Use the Send Test Event link located below the Syslog configuration table on the Syslog pane to verify your syslog server configuration. Navigate to Administrative Tools | Settings | External Integration | Syslog.
To validate your setup
- When configuring your syslog server, on the Syslog dialog add the test event.
- Back on the Syslog pane, select the syslog server configuration from the table, then select Send Test Event.
Safeguard for Privileged Passwords logs a test message to the designated syslog server.
You can integrate with an external ticketing system or use ticketing that is not configured with an external ticketing system. Tickets can be viewed in the Activity Center, Ticket # column.
Not integrated with an external ticketing system
Policy Administrators can require requesters to reference a ticket number in their password or session access request but not have the ticket validated against an external ticketing system but, optionally, may be validated against the regular expression of a generic ticketing system. The ticket number is used in the decision to approve the request.
Require a ticket number
- Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
- Click Add to add a ticket system.
- Provide the following:
-
Name: Enter a name to be used in tracking tickets.
-
Type: Select Other.
-
Regular Expression: Enter the regular expression pattern to validate for an exact match. For more information, see Regular expressions.
- Click Validate to validate the Regular Expression entry.
Ticket workflow
- The Policy Administrator creates an access request policy that requires the requester to provide a ticket number when creating an access request. For more information, see Creating an access request policy
- When the requester makes a request, they must enter a ticket number on the New Access Request dialog, Request Details tab, Ticket Number field. For more information, see Requesting a password release and Requesting session access.
- Safeguard for Privileged Passwords validates the ticket number against the regular expression. If the ticket number is an exact match to the regular expression, the workflow continues.
Integrated with an external ticketing system
Safeguard for Privileged Passwords allows you integrate with your company's external ticket system such as ServiceNow or Remedy. Workflow examples follow.
IMPORTANT: The data items specific to ServiceNow and Remedy (for example, Client ID, Client Secret, and Authentication String) may be optional based on your configuration.
ServiceNow integration workflow example
ServiceNow is a cloud-based issue tracking system. Safeguard for Privileged Passwords can exchange the following ticket types with ServiceNow:
- CHG (change) tickets
- RITM (request) tickets
- PRB (problem) tickets
To use ServiceNow, the root CA Certificate required for ServiceNow must be installed in Safeguard for Privileged Passwords. For more information, see Trusted Certificates. To add a trusted certificate, see Adding a trusted certificate.
Ticket workflow
- The Policy Administrator creates an access request policy that requires the requester to provide a ticket number when creating an access request. For more information, see Creating an access request policy
- When the requester makes a request, they must enter the existing ServiceNow ticket number on the New Access Request dialog, Request Details tab, Ticket Number field. For more information, see Requesting a password release and Requesting session access.
- Safeguard for Privileged Passwords queries all configured ticket systems to see if that ticket number represents a ticket that exists and is in an open state. For ServiceNow, Safeguard checks the Active property of the identified ticket returned from the ServiceNow API and considers the ticket number valid if the Active property is not false for that incident.
- If the ticket is not active, the request is denied.
- If the ticket is active, the access workflow continues.
Remedy integration workflow
The details in the ServiceNow integration workflow example apply to Remedy ticket systems except Remedy will have a different certificate and ticket types. Safeguard checks the Status property of the incident returned from the Remedy API. The ticket is considered valid if Status is not Closed or Cancelled.
Ticketing pane
Navigate to Administrative Tools | Settings | External Integration | Ticket Systems. The Ticket System pane displays the following about the ticket systems defined.
Ticketing toolbar
Use these toolbar buttons to manage the ticketing systems defined to integrate with Safeguard for Privileged Passwords.
- New: Add a new ticket system.
- Delete Selected: Remove the selected ticket system from Safeguard for Privileged Passwords.
- Refresh: Update the list of ticket systems.
- Edit: Modify the selected ticket system configuration.
To configure Safeguard for Privileged Passwords to integrate with an external ticket system
- Navigate to Administrative Tools | Settings | External Integration | Ticket Systems.
- Click Add to add a new ticket system.
- Provide the following:
-
Name: Enter the name of your ticketing system.
-
Type: Select the type of ticketing tracking system:
- ServiceNow: A cloud-based issue tracking system.
- Remedy: A request-for-service problem tracking system.
-
URL: Enter the web site address to the ticketing system.
-
User Name: Enter an account for Safeguard for Privileged Passwords to use to access the ticketing system.
-
Password: Enter the user account's password.
- Client Identifier: Enter the ServiceNow Client ID.
- Client Secret: Enter the ServiceNow secret key.
- Authentication String: Enter the authentication credential for the Remedy AR (Action Request) system server.
- Test Connection: Click Test Connection verify the connection works.
Safeguard for Privileged Passwords allows you to set the following notifications.
Navigate to Administrative Tools | Settings | Messaging.
Table 165: Messaging settings
Login Notification |
Where you enable a login banner that users must acknowledge before they can access Safeguard for Privileged Passwords |
Message of the Day |
Where you set the Message of the Day that displays on the Home page |
It is the responsibility of the Appliance Administrator to configure the login notification displayed when a user logs into One Identity Safeguard for Privileged Passwords.
To configure the login notification
- Navigate to Administrative Tools | Settings | Messaging | Login Notification.
- Select the Message check box and enter a message.
- Click OK.