Converse agora com nosso suporte
Chat com o suporte

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Home page

Click Home to go to the home page. The Home page can be tailored to your role by allowing you to show or hide many of the tiles that can be displayed. For example, the page displays tiles for My Requests, Approvals, and Reviews, where each tile contains the number of tasks and their status, such as Available, Denied, Revoked, or Pending, and also the number of tasks Due Today.

For some administrator users, additional tiles for Appliance Resources, Cluster Status, Access Request Activity, Account Automation, and Running Tasks can also be displayed.

All users can choose to read the Message of the Day that the Appliance Administrator sets. For more information, see Message of the Day.

To set the displayed tiles on your home page, click Settings. The opening side sheet allows you to toggle the display of any of the tiles available to your role.

For Requesters

All users of Safeguard for Privileged Passwords have the right to submit an access request, if they have been assigned to an entitlement. A requester user can hide all tiles on the home page except for the My Requests and Most Recently Used Favorites. To submit an access request, see the following for more information:

After an access request has been submitted, the user can click the My Requests tile to view the requests awaiting action. For more information, see:

The Most Recently Used Favorites tile shows a list of up to 5 of your most recently used favorite requests.

For Approvers

An approver can be added to an access request policy to approve or deny an access request made by another user. An approver can hide all tiles on the home page except for the Approvals, unless the user is also responsible for other roles. For more information on approving access requests, see:

For Reviewers

A reviewer can be added to an access request policy to review completed access requests. A reviewer can hide all tiles on the home page except for the Reviews, unless the user is also responsible for other roles. For more information on reviewing access requests, see:

My Requests

If you are a requester, click My Requests to make a request or see information about requests.

If Show Account Availability is enabled, you can identify if a privileged account is available or not. Accounts display a warning badge if in use by a request. An account's status is updated immediately after being changed in order to avoid overlapping account requests from multiple users.

Hover over the badge to display <X> of <X> accounts in use. Showing account availability requires additional API queries that may impact performance. This toggle is set by the user, not an administrator. There is no global toggle.

NOTE: When the policy that is governing the request has enabled Allow simultaneous access for multiple user access, the request may still be available even though Show Account Request Availability indicates it is in use.

The My Request page has additional settings that can be used to configure the displayed information. Clicking the button will open a panel with the following options:

  • My Request Favorites: Select this option to display a widget showing configured favorite requests.

  • Show Account Request Availability (may impact performance): Select this option to show the account request availability. Depending on the number of requests this may impact performance.

  • Show Session Launch Button: Select this option to add a Launch Session button the My Request page. This button allows you to open sessions via registered URL schemes in the browser.

  • Show Web Session Launch Button: Select this option to add a Launch Web Session button the My Request page. This button allows you to open Safeguard Remote Access sessions via One Identity Starling.

  • Page Size: Use the associated tiles (25, 50, or 100) to select the number of requests that will be displayed on the My Request page.

To make a request

You must be an authorized user of an entitlement to create a request for the assets and accounts you need.

  1. Click My Requests to go to the My Requests page.
  2. Follow the workflow steps. For more information, see Privileged access requests.

To create a favorite

You can create favorites for requests you make often. For more information, see Favorites (web client).

To view and manage requests

On the My Requests page, you can view the requests. Control the display using the following approaches:

  • Click then select Check-In All Available to check-in all the available requests, Clear All to remove all requests, or Cancel All Pending Time Requested to cancel and remove all pending requests.

  • Click Sort By then select to sort by Account Name, Asset Name, Due Next, Expiring Next, Most Recent, or Status.
  • Click sort up or sort down to sort in ascending or descending order.
  • Click Filters to filter by the status.
    • Available: Approved requests that are ready to view or copy.
    • Pending Approval: Requests that are waiting for approval.
    • Approved: Requests that have been approved, but the check out time has not arrived. Or, for pending accounts restored when using the SPS suspend feature.
    • Revoked: Approved requests retracted by the approver. The approver can revoke a request after the request has become available.
    • Expired: Requests for which the Checkout Duration has elapsed.
    • Denied: Requests denied by the approver.
  • Click Search to see a list of searchable elements. Or enter search characters. For more information, see Search box.
  • If a denied or revoked request has been commented on by an approver, you can click the button associated with the request to view the comment.

To launch web sessions

There are two options for launching browser-based sessions from the SPS web client:

  • Launch Session: This option allows you to open Windows desktop-based sessions via registered URL schemes.

  • Launch Web Session: This button allows you to open Safeguard Remote Access sessions via One Identity Starling.

In order to use the Launch Web Session button to launch Safeguard Remote Access sessions, some additional requirements must be met:

Approvals

To manage approvals, on the left of the page, click Approvals. On the Approvals page, you can:

  • View details by selecting a request, then looking at the details display on the right of the page, including the workflow.

  • Approve one or more request: Select the requests and click (Approve all selected requests). Optionally, enter a comment.

  • Deny one or more request: Select the requests and click (Deny all selected requests). Optionally, enter a comment.

  • Change the columns that appear: Click (Columns) and select the columns you want to see. You can select columns including the following information:

    • Action: Displays (Approve only this request) and (Deny only this request).

    • Requester / Status: Displays the user name and the status of the approval (for example, Pending 1 approval).

    • Asset / Access Type: Displays the name of the asset and the type of access (for example, Password, SSH Key, RDP, SSH, API Key, or Telnet).

    • Account: Displays the managed account name.

    • Ticket Number: Displays the ticket number, if required.

    • Requested For: Displays the date and time as well as the window of availability (for example, March 20, 2021 9:56 AM 2 hours).

  • Search: To see a list of searchable elements, click (Search). For more information, see Search box.

Reviews

To manage reviews, on the left of the page, select (Reviews). On the Reviews page, you can:

  • View the details of a workflow by selecting it.

  • Mark one or more request as reviewed by selecting the requests, then performing one of the following actions:

    • If no comment is required, click (Mark all the selected requests as reviewed).

    • If a comment is required, this icon will display as (One or more of the selected requests requires review comments). Add the comment, then click Mark as Reviewed.

  • Change the columns that display: Click (Select columns to display) and select the columns you want to see.

    • Action: Displays (This request requires review comments) or (Mark only this request as reviewed).

    • Requester: Displays the user name of the requester.

    • Access Type: Displays the type of access (for example, Password, SSH Key, RDP, RDP Application, SSH, API Key, or Telnet).

    • Account: Displays the managed account name.

    • Ticket Number: Displays the ticket number, if required.

    • Request For/Duration: Displays the date and time as well as the window of availability (for example, March 20, 2021 9:56 AM 2 hours).

  • Search: To see a list of searchable elements, click click (Search). For more information, see Search box.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação