Converse agora com nosso suporte
Chat com o suporte

One Identity Safeguard for Privileged Passwords 6.0.10 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Adding a cloud platform account

One Identity Safeguard for Privileged Passwords can manage cloud platform accounts such as Amazon Web Services (AWS), Facebook (deprecated), and Twitter (deprecated).

Before you add cloud platform accounts to Safeguard for Privileged Passwords, you must first add an asset with which to associate the accounts. For more information, see Prepare Amazon Web Services platforms.

To add a cloud platform to Safeguard for Privileged Passwords

  1. log in to Safeguard for Privileged Passwords and navigate to Administrative Tools.
  2. In Assets, click  Add Asset from the toolbar.
  3. In the General tab:
    1. Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts.
    2. (Optional) Description: Enter a description for the asset.
    3. Partition: Select the partition you want Safeguard for Privileged Passwords to use to manage the cloud platform account passwords.
    4. Profile: Select the profile you want Safeguard for Privileged Passwords to use to manage the cloud platform account passwords.

  4. In the Management tab:

    1. Product: Select the appropriate product, such as Amazon Web Services.
    2. Version: For Amazon Web Services, select the version.
    3. Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.

  5. For Amazon Web Services, in the Connection tab, select:

    1. Access Key to authenticate to the asset using an access key. Enter the following information:

      • Service Account Name: Enter the configured IAM service account.
      • Access Key ID: Enter the Access Key ID created for the IAM service account.
      • Secret Key: Enter the Secret Key created for the IAM service account.

      -OR-

    2. None to not authenticate to the asset and manually manage the asset.

Once you add the cloud platform asset, you can associate accounts with it.

To add an account to the cloud platform

  1. In Assets, select the cloud platform asset and switch to the Accounts tab.
  2. Click  Add Account from the details toolbar.
  3. In the User Name field, enter the cloud platform account username, email address, or phone number.
  4. In the Password field, enter the account password for the user name you provided.
  5. Click Test Connection to verify that Safeguard for Privileged Passwords can communicate with this cloud platform using the credentials that you have provided.
  6. (Optional) Enter a Description.
  7. Browse to select a profile to govern this account
  8. Ensure the Enable Password Request option is checked and click Add Account.

Now you can manually check, change, or set the cloud platform account password; and, Safeguard for Privileged Passwords can automatically manage the password according to the Check and Change settings in the profile governing the account.

To check out the cloud platform account

  1. Add a cloud platform Account Group and add the accounts to the group.
  2. Add an entitlement for the cloud platform accounts.
  3. Add users to the entitlements.
  4. Add a password release policy to the entitlement.
  5. Add the cloud platform Account Group to the scope of the policy.

Manually adding a tag to an account

Asset Administrators can manually add and remove static tags to an account. You cannot manually remove dynamically assigned tags which are defined by rules and indicated by a lightening bolt icon. You must modify the rule associated with the dynamic tag if you want to remove it. For more information, see Modifying an asset or asset account tag.

To manually add a tag to an account

  1. Navigate to Administrative Tools | Accounts.
  2. Select an account from the object list (left-pane).
  3. Open the General tab and scroll down to view the Tags pane.
  4. Click next to the Tags title. Existing tags are displayed.

  5. Place your cursor in the edit box and use one method:

    • Enter the name of a tag.
    • Start entering the name of the tag. As you type, existing tags that start with the letters entered appear. Select from the list.
    • To add additional tags, press Enter before entering the next tag.

  6. Click OK. If you do not see the new tag, click the Refresh toolbar button.

  7. To remove a manually assigned tag, click next to the Tags title and click the X inside the tag box to be removed.

Adding an account to one or more account groups

From the Accounts view you can add an account to one or more account groups.

Select an account group to add to an account

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list and open the Account Groups tab.
  3. Click  Add Account Group from the details toolbar.
  4. Select one or more account groups from the list in the Account Groups dialog and click OK.

Create an account group to add to an account

If you do not see the account group you are looking for and you have Security Policy Administrator permissions, you can create an account group from the Account Groups dialog.

  1. Click  Create New and enter the following information:

    • Name: Enter a unique name for the account group. Limit: 50 characters

    • Description: (Optional) Enter information about this account group. Limit: 255 characters

  2. Click Add Account Group.
  3. Create additional account groups, as required.
  4. Click OK in the Account Groups selection dialog to add the new account groups to the selected account.
Related Topics

Adding one or more accounts to an account group

Modifying an account

Once you add an account, you cannot modify an account's associated asset or its name, but you can modify other information.

To modify an account's information

Navigate to Administrative Tools | Accounts.

  • To change the description, profile, or request settings, double-click the account from the object list.
  • To view the selected account's password validation and reset history, switch to the Check and Change Log tab.
  • To view or export the details of each operation that has affected the selected account, switch to the History tab. To export, select the time frame, then click Export.
  • To reset an account's password, right-click the account name and navigate to Account Security and select to check, change, or set the password. For more information, see Checking, changing, or setting an account password.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação