When uploading account data from Safeguard for Privileged Passwords, the information is coming from the local identity provider (Active Directory) for which Safeguard for Privileged Passwords is the authority. It does not include data for disabled Safeguard for Privileged Passwords users.
The following are descriptions of the fields within the accounts CSV file:
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
The group data being used is that which corresponds with the groupings of Safeguard for Privileged Passwords users for the purpose of assigning entitlements. Because the data is specific to Safeguard for Privileged Passwords and how it manages users, the information might not be mapped to external identity providers.
The following are descriptions of the fields within the groups CSV file:
|
NOTE: If any additional columns are included in the groups CSV file, they will be created as group attributes in the graph. |
|
NOTE: Rows having the same authority and id are considered duplicates. On import, one will overwrite the other. |
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
Entitlements are groupings of Safeguard for Privileged Passwords access policies and require that the Account data and Group data must first be gathered. This is because both accounts (users within Safeguard for Privileged Passwords) and groups can be added to entitlements. Each entitlement may contain zero or more access policies. However, an individual access policy may only be part of one entitlement. The reason for this is so that changing one access policy does not unintentionally modify a separate entitlement that the administrator may not realize is related.
The entitlements CSV file is a representation of the following sentence:
<account> has <permission> on <resource> because of <group>
The following are descriptions of the fields within the entitlements CSV file:
Before you are able to upload data to Access Certification, you must generate a CSV file from Safeguard containing that data. For information on the types of data being uploaded, see Data Imports page.
To generate CSV files from Safeguard for Privileged Passwords
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
|
IMPORTANT: Before generating CSV files, review the Additional hardware and software requirements information. |
|
NOTE: It is recommended that you review this diagram before making any edits to the CSV files. |
For instructions and information on connecting, see One Identity Safeguard PowerShell scripting resources. You should be using the PowerShell module marked current version which contains the Access Certification cmdlet.
|
NOTE: For verification that you are running the correct module version use Get-InstallModule. |
Once you have connected to the Safeguard Appliance (see the Getting Started instructions on the One Identity Safeguard PowerShell scripting resources page), run the following cmdlet to create all of the required CSV files:
Get-SafeguardAccessCertificationAll
When prompted, enter your Active Directory credentials.
Once you have completed generating all CSV files, review the files to ensure the data is both complete and accurate. If you find rows that are incomplete and unnecessary, delete the corresponding row.
|
NOTE: The cmdlet simplifies the CSV file creation process by allowing you to run a single cmdlet that calls six cmdlets in order to create the required CSV files. You should still ensure the following columns are correct since the information contained in them needs to match the other CSV files:
|
As a backup option, Access Certification allows you to run each cmdlet individually rather than all together.
To generate CSV files individually from Safeguard for Privileged Passwords
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
|
IMPORTANT: Before generating CSV files, review the Additional hardware and software requirements information. |
|
NOTE: It is recommended that you review this diagram before making any edits to the CSV files. |
For instructions and information on connecting, see One Identity Safeguard PowerShell scripting resources. You should be using the PowerShell module marked current version which contains the Access Certification cmdlets.
|
NOTE: For verification that you are running the correct module version use Get-InstallModule. |
Once you have connected to the Safeguard Appliance (see the Getting Started instructions on the One Identity Safeguard PowerShell scripting resources page), run the following cmdlet to create an identities CSV file for Active Directory identities:
Get-ADAccessCertificationIdentity
Run the following cmdlet to create an identities CSV file for Safeguard for Privileged Passwords identities:
Get-SafeguardAccessCertificationIdentity
The information from the Active Directory and Safeguard identity CSV files need to be merged so that all information is contained within a single file. This will need to be done manually to ensure the correct information is appearing for every identity.
|
NOTE: Ensure the following columns are correct since the information contained in them needs to match the other CSV files:
|
Run the following cmdlet to create an accounts CSV file:
Get-SafeguardAccessCertificationAccount
Run the following cmdlets to process user groups:
Run the following cmdlet to process Safeguard for Privileged Passwords entitlements:
Get-SafeguardAccessCertificationEntitlement
Once you have completed generating all CSV files, review the files to ensure the data is both complete and accurate. If you find rows that are incomplete and unnecessary, delete the corresponding row.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center