Converse agora com nosso suporte
Chat com o suporte

One Identity Safeguard for Privileged Passwords 6.0.10 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Verifying syslog server configuration

Use the Send Test Event link located below the Syslog configuration table on the Syslog pane to verify your syslog server configuration. Navigate to Administrative Tools | Settings | External Integration | Syslog.

To validate your setup

  1. When configuring your syslog server, on the Syslog dialog add the test event.
  2. Back on the Syslog pane, select the syslog server configuration from the table, then select Send Test Event.

    Safeguard for Privileged Passwords logs a test message to the designated syslog server.

NOTE: To log event messages to a syslog server, you must configure Safeguard for Privileged Passwords to send alerts. For more information, see Configuring alerts.

Ticketing system

You can integrate with an external ticketing system or use ticketing that is not configured with an external ticketing system. Tickets can be viewed in the Activity Center, Ticket # column.

Not integrated with an external ticketing system

Security Policy Administrators can require requesters to reference a ticket number in their password or session access request but not have the ticket validated against an external ticketing system but, optionally, may be validated against the regular expression of a generic ticketing system. The ticket number is used in the decision to approve the request.

Require a ticket number

  1. Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
  2. Click  Add to add a ticket system.
  3. Provide the following:

    1. Name: Enter a name to be used in tracking tickets.

    2. Type: Select Other.

    3. Regular Expression: Enter the regular expression pattern to validate for an exact match. For more information, see Regular expressions.

    4. Click Validate to validate the Regular Expression entry.

Ticket workflow

  1. The Security Policy Administrator creates an access request policy that requires the requester to provide a ticket number when creating an access request. For more information, see Creating an access request policy
  2. When the requester makes a request, they must enter a ticket number on the New Access Request dialog, Request Details tab, Ticket Number field. For more information, see Requesting a password release and Requesting session access.
  3. Safeguard for Privileged Passwords validates the ticket number against the regular expression. If the ticket number is an exact match to the regular expression, the workflow continues.

Integrated with an external ticketing system

Safeguard for Privileged Passwords allows you integrate with your company's external ticket system such as ServiceNow or Remedy. Workflow examples follow.

IMPORTANT: The data items specific to ServiceNow and Remedy (for example, Client ID, Client Secret, and Authentication String) may be optional based on your configuration.

ServiceNow integration workflow example

ServiceNow is a cloud-based issue tracking system. Safeguard for Privileged Passwords can exchange the following ticket types with ServiceNow:

  • INC (incident) tickets
  • CHG (change) tickets
  • RITM (request) tickets
  • PRB (problem) tickets

To use ServiceNow, the root CA Certificate required for ServiceNow must be installed in Safeguard for Privileged Passwords. For more information, see Trusted Certificates. To add a trusted certificate, see Adding a trusted certificate.

Ticket workflow

  1. The Security Policy Administrator creates an access request policy that requires the requester to provide a ticket number when creating an access request. For more information, see Creating an access request policy
  2. When the requester makes a request, they must enter the existing ServiceNow ticket number on the New Access Request dialog, Request Details tab, Ticket Number field. For more information, see Requesting a password release and Requesting session access.
  3. Safeguard for Privileged Passwords queries all configured ticket systems to see if that ticket number represents a ticket that exists and is in an open state. For ServiceNow, Safeguard checks the Active property of the identified ticket returned from the ServiceNow API and considers the ticket number valid if the Active property is not false for that incident.
    1. If the ticket is not active, the request is denied.
    2. If the ticket is active, the access workflow continues.
Remedy integration workflow

The details in the ServiceNow integration workflow example apply to Remedy ticket systems except Remedy will have a different certificate and ticket types. Safeguard checks the Status property of the incident returned from the Remedy API. The ticket is considered valid if Status is not Closed or Cancelled.

Ticketing pane

Navigate to Administrative Tools | Settings | External Integration | Ticket Systems. The Ticket System pane displays the following about the ticket systems defined.

Ticketing toolbar

Use these toolbar buttons to manage the ticketing systems defined to integrate with Safeguard for Privileged Passwords.

  • New: Add a new ticket system.
  • Delete Selected: Remove the selected ticket system from Safeguard for Privileged Passwords.
  • Refresh: Update the list of ticket systems.
  • Edit: Modify the selected ticket system configuration.

To configure Safeguard for Privileged Passwords to integrate with an external ticket system

  1. Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
  2. Click  Add to add a new ticket system.
  3. Provide the following:

    1. Name: Enter the name of your ticketing system.

    2. Type: Select the type of ticketing tracking system:

      • ServiceNow: A cloud-based issue tracking system.
      • Remedy: A request-for-service problem tracking system.

    3. URL: Enter the web site address to the ticketing system.

    4. User Name: Enter an account for Safeguard for Privileged Passwords to use to access the ticketing system.

    5. Password: Enter the user account's password.

    6. Client Identifier: Enter the ServiceNow Client ID.
    7. Client Secret: Enter the ServiceNow secret key.
    8. Authentication String: Enter the authentication credential for the Remedy AR (Action Request) system server.
    9. Test Connection: Click Test Connection verify the connection works.

Messaging settings

Safeguard for Privileged Passwords allows you to set the following notifications.

Navigate to Administrative Tools | Settings | Messaging.

Table 168: Messaging settings
Setting Description
Login Notification

Where you enable a login banner that users must acknowledge before they can access Safeguard for Privileged Passwords

Message of the Day

Where you set the Message of the Day that displays on the Home page

Login Notification

It is the responsibility of the Appliance Administrator to configure the login notification displayed when a user logs into One Identity Safeguard for Privileged Passwords.

To configure the login notification

  1. Navigate to Administrative Tools | Settings | Messaging | Login Notification.
  2. Select the Message check box and enter a message.
  3. Click OK.
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação