Converse agora com nosso suporte
Chat com o suporte

One Identity Safeguard for Privileged Passwords 7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Adding a managed network

Use the Managed Networks page on the Cluster settings view to add managed networks, which can be used to distribute the task load in a clustered environment. It is the responsibility of the Appliance Administrator to define and maintain managed networks.

To add a managed network

  1. Go to Managed Networks:
    • web client: Navigate to Cluster > Managed Networks.
  2. Click Add.
  3. In the Managed Network dialog, provide the following information:
    1. Name: Enter the display name for the managed network. This may be the name of the Safeguard for Privileged Sessions Appliance used to authenticate the linked Safeguard for Privileged Sessions session connection.

      Limit: 50 characters

    2. Description: (Optional) Enter information about the managed network.

      Limit: 255 characters

    3. Subnets: Click Add to specify the subnets, or group of hosts, to be managed.

      Enter each subnet using CIDR notation. For example, 0.0.0.0/0.

      NOTE: You can add a subnet to only one managed network. You will receive an error if you attempt to add the same subnet to another managed network. If you are unsure if an IP address has already been associated with a managed network, use the Resolve Network search box. For more information, see Resolving IP address.

    4. Passwords Managed By: Select the appliances to be used to manage the specified subnets.

      NOTE: You do not need to specify an appliance when you initially define a managed network. You can use the Edit button to specify the managing appliance at a later time.

    5. Sessions Managed By: If applicable, select the Safeguard for Privileged Sessions appliance to associate with the managed network.
  4. Click OK to save your selections and add the managed network.

Deleting a managed network

To delete a managed network

  1. Go to Managed Networks:
    • web client: Navigate to Cluster > Managed Networks.
  2. Select the managed network to be deleted, click Delete.
  3. In the confirmation dialog, click Yes.

Resolving IP address

As an Appliance Administrator, you can use the Managed Networks page to search for an IP address within a managed network's list of subnets.

To find an IP address in a managed network

  1. Go to Managed Networks:
    • web client: Navigate to Cluster > Managed Networks.
  2. In the Resolve Network search box, type the IP address, and press Enter.

    The managed network that contains the subnet that most closely matches the IP address is highlighted. If there are no subnets that match the IP address, the Default Managed Network is highlighted.

Offline Workflow (automatic)

To reduce potential downtime, the Appliance Administrator can configure Offline Workflow Mode to be performed automatically. Offline Workflow Mode allows an appliance that has lost consensus (quorum) to operate in isolation from the cluster to process access requests using cached policy data.

To ensure the outage is not a short-lived outage, the default time before the appliance is automatically switched to Offline Workflow Mode is 15 minutes. The time threshold can be changed to five minutes or more.

If automatic Offline Workflow Mode is enabled, you can enable automatic Resume Online Workflow so the appliance automatically resumes online operations once consensus is restored. The minutes to wait after consensus is restored before automatically resuming online workflow defaults to 15 minutes. The time threshold can be changed to five minutes or more.

When Offline Workflow Mode settings are configured to run automatically, an Appliance Administrator can override the automatic settings and manually place an appliance in Offline Workflow Mode or manually restore an appliance to online workflow, as needed.

The user views status messages that clearly communicate the appliance state and the ability to request passwords and SSH keys.

For general information on Offline Workflow Mode, see About Offline Workflow Mode.

Go to Offline Workflow:

  • web client: Navigate to Cluster > Offline Workflow.

The Offline Workflow page displays the following information.

Table 40: Offline Workflow: Properties
Property Description

Enable Automatic Offline Workflow

  • To automatically place the appliance in Offline Workflow Mode when the appliance loses connection and cannot establish consensus.
  • Automatic Offline Workflow Threshold Minutes

    The number of minutes after consensus is lost before the appliance is automatically switched over to Offline Workflow Mode. The default is 15 minutes and can be changed to five minutes or more. The threshold set does not persist after a reboot.

    Automatic Resume Online Workflow
  • If you selected Enable Automatic Offline Workflow, you can select Automatic Resume Online Workflow so the appliance automatically resumes online operations once consensus is restored.
  • Automatic Resume Online Workflow Threshold The number of minutes after consensus is restored that the appliance is automatically switched over to online workflow. The default is 15 minutes and can be changed to five minutes or more.

    Use these toolbar buttons to define and maintain your managed networks.

    Table 41: Offline Workflow: Toolbar
    Option Description
    Refresh Updates the information displayed on the page
    Enable Offline Workflow Triggers Offline Workflow Mode
    Resume Online Operations Triggers moving the appliance from Offline Workflow Mode back to online operations
    Documentos relacionados

    The document was helpful.

    Selecione a classificação

    I easily found the information I needed.

    Selecione a classificação